run: 64)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000004c0)={'wpan0\x00', <r12=>0x0}) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000500)={'wpan4\x00', <r13=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan0\x00', <r14=>0x0})
sendmsg$NL802154_CMD_GET_SEC_KEY(r11, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x4c, r9, 0x102, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40004}, 0xc080)
sendmsg$NL802154_CMD_GET_SEC_KEY(r2, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000007c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="020027bd7000ffdbdf251600000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r10, @ANYBLOB="c028d2b2169b24405a544c870b3afe30abb4b44b62e099d28e1a40267928fd197d491130a2004df983b7790e760f97bc651b2adcb7e92e3671b2bd0e166c36bbbe4f031014c2e367f430ee25220a8590b9de32f1f067da60e16b9564975bc49eef3fb33b550000000000a8d6ca9328e6c47dac33a7f14bae55680d7d860ad5a55126c98564ccc050d9003c9fbc7457ac902865a87c57116a2018a8626fd7f3ac849171e1928cd4e1d4dbc51fb9c6c54b584b94a973a54a7f40cfa1e0437576ea8f47efbcbdab9a832db6c65ae250"], 0x24}, 0x1, 0x0, 0x0, 0x5713056d70a8ca6e}, 0x1)

12:01:53 executing program 4:
syz_open_dev$loop(0x0, 0x0, 0x300)

12:01:53 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) (async, rerun: 32)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (rerun: 32)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 4:
syz_open_dev$loop(0x0, 0x0, 0x300)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x290c00, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x2be, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000180))

12:01:53 executing program 4:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x2be, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000180))

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
connect$inet6(r1, 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x20000)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x4, 0x1, "ddef787ae6bf4a3e7f9efc4c3b684bf78c1ee5a564bb2d364efb8c4336a691a97257dda02ebdab0c517565794539e4f860ae2e7a62c0ff3c7d062d64d70427ee", "cc70dbd0af8d402f2b731ec98d702c2b9a944cba1a17a7e0b806cdf5dff3583146884768bdd80497e12daf8dfe0e72c67a07844a9a7b14e81a73085cebfa0b8e", "153463bf096e1a0b65102f615fef97d803d098ced4faee06a876fc95629fdd9b", [0x2, 0x6]})

12:01:53 executing program 4:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x290c00, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
read$watch_queue(r1, &(0x7f0000000140)=""/119, 0x77)
write$P9_RLOPEN(r0, &(0x7f0000000080)={0x18, 0xd, 0x2, {{0x8, 0x4, 0x3}, 0x1}}, 0x18)
syz_open_dev$loop(&(0x7f0000000040), 0x4, 0x244180)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x2be, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000180))

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/class/regulator', 0xb7549f6f8dad5096, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x56, 0x2, 0x3, 0x868, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
getpeername$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x48000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180))

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07) (async, rerun: 64)
connect$inet6(r1, 0x0, 0x0) (async, rerun: 64)
r3 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x20000)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x4, 0x1, "ddef787ae6bf4a3e7f9efc4c3b684bf78c1ee5a564bb2d364efb8c4336a691a97257dda02ebdab0c517565794539e4f860ae2e7a62c0ff3c7d062d64d70427ee", "cc70dbd0af8d402f2b731ec98d702c2b9a944cba1a17a7e0b806cdf5dff3583146884768bdd80497e12daf8dfe0e72c67a07844a9a7b14e81a73085cebfa0b8e", "153463bf096e1a0b65102f615fef97d803d098ced4faee06a876fc95629fdd9b", [0x2, 0x6]})

12:01:53 executing program 4:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
openat$cgroup_int(r3, &(0x7f0000000180)='blkio.throttle.read_iops_device\x00', 0x2, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000009c0), r2)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000009c0), r6)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r7, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x14, r8, 0x1}, 0x14}}, 0x0)
sendmsg$IEEE802154_SET_MACPARAMS(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r8, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x40}, @IEEE802154_ATTR_LBT_ENABLED={0x5, 0x22, 0x1}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0xd6}, @IEEE802154_ATTR_LBT_ENABLED={0x5, 0x22, 0x1}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x6}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0x6}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x67}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x5}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x20001000)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r4, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x14, r5, 0x1}, 0x14}}, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x60008004}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r5, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0xcf}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "a6856fe2e294a5f610167b38fea161abbb6e179af5684c04ce0298ba2c7bdaa8"}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x4084)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
futimesat(0xffffffffffffffff, &(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={{0x77359400}, {0x0, 0xea60}})
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), r7)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000380)={'wpan0\x00', <r10=>0x0})
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000004c0)={'wpan0\x00', <r12=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000500)={'wpan4\x00', <r13=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000540)={'wpan0\x00', <r14=>0x0})
sendmsg$NL802154_CMD_GET_SEC_KEY(r11, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x4c, r9, 0x102, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40004}, 0xc080)
sendmsg$NL802154_CMD_GET_SEC_KEY(r2, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000007c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="020027bd7000ffdbdf251600000008000300", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r10, @ANYBLOB="c028d2b2169b24405a544c870b3afe30abb4b44b62e099d28e1a40267928fd197d491130a2004df983b7790e760f97bc651b2adcb7e92e3671b2bd0e166c36bbbe4f031014c2e367f430ee25220a8590b9de32f1f067da60e16b9564975bc49eef3fb33b550000000000a8d6ca9328e6c47dac33a7f14bae55680d7d860ad5a55126c98564ccc050d9003c9fbc7457ac902865a87c57116a2018a8626fd7f3ac849171e1928cd4e1d4dbc51fb9c6c54b584b94a973a54a7f40cfa1e0437576ea8f47efbcbdab9a832db6c65ae250"], 0x24}, 0x1, 0x0, 0x0, 0x5713056d70a8ca6e}, 0x1)

12:01:53 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
read$watch_queue(r1, &(0x7f0000000140)=""/119, 0x77)
write$P9_RLOPEN(r0, &(0x7f0000000080)={0x18, 0xd, 0x2, {{0x8, 0x4, 0x3}, 0x1}}, 0x18) (async, rerun: 32)
syz_open_dev$loop(&(0x7f0000000040), 0x4, 0x244180) (rerun: 32)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/class/regulator', 0xb7549f6f8dad5096, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x56, 0x2, 0x3, 0x868, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/class/regulator', 0xb7549f6f8dad5096, 0x1) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x56, 0x2, 0x3, 0x868, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x15) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:53 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
getpeername$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x48000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180))
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
getpeername$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x48000, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180)) (async)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07) (async)
connect$inet6(r1, 0x0, 0x0) (async)
r3 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x20000)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x4, 0x1, "ddef787ae6bf4a3e7f9efc4c3b684bf78c1ee5a564bb2d364efb8c4336a691a97257dda02ebdab0c517565794539e4f860ae2e7a62c0ff3c7d062d64d70427ee", "cc70dbd0af8d402f2b731ec98d702c2b9a944cba1a17a7e0b806cdf5dff3583146884768bdd80497e12daf8dfe0e72c67a07844a9a7b14e81a73085cebfa0b8e", "153463bf096e1a0b65102f615fef97d803d098ced4faee06a876fc95629fdd9b", [0x2, 0x6]})

12:01:53 executing program 1:
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @auto=[0x12, 0x62, 0x63, 0x63, 0x35, 0x33, 0x35, 0x35, 0x33, 0x66, 0x56, 0x38, 0x38, 0x33, 0x37, 0x64]}, &(0x7f0000000100)={0x0, "65b2b6d60117336fa4fde6005e9c2cee99a36235d52d514bc987c21fa6949fd9df6b00c96d0980dbc27ea44573b47a773f3281acd7ea847728a8c90d7a5a52dc", 0x19}, 0x48, 0xfffffffffffffffb)
r0 = syz_open_dev$loop(&(0x7f00000002c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r2=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000300)={'wpan3\x00', <r3=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000340)={'wpan3\x00', <r4=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)={0x48, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3198325c285866d7}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000800}, 0x840)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), r1)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r5, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r6, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r7, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14255cca1e47a63a701d7c1d665e0fe1799cf51b7ae65f8e631c72aebef13db81ddd038f713e4e2c3e4b2cd132aeb83c3a646bcd968f31f9a3fd2789562be638b800098537b80138c7de452196ff2a20c51bbef8fc812b0611b20d5235c8232db6ba278d6dd1d97bbb5a131c06b3677adfcec5b5b72ec5cbab865865439c60924e8242c66cd5ac4472e0", @ANYRES16=0x0, @ANYBLOB="000428bd7000fedbdf250a00000006000900020000000c000600000000000000000008000300", @ANYRES32=r2, @ANYBLOB="8b1adf35a1c625073da7bed41529cbf57fad92b4f8aa7322dee01367698b1d17424b0f03f9df"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x200080d0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:53 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async, rerun: 64)
read$watch_queue(r1, &(0x7f0000000140)=""/119, 0x77) (async, rerun: 64)
write$P9_RLOPEN(r0, &(0x7f0000000080)={0x18, 0xd, 0x2, {{0x8, 0x4, 0x3}, 0x1}}, 0x18) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000040), 0x4, 0x244180) (rerun: 64)

12:01:53 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
getpeername$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000240), 0x48000, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180))

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/class/regulator', 0xb7549f6f8dad5096, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x56, 0x2, 0x3, 0x868, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x15) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.log\x00', 0x4182, 0x8)
openat$cgroup_procs(r1, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', r1, &(0x7f00000001c0)='./file0\x00', 0x5)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
getdents64(r1, 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8, 0x200, 0x3, 0xb0eb, 0x2]}, &(0x7f0000000100)=0x54)
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000007010012002f6465562f6c6f6f702d636f6e74726f6c00"], 0x1b)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.log\x00', 0x4182, 0x8)
openat$cgroup_procs(r1, &(0x7f0000000200)='tasks\x00', 0x2, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', r1, &(0x7f00000001c0)='./file0\x00', 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000240)=""/148, 0x94)
connect$inet6(r2, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x8, 0x200, 0x3, 0xb0eb, 0x2]}, &(0x7f0000000100)=0x54)
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000007010012002f6465562f6c6f6f702d636f6e74726f6c00"], 0x1b)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x109800, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r3, 0x8008551c, &(0x7f00000001c0)={0x51d3, 0xd, [{0x9, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0xa, 0x1}, {0xd, 0x1}, {0x8}, {0x3, 0x1}, {0xc}, {0xa, 0x1}, {0xc, 0x1}, {0xc, 0x1}, {0x6, 0x1}, {0x6, 0x1}]})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
getdents(r1, &(0x7f0000000080)=""/80, 0x50)
getdents(r1, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="bbf6a0ae4db8796fa8ec5d15a42c59088e6863b2bd2338730d5984e8eeb17f8fd2ffe1fc966c54c4be05bd117532026efa3f85690591d8e7f7b776e1a8c3aeadc8fdc9594cb9decbe7800295dc5ad17635c7547379d2", @ANYRES16=0x0, @ANYBLOB="200027bd7000ffdbdf250200000008000100030000000800010003000000480108801400078008000500a3b9c67e08000600ab0000001c000780080005007fd41c7f08000600fc000000080005002b878466140007800800050026325f540800050042f48c503c00078008000600d800000008000600f3000000080005005bbce05f08000500b9096b4a080005005cd02a6c080005004dc1e80d08000500c8c7222a3c00078008000600810000000800050022583a560800050035ae263f0800050081cef67f08000600b200000008000500cf1b5146080006001b00000024000780080005005d794005080006001200000008000500433c196c08000600650000001c000780080006004400000008000600b000000008000600040000002c00078008000500f5b9747508000600fa00000008000600da000000080005006e46496b08000500ad93d4411c0007800800050073e8f56008000600d10000000800050093295a3108000100020000001c000480050003000100000005000300010000000500030002000000b40008800c000780080005006c4f14673c00078008000600530000000800060009000000080005005fd1f52d08000500e21a8e42080006006c000000080006000d000000080005009a166b564c00078008000600080000000800050012e8011408000600c200000008000500de3f5a180800050023ef2b7808000500bddb745008000600de000000080005008c4c804708000600b00000001c000780080005000e5f2f1c080005004c910b7c08000600840000009c0008803c000780080006009400000008000600b1000000080005000dd1130b0800050013e0ed1408000500da8a4a3608000500413b221308000600f10000001400078008000500419d8a7a080005005e8a426d3c000780080006005d000000080006008c00000008000500ebbb596e080005007103cb02080006006300000008000600b1000000080005000d6630720c0007800800050061d0552a4c00048005000300050000000500030005000000050003000200000005000300020000000500030005000000050003000700000005000300020000000500030004000000050003000600000008000200020000000800010003000000"], 0x33c}}, 0x4040884)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
utimensat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={{r1, r2/1000+60000}}, 0x100)

12:01:53 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0xc00000, 0x40103)
execveat(r0, 0x0, &(0x7f00000001c0)=[&(0x7f0000000080)='\x00', &(0x7f0000000180)='/dev/vcsu#\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@private, @in6=@local}}, {{@in=@initdev}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 64)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async, rerun: 32)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x109800, 0x0) (rerun: 32)
ioctl$USBDEVFS_ALLOC_STREAMS(r3, 0x8008551c, &(0x7f00000001c0)={0x51d3, 0xd, [{0x9, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0xa, 0x1}, {0xd, 0x1}, {0x8}, {0x3, 0x1}, {0xc}, {0xa, 0x1}, {0xc, 0x1}, {0xc, 0x1}, {0x6, 0x1}, {0x6, 0x1}]})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x6)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:53 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
getdents(r1, &(0x7f0000000080)=""/80, 0x50)
getdents(r1, 0x0, 0x0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0) (async)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="bbf6a0ae4db8796fa8ec5d15a42c59088e6863b2bd2338730d5984e8eeb17f8fd2ffe1fc966c54c4be05bd117532026efa3f85690591d8e7f7b776e1a8c3aeadc8fdc9594cb9decbe7800295dc5ad17635c7547379d2", @ANYRES16=0x0, @ANYBLOB="200027bd7000ffdbdf250200000008000100030000000800010003000000480108801400078008000500a3b9c67e08000600ab0000001c000780080005007fd41c7f08000600fc000000080005002b878466140007800800050026325f540800050042f48c503c00078008000600d800000008000600f3000000080005005bbce05f08000500b9096b4a080005005cd02a6c080005004dc1e80d08000500c8c7222a3c00078008000600810000000800050022583a560800050035ae263f0800050081cef67f08000600b200000008000500cf1b5146080006001b00000024000780080005005d794005080006001200000008000500433c196c08000600650000001c000780080006004400000008000600b000000008000600040000002c00078008000500f5b9747508000600fa00000008000600da000000080005006e46496b08000500ad93d4411c0007800800050073e8f56008000600d10000000800050093295a3108000100020000001c000480050003000100000005000300010000000500030002000000b40008800c000780080005006c4f14673c00078008000600530000000800060009000000080005005fd1f52d08000500e21a8e42080006006c000000080006000d000000080005009a166b564c00078008000600080000000800050012e8011408000600c200000008000500de3f5a180800050023ef2b7808000500bddb745008000600de000000080005008c4c804708000600b00000001c000780080005000e5f2f1c080005004c910b7c08000600840000009c0008803c000780080006009400000008000600b1000000080005000dd1130b0800050013e0ed1408000500da8a4a3608000500413b221308000600f10000001400078008000500419d8a7a080005005e8a426d3c000780080006005d000000080006008c00000008000500ebbb596e080005007103cb02080006006300000008000600b1000000080005000d6630720c0007800800050061d0552a4c00048005000300050000000500030005000000050003000200000005000300020000000500030005000000050003000700000005000300020000000500030004000000050003000600000008000200020000000800010003000000"], 0x33c}}, 0x4040884) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0xc00000, 0x40103)
execveat(r0, 0x0, &(0x7f00000001c0)=[&(0x7f0000000080)='\x00', &(0x7f0000000180)='/dev/vcsu#\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@private, @in6=@local}}, {{@in=@initdev}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x109800, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r3, 0x8008551c, &(0x7f00000001c0)={0x51d3, 0xd, [{0x9, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0xa, 0x1}, {0xd, 0x1}, {0x8}, {0x3, 0x1}, {0xc}, {0xa, 0x1}, {0xc, 0x1}, {0xc, 0x1}, {0x6, 0x1}, {0x6, 0x1}]}) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (fail_nth: 1)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x6) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:53 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0xc00000, 0x40103)
execveat(r0, 0x0, &(0x7f00000001c0)=[&(0x7f0000000080)='\x00', &(0x7f0000000180)='/dev/vcsu#\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@private, @in6=@local}}, {{@in=@initdev}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8)

12:01:53 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
getdents(r1, &(0x7f0000000080)=""/80, 0x50)
getdents(r1, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="bbf6a0ae4db8796fa8ec5d15a42c59088e6863b2bd2338730d5984e8eeb17f8fd2ffe1fc966c54c4be05bd117532026efa3f85690591d8e7f7b776e1a8c3aeadc8fdc9594cb9decbe7800295dc5ad17635c7547379d2", @ANYRES16=0x0, @ANYBLOB="200027bd7000ffdbdf250200000008000100030000000800010003000000480108801400078008000500a3b9c67e08000600ab0000001c000780080005007fd41c7f08000600fc000000080005002b878466140007800800050026325f540800050042f48c503c00078008000600d800000008000600f3000000080005005bbce05f08000500b9096b4a080005005cd02a6c080005004dc1e80d08000500c8c7222a3c00078008000600810000000800050022583a560800050035ae263f0800050081cef67f08000600b200000008000500cf1b5146080006001b00000024000780080005005d794005080006001200000008000500433c196c08000600650000001c000780080006004400000008000600b000000008000600040000002c00078008000500f5b9747508000600fa00000008000600da000000080005006e46496b08000500ad93d4411c0007800800050073e8f56008000600d10000000800050093295a3108000100020000001c000480050003000100000005000300010000000500030002000000b40008800c000780080005006c4f14673c00078008000600530000000800060009000000080005005fd1f52d08000500e21a8e42080006006c000000080006000d000000080005009a166b564c00078008000600080000000800050012e8011408000600c200000008000500de3f5a180800050023ef2b7808000500bddb745008000600de000000080005008c4c804708000600b00000001c000780080005000e5f2f1c080005004c910b7c08000600840000009c0008803c000780080006009400000008000600b1000000080005000dd1130b0800050013e0ed1408000500da8a4a3608000500413b221308000600f10000001400078008000500419d8a7a080005005e8a426d3c000780080006005d000000080006008c00000008000500ebbb596e080005007103cb02080006006300000008000600b1000000080005000d6630720c0007800800050061d0552a4c00048005000300050000000500030005000000050003000200000005000300020000000500030005000000050003000700000005000300020000000500030004000000050003000600000008000200020000000800010003000000"], 0x33c}}, 0x4040884)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0) (async)
getdents(r1, &(0x7f0000000080)=""/80, 0x50) (async)
getdents(r1, 0x0, 0x0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0) (async)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="bbf6a0ae4db8796fa8ec5d15a42c59088e6863b2bd2338730d5984e8eeb17f8fd2ffe1fc966c54c4be05bd117532026efa3f85690591d8e7f7b776e1a8c3aeadc8fdc9594cb9decbe7800295dc5ad17635c7547379d2", @ANYRES16=0x0, @ANYBLOB="200027bd7000ffdbdf250200000008000100030000000800010003000000480108801400078008000500a3b9c67e08000600ab0000001c000780080005007fd41c7f08000600fc000000080005002b878466140007800800050026325f540800050042f48c503c00078008000600d800000008000600f3000000080005005bbce05f08000500b9096b4a080005005cd02a6c080005004dc1e80d08000500c8c7222a3c00078008000600810000000800050022583a560800050035ae263f0800050081cef67f08000600b200000008000500cf1b5146080006001b00000024000780080005005d794005080006001200000008000500433c196c08000600650000001c000780080006004400000008000600b000000008000600040000002c00078008000500f5b9747508000600fa00000008000600da000000080005006e46496b08000500ad93d4411c0007800800050073e8f56008000600d10000000800050093295a3108000100020000001c000480050003000100000005000300010000000500030002000000b40008800c000780080005006c4f14673c00078008000600530000000800060009000000080005005fd1f52d08000500e21a8e42080006006c000000080006000d000000080005009a166b564c00078008000600080000000800050012e8011408000600c200000008000500de3f5a180800050023ef2b7808000500bddb745008000600de000000080005008c4c804708000600b00000001c000780080005000e5f2f1c080005004c910b7c08000600840000009c0008803c000780080006009400000008000600b1000000080005000dd1130b0800050013e0ed1408000500da8a4a3608000500413b221308000600f10000001400078008000500419d8a7a080005005e8a426d3c000780080006005d000000080006008c00000008000500ebbb596e080005007103cb02080006006300000008000600b1000000080005000d6630720c0007800800050061d0552a4c00048005000300050000000500030005000000050003000200000005000300020000000500030005000000050003000700000005000300020000000500030004000000050003000600000008000200020000000800010003000000"], 0x33c}}, 0x4040884) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (fail_nth: 2)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x64000, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2231.971469][T11243] FAULT_INJECTION: forcing a failure.
[ 2231.971469][T11243] name failslab, interval 1, probability 0, space 0, times 0
[ 2231.984623][T11243] CPU: 1 PID: 11243 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2231.994850][T11243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2231.994854][T11243] Call Trace:
12:01:53 executing program 5:
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080))
write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x64000, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

[ 2231.994874][T11243]  dump_stack+0x1d8/0x241
[ 2231.994885][T11243]  ? panic+0x73e/0x73e
[ 2231.994894][T11243]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2231.994904][T11243]  ? __lru_cache_add+0x1bf/0x210
[ 2231.994915][T11243]  ? proc_fail_nth_read+0x220/0x220
[ 2231.994925][T11243]  should_fail+0x709/0x870
[ 2231.994935][T11243]  ? setup_fault_attr+0x3d0/0x3d0
[ 2231.994944][T11243]  ? check_preemption_disabled+0x9e/0x330
[ 2231.994954][T11243]  ? debug_smp_processor_id+0x20/0x20
[ 2231.994965][T11243]  ? getname_flags+0xb8/0x4e0
[ 2231.994974][T11243]  should_failslab+0x5/0x20
[ 2231.994982][T11243]  kmem_cache_alloc+0x24/0x210
[ 2231.994992][T11243]  getname_flags+0xb8/0x4e0
[ 2231.995000][T11243]  ? __sb_end_write+0xb5/0x100
[ 2231.995010][T11243]  do_sys_open+0x34e/0x7e0
[ 2231.995020][T11243]  ? file_open_root+0x4b0/0x4b0
[ 2231.995029][T11243]  ? debug_smp_processor_id+0x20/0x20
[ 2231.995041][T11243]  do_syscall_64+0xcb/0x1c0
[ 2231.995053][T11243]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.034197][T11264] FAULT_INJECTION: forcing a failure.
[ 2232.034197][T11264] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.034210][T11264] CPU: 1 PID: 11264 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2232.034216][T11264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2232.034219][T11264] Call Trace:
[ 2232.034236][T11264]  dump_stack+0x1d8/0x241
[ 2232.034246][T11264]  ? panic+0x73e/0x73e
[ 2232.034255][T11264]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2232.034268][T11264]  ? stack_trace_save+0x132/0x200
[ 2232.034278][T11264]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.034286][T11264]  should_fail+0x709/0x870
[ 2232.034296][T11264]  ? setup_fault_attr+0x3d0/0x3d0
[ 2232.034306][T11264]  ? __unwind_start+0x72f/0x8e0
[ 2232.034317][T11264]  ? __alloc_file+0x26/0x300
[ 2232.034325][T11264]  should_failslab+0x5/0x20
[ 2232.034334][T11264]  kmem_cache_alloc+0x24/0x210
[ 2232.034343][T11264]  __alloc_file+0x26/0x300
[ 2232.034353][T11264]  alloc_empty_file+0xa9/0x1b0
[ 2232.034364][T11264]  path_openat+0x116/0x3ea0
[ 2232.034376][T11264]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.034387][T11264]  ? stack_trace_save+0x132/0x200
[ 2232.034396][T11264]  ? _kstrtoull+0x399/0x4a0
[ 2232.034406][T11264]  ? kstrtouint_from_user+0x215/0x2b0
[ 2232.034415][T11264]  ? kstrtol_from_user+0x310/0x310
[ 2232.034425][T11264]  ? __kasan_kmalloc+0x1a5/0x1e0
[ 2232.034435][T11264]  ? do_filp_open+0x450/0x450
[ 2232.034442][T11264]  ? do_sys_open+0x34e/0x7e0
[ 2232.034450][T11264]  ? do_syscall_64+0xcb/0x1c0
[ 2232.034459][T11264]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.034472][T11264]  do_filp_open+0x208/0x450
[ 2232.034482][T11264]  ? vfs_tmpfile+0x280/0x280
[ 2232.034494][T11264]  ? _raw_spin_unlock+0x49/0x60
[ 2232.034502][T11264]  ? __alloc_fd+0x4e0/0x580
[ 2232.034512][T11264]  do_sys_open+0x393/0x7e0
[ 2232.034521][T11264]  ? file_open_root+0x4b0/0x4b0
[ 2232.034530][T11264]  ? debug_smp_processor_id+0x20/0x20
12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x20, 0x3)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000002c0)='./file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x2)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400080b4}, 0x200080c4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
mknodat(r1, &(0x7f0000000380)='./file0\x00', 0x100, 0x9d)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (fail_nth: 3)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async, rerun: 32)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) (rerun: 32)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x6) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:53 executing program 5:
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080)) (async)
write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x64000, 0x0) (async, rerun: 64)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:53 executing program 5:
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000080))
write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
read$watch_queue(r3, &(0x7f0000000000)=""/8, 0x8)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2232.034540][T11264]  do_syscall_64+0xcb/0x1c0
[ 2232.034550][T11264]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.354763][T11280] FAULT_INJECTION: forcing a failure.
[ 2232.354763][T11280] name failslab, interval 1, probability 0, space 0, times 0
12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (fail_nth: 4)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x20, 0x3)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000002c0)='./file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x2)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400080b4}, 0x200080c4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
mknodat(r1, &(0x7f0000000380)='./file0\x00', 0x100, 0x9d)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x20, 0x3) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) (async)
renameat2(r1, &(0x7f00000002c0)='./file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x2) (async)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400080b4}, 0x200080c4) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
mknodat(r1, &(0x7f0000000380)='./file0\x00', 0x100, 0x9d) (async)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

[ 2232.367699][T11280] CPU: 1 PID: 11280 Comm: syz-executor.1 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2232.367706][T11280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2232.367709][T11280] Call Trace:
[ 2232.367725][T11280]  dump_stack+0x1d8/0x241
[ 2232.367736][T11280]  ? panic+0x73e/0x73e
[ 2232.367745][T11280]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2232.367756][T11280]  should_fail+0x709/0x870
12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:01:53 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x3, 0x1, 0x14, 0x10, "0709e4af7d7c48cb30d4cadaf1d19c3ac3f36e5fce26ede2a03590b2b52b5f8a650ab1dce0b04cdc0ddc1ea1f3112f1361bb1497cb9b76234e4e19307b382734", "00ec3c0900000000000000c369f0f51a951a190b97c5375241aa4fcdb0a9903d", [0x5, 0x3]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00000003c0)={0x200, {{0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xfff}}}, 0x88)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000200))
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000140)=&(0x7f0000000100))
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x41a000, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x2, r3})

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
read$watch_queue(r3, &(0x7f0000000000)=""/8, 0x8) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2232.367766][T11280]  ? setup_fault_attr+0x3d0/0x3d0
[ 2232.367778][T11280]  ? security_file_alloc+0x24/0x140
[ 2232.367786][T11280]  should_failslab+0x5/0x20
[ 2232.367794][T11280]  kmem_cache_alloc+0x24/0x210
[ 2232.367805][T11280]  security_file_alloc+0x24/0x140
[ 2232.367816][T11280]  __alloc_file+0xb0/0x300
[ 2232.367826][T11280]  alloc_empty_file+0xa9/0x1b0
[ 2232.367836][T11280]  path_openat+0x116/0x3ea0
[ 2232.367847][T11280]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.367858][T11280]  ? stack_trace_save+0x132/0x200
[ 2232.367867][T11280]  ? _kstrtoull+0x399/0x4a0
[ 2232.367876][T11280]  ? kstrtouint_from_user+0x215/0x2b0
[ 2232.367884][T11280]  ? kstrtol_from_user+0x310/0x310
[ 2232.367893][T11280]  ? __kasan_kmalloc+0x1a5/0x1e0
[ 2232.367904][T11280]  ? do_filp_open+0x450/0x450
[ 2232.367911][T11280]  ? do_sys_open+0x34e/0x7e0
[ 2232.367919][T11280]  ? do_syscall_64+0xcb/0x1c0
12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10000}, [@func={0x85, 0x0, 0x1, 0x0, 0x8}, @exit, @ldst={0x2, 0x3, 0x0, 0x2, 0x6, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x1b, &(0x7f0000000280)=""/27, 0x41000, 0x4, '\x00', 0x0, 0x18, r1, 0x8, &(0x7f00000002c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x2, 0xff, 0xfd70}, 0x10}, 0x80)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000100))
r2 = syz_open_dev$vcsu(&(0x7f00000001c0), 0x9, 0x400140)
ioctl$LOOP_CLR_FD(r2, 0x4c01)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80880)
write$P9_RVERSION(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="15000000aa5cff040000302e653447108a81986a17c2f168f6a60b34531a4975443328476d078ba05cbb1a81e6a4b5d48e85081f6abae2e8733da1e09f8180489420e9caa5e0ede4af056d499c9fa553b1f9f682b0914b58893fb8d1b10f2b8c87c084fa32421195ee3aae04eddceca59273970000000000000000"], 0x15)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x20, 0x3) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000002c0)='./file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x2) (async)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400080b4}, 0x200080c4) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
mknodat(r1, &(0x7f0000000380)='./file0\x00', 0x100, 0x9d)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x300)

12:01:53 executing program 4:
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:53 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x3, 0x1, 0x14, 0x10, "0709e4af7d7c48cb30d4cadaf1d19c3ac3f36e5fce26ede2a03590b2b52b5f8a650ab1dce0b04cdc0ddc1ea1f3112f1361bb1497cb9b76234e4e19307b382734", "00ec3c0900000000000000c369f0f51a951a190b97c5375241aa4fcdb0a9903d", [0x5, 0x3]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00000003c0)={0x200, {{0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xfff}}}, 0x88)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000200)) (async)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000140)=&(0x7f0000000100))
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x41a000, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x2, r3})

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
read$watch_queue(r3, &(0x7f0000000000)=""/8, 0x8)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000180), 0x80) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
read$watch_queue(r3, &(0x7f0000000000)=""/8, 0x8) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
socket$igmp6(0xa, 0x3, 0x2) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10000}, [@func={0x85, 0x0, 0x1, 0x0, 0x8}, @exit, @ldst={0x2, 0x3, 0x0, 0x2, 0x6, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x1b, &(0x7f0000000280)=""/27, 0x41000, 0x4, '\x00', 0x0, 0x18, r1, 0x8, &(0x7f00000002c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x2, 0xff, 0xfd70}, 0x10}, 0x80) (async, rerun: 32)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000100)) (async, rerun: 32)
r2 = syz_open_dev$vcsu(&(0x7f00000001c0), 0x9, 0x400140)
ioctl$LOOP_CLR_FD(r2, 0x4c01) (async)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80880)
write$P9_RVERSION(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="15000000aa5cff040000302e653447108a81986a17c2f168f6a60b34531a4975443328476d078ba05cbb1a81e6a4b5d48e85081f6abae2e8733da1e09f8180489420e9caa5e0ede4af056d499c9fa553b1f9f682b0914b58893fb8d1b10f2b8c87c084fa32421195ee3aae04eddceca59273970000000000000000"], 0x15)

12:01:53 executing program 4:
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

[ 2232.367929][T11280]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2232.367942][T11280]  do_filp_open+0x208/0x450
[ 2232.367952][T11280]  ? vfs_tmpfile+0x280/0x280
[ 2232.367966][T11280]  ? _raw_spin_unlock+0x49/0x60
[ 2232.367974][T11280]  ? __alloc_fd+0x4e0/0x580
[ 2232.367984][T11280]  do_sys_open+0x393/0x7e0
[ 2232.367993][T11280]  ? file_open_root+0x4b0/0x4b0
[ 2232.368002][T11280]  ? debug_smp_processor_id+0x20/0x20
[ 2232.368014][T11280]  do_syscall_64+0xcb/0x1c0
[ 2232.368025][T11280]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:53 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x3, 0x1, 0x14, 0x10, "0709e4af7d7c48cb30d4cadaf1d19c3ac3f36e5fce26ede2a03590b2b52b5f8a650ab1dce0b04cdc0ddc1ea1f3112f1361bb1497cb9b76234e4e19307b382734", "00ec3c0900000000000000c369f0f51a951a190b97c5375241aa4fcdb0a9903d", [0x5, 0x3]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00000003c0)={0x200, {{0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xfff}}}, 0x88) (async)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000200)) (async)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000140)=&(0x7f0000000100))
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) (async)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x41a000, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x2, r3})

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x300)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6ad9e9780c21c158f598022f9e127cf961fc6bf8ff684126f0988aa8e393552ec7edd81b", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
socket$igmp6(0xa, 0x3, 0x2)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10000}, [@func={0x85, 0x0, 0x1, 0x0, 0x8}, @exit, @ldst={0x2, 0x3, 0x0, 0x2, 0x6, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x1b, &(0x7f0000000280)=""/27, 0x41000, 0x4, '\x00', 0x0, 0x18, r1, 0x8, &(0x7f00000002c0)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x2, 0xff, 0xfd70}, 0x10}, 0x80)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000100))
r2 = syz_open_dev$vcsu(&(0x7f00000001c0), 0x9, 0x400140)
ioctl$LOOP_CLR_FD(r2, 0x4c01)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80880)
write$P9_RVERSION(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="15000000aa5cff040000302e653447108a81986a17c2f168f6a60b34531a4975443328476d078ba05cbb1a81e6a4b5d48e85081f6abae2e8733da1e09f8180489420e9caa5e0ede4af056d499c9fa553b1f9f682b0914b58893fb8d1b10f2b8c87c084fa32421195ee3aae04eddceca59273970000000000000000"], 0x15)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/event_source', 0xc4c1eea5cc059865, 0x10)
pipe2$watch_queue(&(0x7f00000001c0), 0x80)
write$cgroup_int(r1, &(0x7f0000000200)=0x82, 0x4e)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x300)

12:01:53 executing program 4:
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6ad9e9780c21c158f598022f9e127cf961fc6bf8ff684126f0988aa8e393552ec7edd81b", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:53 executing program 5:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan4\x00'})
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2a0001)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x80)

12:01:53 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:53 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x10, 0x300)

12:01:53 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/event_source', 0xc4c1eea5cc059865, 0x10) (async)
pipe2$watch_queue(&(0x7f00000001c0), 0x80)
write$cgroup_int(r1, &(0x7f0000000200)=0x82, 0x4e) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:53 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6ad9e9780c21c158f598022f9e127cf961fc6bf8ff684126f0988aa8e393552ec7edd81b", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:53 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)

12:01:54 executing program 5:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan4\x00'}) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2a0001) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x80)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x300, 0x300)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 5:
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan4\x00'})
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2a0001) (async, rerun: 32)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x80) (rerun: 32)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/event_source', 0xc4c1eea5cc059865, 0x10)
pipe2$watch_queue(&(0x7f00000001c0), 0x80) (async)
write$cgroup_int(r1, &(0x7f0000000200)=0x82, 0x4e) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_GET_CAPABILITIES(r2, 0x8004551a, &(0x7f0000000180))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 5:
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c)
setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f00000000c0)=0x1, 0x4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.log\x00', 0x40, 0x1)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2041)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x37410719, 0x40800)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000080)={r2, 0x7, {0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x6, 0x15, 0x10, "6c2d3222fe39c6d280358665b473cce1b2636b69f0aaedd011109d386b1837157b91f57a81fca3031b4b2ce06b5e4c0e9624bedc6f63c0d4bfe30ef2f074887e", "36bcc50e0a0755424c3bc61b337e466df6082635d878d720f19b69e2cf8aaab4527717c5c7726d2de57eca9a3af5eac6efb21d2a31e101d73f11eea51e2a7e29", "b8b42f5d8cec248e22b80809073f2ff0e735b1c3cba1e1ed866edfe38ae4e5ad", [0x9]}})
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 3:
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0xd0c00, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f0000000140)=[&(0x7f0000000080)='@', &(0x7f0000000000)='/dev/loop-control\x00', &(0x7f0000000100)='@'], &(0x7f0000000140), 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000300))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000040)='./file0\x00', 0x0, 0x4}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
read$watch_queue(0xffffffffffffffff, &(0x7f0000000180)=""/221, 0xdd)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
write$P9_RFLUSH(r1, &(0x7f0000000380)={0x7, 0x6d, 0x1}, 0x7)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x408, 0x300)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$USBDEVFS_GET_CAPABILITIES(r2, 0x8004551a, &(0x7f0000000180)) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 5:
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c)
setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f00000000c0)=0x1, 0x4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.log\x00', 0x40, 0x1)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

12:01:54 executing program 3:
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0xd0c00, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f0000000140)=[&(0x7f0000000080)='@', &(0x7f0000000000)='/dev/loop-control\x00', &(0x7f0000000100)='@'], &(0x7f0000000140), 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000300))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000040)='./file0\x00', 0x0, 0x4}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
read$watch_queue(0xffffffffffffffff, &(0x7f0000000180)=""/221, 0xdd)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
write$P9_RFLUSH(r1, &(0x7f0000000380)={0x7, 0x6d, 0x1}, 0x7)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0xd0c00, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffff9c, 0x0, &(0x7f0000000140)=[&(0x7f0000000080)='@', &(0x7f0000000000)='/dev/loop-control\x00', &(0x7f0000000100)='@'], &(0x7f0000000140), 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000300)) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000040)='./file0\x00', 0x0, 0x4}, 0x10) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
read$watch_queue(0xffffffffffffffff, &(0x7f0000000180)=""/221, 0xdd) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async)
write$P9_RFLUSH(r1, &(0x7f0000000380)={0x7, 0x6d, 0x1}, 0x7) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 5:
r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c)
setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f00000000c0)=0x1, 0x4) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.log\x00', 0x40, 0x1)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2041) (async, rerun: 32)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x37410719, 0x40800)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000080)={r2, 0x7, {0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x6, 0x15, 0x10, "6c2d3222fe39c6d280358665b473cce1b2636b69f0aaedd011109d386b1837157b91f57a81fca3031b4b2ce06b5e4c0e9624bedc6f63c0d4bfe30ef2f074887e", "36bcc50e0a0755424c3bc61b337e466df6082635d878d720f19b69e2cf8aaab4527717c5c7726d2de57eca9a3af5eac6efb21d2a31e101d73f11eea51e2a7e29", "b8b42f5d8cec248e22b80809073f2ff0e735b1c3cba1e1ed866edfe38ae4e5ad", [0x9]}}) (async, rerun: 32)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (rerun: 32)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x804, 0x300)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x1f00, 0x300)

12:01:54 executing program 3:
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) (async)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0xd0c00, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffff9c, 0x0, &(0x7f0000000140)=[&(0x7f0000000080)='@', &(0x7f0000000000)='/dev/loop-control\x00', &(0x7f0000000100)='@'], &(0x7f0000000140), 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000300))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000040)='./file0\x00', 0x0, 0x4}, 0x10) (async)
socket$inet_udplite(0x2, 0x2, 0x88)
read$watch_queue(0xffffffffffffffff, &(0x7f0000000180)=""/221, 0xdd)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
write$P9_RFLUSH(r1, &(0x7f0000000380)={0x7, 0x6d, 0x1}, 0x7) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xa8a3, 0x0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2041) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x37410719, 0x40800)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000080)={r2, 0x7, {0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x6, 0x15, 0x10, "6c2d3222fe39c6d280358665b473cce1b2636b69f0aaedd011109d386b1837157b91f57a81fca3031b4b2ce06b5e4c0e9624bedc6f63c0d4bfe30ef2f074887e", "36bcc50e0a0755424c3bc61b337e466df6082635d878d720f19b69e2cf8aaab4527717c5c7726d2de57eca9a3af5eac6efb21d2a31e101d73f11eea51e2a7e29", "b8b42f5d8cec248e22b80809073f2ff0e735b1c3cba1e1ed866edfe38ae4e5ad", [0x9]}}) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_GET_CAPABILITIES(r2, 0x8004551a, &(0x7f0000000180))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$USBDEVFS_GET_CAPABILITIES(r2, 0x8004551a, &(0x7f0000000180)) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xa8a3, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x2000, 0x300)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r1, 0x6, 0x21, 0x0, &(0x7f0000000240))
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x10101)
syz_open_dev$loop(&(0x7f0000000000), 0x9, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', 0x0, 0x4}, 0x10)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xa8a3, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0xa8a3, 0x0) (async)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x4000, 0x300)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x20, 0x3, 0x6, 0x40, r1, 0xf91, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3, 0x7}, 0x48)
getgid()
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
linkat(r4, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x200)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x10101)
syz_open_dev$loop(&(0x7f0000000000), 0x9, 0x0) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', 0x0, 0x4}, 0x10)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r1, 0x6, 0x21, 0x0, &(0x7f0000000240)) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x20, 0x3, 0x6, 0x40, r1, 0xf91, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3, 0x7}, 0x48) (async, rerun: 32)
getgid() (rerun: 32)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
linkat(r4, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x200) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="e217f4c8d77d4719"}})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
statx(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, &(0x7f0000000100))
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000200)={0x9e48, 0x15, [{0x3, 0x1}, {0xb, 0x1}, {0x7, 0x1}, {0x6}, {0xe, 0x1}, {0x6}, {0x3}, {0x4}, {0x6, 0x1}, {0x8}, {0x3, 0x1}, {0x5}, {0x7}, {0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x6, 0x1}, {0x0, 0x1}, {0xb, 0x1}, {0x4}, {0xb, 0x1}]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r1, 0x6, 0x21, 0x0, &(0x7f0000000240)) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x20, 0x3, 0x6, 0x40, r1, 0xf91, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3, 0x7}, 0x48)
getgid()
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
linkat(r4, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x200)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x20, 0x3, 0x6, 0x40, r1, 0xf91, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3, 0x7}, 0x48) (async)
getgid() (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
linkat(r4, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x200) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:54 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="e217f4c8d77d4719"}})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
statx(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, &(0x7f0000000100))
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000200)={0x9e48, 0x15, [{0x3, 0x1}, {0xb, 0x1}, {0x7, 0x1}, {0x6}, {0xe, 0x1}, {0x6}, {0x3}, {0x4}, {0x6, 0x1}, {0x8}, {0x3, 0x1}, {0x5}, {0x7}, {0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x6, 0x1}, {0x0, 0x1}, {0xb, 0x1}, {0x4}, {0xb, 0x1}]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) (async)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="e217f4c8d77d4719"}}) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
statx(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, &(0x7f0000000100)) (async)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000200)={0x9e48, 0x15, [{0x3, 0x1}, {0xb, 0x1}, {0x7, 0x1}, {0x6}, {0xe, 0x1}, {0x6}, {0x3}, {0x4}, {0x6, 0x1}, {0x8}, {0x3, 0x1}, {0x5}, {0x7}, {0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x6, 0x1}, {0x0, 0x1}, {0xb, 0x1}, {0x4}, {0xb, 0x1}]}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) (async)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x10101) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x9, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async, rerun: 32)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', 0x0, 0x4}, 0x10) (rerun: 32)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x200000, 0x300)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 5:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="e217f4c8d77d4719"}}) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
statx(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, &(0x7f0000000100)) (async)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000200)={0x9e48, 0x15, [{0x3, 0x1}, {0xb, 0x1}, {0x7, 0x1}, {0x6}, {0xe, 0x1}, {0x6}, {0x3}, {0x4}, {0x6, 0x1}, {0x8}, {0x3, 0x1}, {0x5}, {0x7}, {0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x6, 0x1}, {0x0, 0x1}, {0xb, 0x1}, {0x4}, {0xb, 0x1}]}) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x20000)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2}, 0x20)

12:01:54 executing program 3:
clock_gettime(0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
futimesat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {r0, r1/1000+60000}})
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=[&(0x7f0000000000)='-/\x00', &(0x7f0000000080)='/dev/loop-control\x00'], &(0x7f0000000140), 0xffd)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x4c81, 0x0)

12:01:54 executing program 4:
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x2, 0x2000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

12:01:54 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
pipe2$watch_queue(&(0x7f0000000040), 0x80)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x1000000, 0x300)

12:01:54 executing program 3:
clock_gettime(0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
futimesat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {r0, r1/1000+60000}})
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=[&(0x7f0000000000)='-/\x00', &(0x7f0000000080)='/dev/loop-control\x00'], &(0x7f0000000140), 0xffd)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x4c81, 0x0)
clock_gettime(0x0, &(0x7f0000000140)) (async)
futimesat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {r0, r1/1000+60000}}) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=[&(0x7f0000000000)='-/\x00', &(0x7f0000000080)='/dev/loop-control\x00'], &(0x7f0000000140), 0xffd) (async)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x4c81, 0x0) (async)

12:01:54 executing program 4:
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x20000) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2}, 0x20)

12:01:54 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
pipe2$watch_queue(&(0x7f0000000040), 0x80)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
getsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x2, 0x2000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000040), 0x2, 0x2000) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0) (async)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x2000000, 0x300)

12:01:54 executing program 3:
clock_gettime(0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
futimesat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {r0, r1/1000+60000}})
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=[&(0x7f0000000000)='-/\x00', &(0x7f0000000080)='/dev/loop-control\x00'], &(0x7f0000000140), 0xffd)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x4c81, 0x0)
clock_gettime(0x0, &(0x7f0000000140)) (async)
futimesat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={{0x0, 0x2710}, {r0, r1/1000+60000}}) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=[&(0x7f0000000000)='-/\x00', &(0x7f0000000080)='/dev/loop-control\x00'], &(0x7f0000000140), 0xffd) (async)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x4c81, 0x0) (async)

12:01:54 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
pipe2$watch_queue(&(0x7f0000000040), 0x80) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
getsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x3000000, 0x300)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x20000)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x20000) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2}, 0x20) (async)

12:01:54 executing program 4:
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x2, 0x2000)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x4000000, 0x300)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x8040000, 0x300)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getpeername$netlink(r1, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2) (async)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20) (async)
write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7) (async)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x10000000, 0x300)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getpeername$netlink(r1, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
getpeername$netlink(r1, &(0x7f0000000180), &(0x7f00000001c0)=0xc) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x2)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x1f000000, 0x300)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x80)
r3 = openat$incfs(r1, &(0x7f00000001c0)='.log\x00', 0x8400, 0x19)
ioctl$LOOP_SET_FD(r2, 0x4c00, r3)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000080))

[ 2233.243717][   T22] audit: type=1400 audit(6694920114.549:193): avc:  denied  { write } for  pid=11609 comm="syz-executor.3" path="socket:[1020686]" dev="sockfs" ino=1020686 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
getpeername$netlink(r1, &(0x7f0000000180), &(0x7f00000001c0)=0xc) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xc6f, 0x88, 0x0, 0x3, 0xc, 0x14, "c77d43a539ccdf11011490232e20739abae4ff08e694d5c9a1d486ff98e591377a2191f36fb93cd5d08ded02fff8525258c29c8b79ba4400c95bb277a3b3be44", "044231d71c9c7343d0367cc92d2a9da4f273771da5227bc694db841df1a7412e00a94c828efe8d068b86e0ba1e26a946474ffa0e118bd059f7a45871611db09c", "17c44380f61382918c0dd06d91e48fd903aa925bed00e89d5625f20c912b1dc3", [0x2, 0x6]})

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7) (async)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400) (async, rerun: 32)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async, rerun: 32)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x40000000, 0x300)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xc6f, 0x88, 0x0, 0x3, 0xc, 0x14, "c77d43a539ccdf11011490232e20739abae4ff08e694d5c9a1d486ff98e591377a2191f36fb93cd5d08ded02fff8525258c29c8b79ba4400c95bb277a3b3be44", "044231d71c9c7343d0367cc92d2a9da4f273771da5227bc694db841df1a7412e00a94c828efe8d068b86e0ba1e26a946474ffa0e118bd059f7a45871611db09c", "17c44380f61382918c0dd06d91e48fd903aa925bed00e89d5625f20c912b1dc3", [0x2, 0x6]})

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000180)='\x82\x05\xc7\xc6\xb9C\x86\x92O\xf9\xa0B\x98g\xb2\xcdQ\xb4~\xaf\xd74P_H\xab\xd7:\xba\xeb\xa4\xe7\xaa\xc1^f\'~\x9f\xb7#y\x1c\x81gx\xbb\xf20\xba^\xe5\xbc\xeb\xee\xe41\xc34\xfe\'\xa2/\x1d\xf8nC\x7f\xff\x87\xb2\xdc\bF3\x03\x0e>4\xf0\xb4b)\xeeS\x9f\x97(th\x894\x14>\xb6r\r~\r\x1c\x93\xe5\xbc\x86\xc1\x9b\x1d\x95\xba\xdf\f\x117\x9a\x12\xd4T\x8d&\xeb\xc6G\xc7\x1c8\x8b'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x69, 0x1, {0x2, 0x1, 0x1}}, 0x14)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x80)
r3 = openat$incfs(r1, &(0x7f00000001c0)='.log\x00', 0x8400, 0x19)
ioctl$LOOP_SET_FD(r2, 0x4c00, r3)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000080))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000040), 0x80) (async)
syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x80) (async)
openat$incfs(r1, &(0x7f00000001c0)='.log\x00', 0x8400, 0x19) (async)
ioctl$LOOP_SET_FD(r2, 0x4c00, r3) (async)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000080)) (async)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xf6ffffff, 0x300)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xc6f, 0x88, 0x0, 0x3, 0xc, 0x14, "c77d43a539ccdf11011490232e20739abae4ff08e694d5c9a1d486ff98e591377a2191f36fb93cd5d08ded02fff8525258c29c8b79ba4400c95bb277a3b3be44", "044231d71c9c7343d0367cc92d2a9da4f273771da5227bc694db841df1a7412e00a94c828efe8d068b86e0ba1e26a946474ffa0e118bd059f7a45871611db09c", "17c44380f61382918c0dd06d91e48fd903aa925bed00e89d5625f20c912b1dc3", [0x2, 0x6]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xc6f, 0x88, 0x0, 0x3, 0xc, 0x14, "c77d43a539ccdf11011490232e20739abae4ff08e694d5c9a1d486ff98e591377a2191f36fb93cd5d08ded02fff8525258c29c8b79ba4400c95bb277a3b3be44", "044231d71c9c7343d0367cc92d2a9da4f273771da5227bc694db841df1a7412e00a94c828efe8d068b86e0ba1e26a946474ffa0e118bd059f7a45871611db09c", "17c44380f61382918c0dd06d91e48fd903aa925bed00e89d5625f20c912b1dc3", [0x2, 0x6]}) (async)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x4c80, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = accept$inet6(r2, &(0x7f0000000480)={0xa, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000500)={0x2c, 0x13, '\x00', [@generic={0x7f, 0x99, "6d7f74321daceec91df06f03535ccf9feb4f4978aeabee89cc69c614682618e72bdb7e9fcbd41f0060feebe7226d38b1fe3452fecf05db3585dccafdaeeab421b54d3cc209c423828d873751ba9113540707724d7e405d7e9d10fa7fbdb431a195e97d964e9b320e99a32b008f647fdad515edf238269ca665fa870069b4beed9b89d8540fa4f54ff1c1fcfc25415164e43a27d5a8a04d4623"}]}, 0xa8)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
r6 = openat$incfs(r2, &(0x7f0000000380)='.log\x00', 0x400, 0x176)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r7, 0x0, 0x0)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r8, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xb, 0x4, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1000}, @jmp={0x5, 0x0, 0x7, 0x9, 0xb, 0x18}, @ldst={0x2, 0x1, 0x2, 0x6, 0x4, 0xfffffffffffffff0, 0x1}], &(0x7f00000001c0)='GPL\x00', 0x8, 0xe3, &(0x7f0000000200)=""/227, 0x41100, 0x8, '\x00', 0x0, 0xf, r3, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xe, 0x9, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f00000003c0)=[r5, r1, r1, r6, r2, r7, r1, r2, r0, r8]}, 0x80)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f00000005c0)=0x4, 0x4)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 5:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000180)='\x82\x05\xc7\xc6\xb9C\x86\x92O\xf9\xa0B\x98g\xb2\xcdQ\xb4~\xaf\xd74P_H\xab\xd7:\xba\xeb\xa4\xe7\xaa\xc1^f\'~\x9f\xb7#y\x1c\x81gx\xbb\xf20\xba^\xe5\xbc\xeb\xee\xe41\xc34\xfe\'\xa2/\x1d\xf8nC\x7f\xff\x87\xb2\xdc\bF3\x03\x0e>4\xf0\xb4b)\xeeS\x9f\x97(th\x894\x14>\xb6r\r~\r\x1c\x93\xe5\xbc\x86\xc1\x9b\x1d\x95\xba\xdf\f\x117\x9a\x12\xd4T\x8d&\xeb\xc6G\xc7\x1c8\x8b'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x69, 0x1, {0x2, 0x1, 0x1}}, 0x14)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x80) (async, rerun: 64)
r3 = openat$incfs(r1, &(0x7f00000001c0)='.log\x00', 0x8400, 0x19) (rerun: 64)
ioctl$LOOP_SET_FD(r2, 0x4c00, r3) (async, rerun: 64)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000080)) (rerun: 64)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xfeffffff, 0x300)

12:01:54 executing program 5:
socket$igmp6(0xa, 0x3, 0x2) (async, rerun: 32)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) (rerun: 32)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 5:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) (async)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x10) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffff6, 0x300)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async, rerun: 64)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = accept$inet6(r2, &(0x7f0000000480)={0xa, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000500)={0x2c, 0x13, '\x00', [@generic={0x7f, 0x99, "6d7f74321daceec91df06f03535ccf9feb4f4978aeabee89cc69c614682618e72bdb7e9fcbd41f0060feebe7226d38b1fe3452fecf05db3585dccafdaeeab421b54d3cc209c423828d873751ba9113540707724d7e405d7e9d10fa7fbdb431a195e97d964e9b320e99a32b008f647fdad515edf238269ca665fa870069b4beed9b89d8540fa4f54ff1c1fcfc25415164e43a27d5a8a04d4623"}]}, 0xa8) (async, rerun: 64)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r5, 0x0, 0x0)
r6 = openat$incfs(r2, &(0x7f0000000380)='.log\x00', 0x400, 0x176)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r7, 0x0, 0x0)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r8, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xb, 0x4, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1000}, @jmp={0x5, 0x0, 0x7, 0x9, 0xb, 0x18}, @ldst={0x2, 0x1, 0x2, 0x6, 0x4, 0xfffffffffffffff0, 0x1}], &(0x7f00000001c0)='GPL\x00', 0x8, 0xe3, &(0x7f0000000200)=""/227, 0x41100, 0x8, '\x00', 0x0, 0xf, r3, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xe, 0x9, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f00000003c0)=[r5, r1, r1, r6, r2, r7, r1, r2, r0, r8]}, 0x80) (async)
connect$inet6(r2, 0x0, 0x0) (async)
setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f00000005c0)=0x4, 0x4) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffe, 0x300)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000180)='\x82\x05\xc7\xc6\xb9C\x86\x92O\xf9\xa0B\x98g\xb2\xcdQ\xb4~\xaf\xd74P_H\xab\xd7:\xba\xeb\xa4\xe7\xaa\xc1^f\'~\x9f\xb7#y\x1c\x81gx\xbb\xf20\xba^\xe5\xbc\xeb\xee\xe41\xc34\xfe\'\xa2/\x1d\xf8nC\x7f\xff\x87\xb2\xdc\bF3\x03\x0e>4\xf0\xb4b)\xeeS\x9f\x97(th\x894\x14>\xb6r\r~\r\x1c\x93\xe5\xbc\x86\xc1\x9b\x1d\x95\xba\xdf\f\x117\x9a\x12\xd4T\x8d&\xeb\xc6G\xc7\x1c8\x8b'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x69, 0x1, {0x2, 0x1, 0x1}}, 0x14)

12:01:54 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x80, 0x200280)
r1 = syz_open_dev$vcsu(&(0x7f0000000180), 0xc, 0x206000)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000080))

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x1000000000000, 0x300)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x6, 0x400000)
ioctl$USBDEVFS_GET_CAPABILITIES(r0, 0x8004551a, &(0x7f0000000080))

12:01:54 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x80, 0x200280) (async, rerun: 64)
r1 = syz_open_dev$vcsu(&(0x7f0000000180), 0xc, 0x206000) (rerun: 64)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000080))

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x20000000000000, 0x300)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x6, 0x400000)
ioctl$USBDEVFS_GET_CAPABILITIES(r0, 0x8004551a, &(0x7f0000000080))

12:01:54 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r1, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = accept$inet6(r2, &(0x7f0000000480)={0xa, 0x0, 0x0, @remote}, &(0x7f00000004c0)=0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000500)={0x2c, 0x13, '\x00', [@generic={0x7f, 0x99, "6d7f74321daceec91df06f03535ccf9feb4f4978aeabee89cc69c614682618e72bdb7e9fcbd41f0060feebe7226d38b1fe3452fecf05db3585dccafdaeeab421b54d3cc209c423828d873751ba9113540707724d7e405d7e9d10fa7fbdb431a195e97d964e9b320e99a32b008f647fdad515edf238269ca665fa870069b4beed9b89d8540fa4f54ff1c1fcfc25415164e43a27d5a8a04d4623"}]}, 0xa8) (async)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
r6 = openat$incfs(r2, &(0x7f0000000380)='.log\x00', 0x400, 0x176)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r7, 0x0, 0x0)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r8, 0x0, 0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xb, 0x4, &(0x7f0000000180)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1000}, @jmp={0x5, 0x0, 0x7, 0x9, 0xb, 0x18}, @ldst={0x2, 0x1, 0x2, 0x6, 0x4, 0xfffffffffffffff0, 0x1}], &(0x7f00000001c0)='GPL\x00', 0x8, 0xe3, &(0x7f0000000200)=""/227, 0x41100, 0x8, '\x00', 0x0, 0xf, r3, 0x8, &(0x7f0000000300)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0xe, 0x9, 0x3}, 0x10, 0xffffffffffffffff, r2, 0x0, &(0x7f00000003c0)=[r5, r1, r1, r6, r2, r7, r1, r2, r0, r8]}, 0x80) (async, rerun: 32)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f00000005c0)=0x4, 0x4) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x80, 0x200280) (async)
r1 = syz_open_dev$vcsu(&(0x7f0000000180), 0xc, 0x206000)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0) (async)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000080))

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6}, 0x20)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x100000000000000, 0x300)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x6, 0x400000)
ioctl$USBDEVFS_GET_CAPABILITIES(r0, 0x8004551a, &(0x7f0000000080))

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8000000000000000, 0x3, 0x0, 0x9, 0x1b, 0x0, "10975ee3a2b64cc872ee85a01269b98539463c30db07bf2e222fa4ddd5cc19d3651bde4e6e6434f8806c89b3ae1cd2fe71d1daeb647d18126018a7269ba07fc1", "46aa7893e681e8112acba54e6f2311ffd66e0bd0010d902dac8d134710375466e2e531df84aaeb50b454bf5572a832419f322bc39e37790f1fa21f2ee12941e4", "b548fe5d3639fb89c8dd989ee47e30d964770b81051bedddcef21642eeed75cf", [0x80000001, 0x5d]})

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6}, 0x20)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)
syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x10400)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8000000000000000, 0x3, 0x0, 0x9, 0x1b, 0x0, "10975ee3a2b64cc872ee85a01269b98539463c30db07bf2e222fa4ddd5cc19d3651bde4e6e6434f8806c89b3ae1cd2fe71d1daeb647d18126018a7269ba07fc1", "46aa7893e681e8112acba54e6f2311ffd66e0bd0010d902dac8d134710375466e2e531df84aaeb50b454bf5572a832419f322bc39e37790f1fa21f2ee12941e4", "b548fe5d3639fb89c8dd989ee47e30d964770b81051bedddcef21642eeed75cf", [0x80000001, 0x5d]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0) (async)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8000000000000000, 0x3, 0x0, 0x9, 0x1b, 0x0, "10975ee3a2b64cc872ee85a01269b98539463c30db07bf2e222fa4ddd5cc19d3651bde4e6e6434f8806c89b3ae1cd2fe71d1daeb647d18126018a7269ba07fc1", "46aa7893e681e8112acba54e6f2311ffd66e0bd0010d902dac8d134710375466e2e531df84aaeb50b454bf5572a832419f322bc39e37790f1fa21f2ee12941e4", "b548fe5d3639fb89c8dd989ee47e30d964770b81051bedddcef21642eeed75cf", [0x80000001, 0x5d]}) (async)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3000600, 0x0, 0x0, 0xb}, 0x20)
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="6c0f000000000000004f17749b07175d4526fc77dad5225a35e196c54c1cd1323bf70468f3e4fc692479408648bd6081376c724c67994635f49f18fbca906aa57f416d45a3f712a835f5064c7011ebfc4a48efcb1b97e76362c9102001000000000000000000000000000101010000010005020401c910fe80000000000000000000000000000e0010e4c22a2d717e8a82870f9ef8d4f25aa8d5de7b3c118ffdd514465c0cfbe99736c5e07755b4995b49544c866cef489a5e6bb96671f23fd06c070a619e15b58389f72405cef8fece3124bfd9db251622aa506e0e95c214506fcb6c212ddb6c47aacf72dbf454cbcb42fb8ca3204eff9ee4516ab8869c8f19bf585f8e1aab87778e11f0d5665c"], 0x88)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x200000000000000, 0x300)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6}, 0x20)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) (async)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="6c0f000000000000004f17749b07175d4526fc77dad5225a35e196c54c1cd1323bf70468f3e4fc692479408648bd6081376c724c67994635f49f18fbca906aa57f416d45a3f712a835f5064c7011ebfc4a48efcb1b97e76362c9102001000000000000000000000000000101010000010005020401c910fe80000000000000000000000000000e0010e4c22a2d717e8a82870f9ef8d4f25aa8d5de7b3c118ffdd514465c0cfbe99736c5e07755b4995b49544c866cef489a5e6bb96671f23fd06c070a619e15b58389f72405cef8fece3124bfd9db251622aa506e0e95c214506fcb6c212ddb6c47aacf72dbf454cbcb42fb8ca3204eff9ee4516ab8869c8f19bf585f8e1aab87778e11f0d5665c"], 0x88)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="6c0f000000000000004f17749b07175d4526fc77dad5225a35e196c54c1cd1323bf70468f3e4fc692479408648bd6081376c724c67994635f49f18fbca906aa57f416d45a3f712a835f5064c7011ebfc4a48efcb1b97e76362c9102001000000000000000000000000000101010000010005020401c910fe80000000000000000000000000000e0010e4c22a2d717e8a82870f9ef8d4f25aa8d5de7b3c118ffdd514465c0cfbe99736c5e07755b4995b49544c866cef489a5e6bb96671f23fd06c070a619e15b58389f72405cef8fece3124bfd9db251622aa506e0e95c214506fcb6c212ddb6c47aacf72dbf454cbcb42fb8ca3204eff9ee4516ab8869c8f19bf585f8e1aab87778e11f0d5665c"], 0x88) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8000000000000000, 0x3, 0x0, 0x9, 0x1b, 0x0, "10975ee3a2b64cc872ee85a01269b98539463c30db07bf2e222fa4ddd5cc19d3651bde4e6e6434f8806c89b3ae1cd2fe71d1daeb647d18126018a7269ba07fc1", "46aa7893e681e8112acba54e6f2311ffd66e0bd0010d902dac8d134710375466e2e531df84aaeb50b454bf5572a832419f322bc39e37790f1fa21f2ee12941e4", "b548fe5d3639fb89c8dd989ee47e30d964770b81051bedddcef21642eeed75cf", [0x80000001, 0x5d]})

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x300000000000000, 0x300)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2208c0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CLR_FD(r1, 0x4c01)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:54 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="6c0f000000000000004f17749b07175d4526fc77dad5225a35e196c54c1cd1323bf70468f3e4fc692479408648bd6081376c724c67994635f49f18fbca906aa57f416d45a3f712a835f5064c7011ebfc4a48efcb1b97e76362c9102001000000000000000000000000000101010000010005020401c910fe80000000000000000000000000000e0010e4c22a2d717e8a82870f9ef8d4f25aa8d5de7b3c118ffdd514465c0cfbe99736c5e07755b4995b49544c866cef489a5e6bb96671f23fd06c070a619e15b58389f72405cef8fece3124bfd9db251622aa506e0e95c214506fcb6c212ddb6c47aacf72dbf454cbcb42fb8ca3204eff9ee4516ab8869c8f19bf585f8e1aab87778e11f0d5665c"], 0x88) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:54 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_CLR_FD(r1, 0x4c01) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2208c0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 32)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:54 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa, 0x12, 0x9, "9022cbcdf86dd1290709a8590f9b89dabca8f716e8048b1ca812b341d38a78f845de75b9d69fc6818db83269f59c746d5f112347187bbc3dde9014705ae69a88", "4de581ec62ab2329dcea0145de59a5e0488da9b2a7e9d0b1810cac261ce334fd65f62e7c41f0b4d019230ac2576c67fd45bf321b6456cb3324b4c3dedd3c91df", "c491d1523806adb2d021307ae9abee7c8c3db2451887a50cef0c8d2b0f9c2935", [0x1, 0x200]})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = syz_open_dev$vcsu(&(0x7f0000000240), 0x6, 0x258a01)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000280)={r2, 0x2, {0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x4, 0xe, 0x5, "3b081e397c3dbcfc74778cf71fce9960e649e73a416b6f0a2fc00006ad465902575e46206bf594c6bfb7d3c0d29235013ea7ecc6e7fd9a58ccdf4f395128b2c3", "6cac217e0e0b8343853a0020cf4c0b4b7815e830440e8a762b65a07afed0ee42d7a5aaea7c769210448c0f2c2975e19c8d1b591b4f3f5a417bd5c838dc5515d3", "435c2e00e87b8f7e568fe845a105878eaa45328037a0c847f95d7c8de7524f07", [0x3, 0x7c0]}})

12:01:54 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2208c0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2208c0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:54 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x400000000000000, 0x300)

12:01:54 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x10000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mknodat$null(r2, &(0x7f0000000500)='./file0\x00', 0xc000, 0x103)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(r3, 0x4008550d, &(0x7f0000000180))
write$P9_RWRITE(r2, &(0x7f0000000380)={0xb, 0x77, 0x2, 0x1000}, 0xb)
connect$inet6(r2, 0x0, 0x0)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0), 0x101701, 0x0)
connect$inet6(r5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000200)="f4f70bfac7d1d1a3a83dd177b7063e43866672dc310bb77470f664bfe623cbb1a83aa59a10df4c7deb8096fcacf9199d185aa30c5a0a02659ab5b0357af192968f37f74edfd9389f609877d6ef96efeb93f822ba7fca9694089b025e8b56aa2c583b4f170cdac84c61e98fba6d62ab20b1c77f66504a3df6a50fd731c15da7cd23463e5d2effee62ffdb8caa973a7912114af8ab58887df3f8a85269ad41211f442faffe53f4671606ecfc7393143a211201c123caa35da0e6cb9d834794943979", &(0x7f0000000300)=@tcp6=r5, 0x4}, 0x20)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000003c0))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
socket$inet6_tcp(0xa, 0x1, 0x0)

12:01:55 executing program 4:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/rpmsg', 0x48080, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
write$P9_RREMOVE(r2, &(0x7f0000000000)={0x7, 0x7b, 0x1}, 0x7)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r1, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:55 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa, 0x12, 0x9, "9022cbcdf86dd1290709a8590f9b89dabca8f716e8048b1ca812b341d38a78f845de75b9d69fc6818db83269f59c746d5f112347187bbc3dde9014705ae69a88", "4de581ec62ab2329dcea0145de59a5e0488da9b2a7e9d0b1810cac261ce334fd65f62e7c41f0b4d019230ac2576c67fd45bf321b6456cb3324b4c3dedd3c91df", "c491d1523806adb2d021307ae9abee7c8c3db2451887a50cef0c8d2b0f9c2935", [0x1, 0x200]})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = syz_open_dev$vcsu(&(0x7f0000000240), 0x6, 0x258a01)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000280)={r2, 0x2, {0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x4, 0xe, 0x5, "3b081e397c3dbcfc74778cf71fce9960e649e73a416b6f0a2fc00006ad465902575e46206bf594c6bfb7d3c0d29235013ea7ecc6e7fd9a58ccdf4f395128b2c3", "6cac217e0e0b8343853a0020cf4c0b4b7815e830440e8a762b65a07afed0ee42d7a5aaea7c769210448c0f2c2975e19c8d1b591b4f3f5a417bd5c838dc5515d3", "435c2e00e87b8f7e568fe845a105878eaa45328037a0c847f95d7c8de7524f07", [0x3, 0x7c0]}})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040)) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa, 0x12, 0x9, "9022cbcdf86dd1290709a8590f9b89dabca8f716e8048b1ca812b341d38a78f845de75b9d69fc6818db83269f59c746d5f112347187bbc3dde9014705ae69a88", "4de581ec62ab2329dcea0145de59a5e0488da9b2a7e9d0b1810cac261ce334fd65f62e7c41f0b4d019230ac2576c67fd45bf321b6456cb3324b4c3dedd3c91df", "c491d1523806adb2d021307ae9abee7c8c3db2451887a50cef0c8d2b0f9c2935", [0x1, 0x200]}) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000240), 0x6, 0x258a01) (async)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000280)={r2, 0x2, {0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x4, 0xe, 0x5, "3b081e397c3dbcfc74778cf71fce9960e649e73a416b6f0a2fc00006ad465902575e46206bf594c6bfb7d3c0d29235013ea7ecc6e7fd9a58ccdf4f395128b2c3", "6cac217e0e0b8343853a0020cf4c0b4b7815e830440e8a762b65a07afed0ee42d7a5aaea7c769210448c0f2c2975e19c8d1b591b4f3f5a417bd5c838dc5515d3", "435c2e00e87b8f7e568fe845a105878eaa45328037a0c847f95d7c8de7524f07", [0x3, 0x7c0]}}) (async)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x804000000000000, 0x300)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CLR_FD(r1, 0x4c01)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_CLR_FD(r1, 0x4c01) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x10000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mknodat$null(r2, &(0x7f0000000500)='./file0\x00', 0xc000, 0x103) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$USBDEVFS_REAPURBNDELAY(r3, 0x4008550d, &(0x7f0000000180)) (async)
write$P9_RWRITE(r2, &(0x7f0000000380)={0xb, 0x77, 0x2, 0x1000}, 0xb) (async, rerun: 32)
connect$inet6(r2, 0x0, 0x0) (rerun: 32)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0), 0x101701, 0x0) (async)
connect$inet6(r5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000200)="f4f70bfac7d1d1a3a83dd177b7063e43866672dc310bb77470f664bfe623cbb1a83aa59a10df4c7deb8096fcacf9199d185aa30c5a0a02659ab5b0357af192968f37f74edfd9389f609877d6ef96efeb93f822ba7fca9694089b025e8b56aa2c583b4f170cdac84c61e98fba6d62ab20b1c77f66504a3df6a50fd731c15da7cd23463e5d2effee62ffdb8caa973a7912114af8ab58887df3f8a85269ad41211f442faffe53f4671606ecfc7393143a211201c123caa35da0e6cb9d834794943979", &(0x7f0000000300)=@tcp6=r5, 0x4}, 0x20) (async)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000003c0)) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x1000000000000000, 0x300)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/rpmsg', 0x48080, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
write$P9_RREMOVE(r2, &(0x7f0000000000)={0x7, 0x7b, 0x1}, 0x7)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r1, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/rpmsg', 0x48080, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
write$P9_RREMOVE(r2, &(0x7f0000000000)={0x7, 0x7b, 0x1}, 0x7) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
connect$inet6(r1, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:55 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xa, 0x12, 0x9, "9022cbcdf86dd1290709a8590f9b89dabca8f716e8048b1ca812b341d38a78f845de75b9d69fc6818db83269f59c746d5f112347187bbc3dde9014705ae69a88", "4de581ec62ab2329dcea0145de59a5e0488da9b2a7e9d0b1810cac261ce334fd65f62e7c41f0b4d019230ac2576c67fd45bf321b6456cb3324b4c3dedd3c91df", "c491d1523806adb2d021307ae9abee7c8c3db2451887a50cef0c8d2b0f9c2935", [0x1, 0x200]}) (async)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r2 = syz_open_dev$vcsu(&(0x7f0000000240), 0x6, 0x258a01)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000280)={r2, 0x2, {0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x4, 0xe, 0x5, "3b081e397c3dbcfc74778cf71fce9960e649e73a416b6f0a2fc00006ad465902575e46206bf594c6bfb7d3c0d29235013ea7ecc6e7fd9a58ccdf4f395128b2c3", "6cac217e0e0b8343853a0020cf4c0b4b7815e830440e8a762b65a07afed0ee42d7a5aaea7c769210448c0f2c2975e19c8d1b591b4f3f5a417bd5c838dc5515d3", "435c2e00e87b8f7e568fe845a105878eaa45328037a0c847f95d7c8de7524f07", [0x3, 0x7c0]}})

12:01:55 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:55 executing program 5:
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xd, 0x1, {{0x20, 0x0, 0x8}, 0xd0}}, 0x18)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x1f00000000000000, 0x300)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x10000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mknodat$null(r2, &(0x7f0000000500)='./file0\x00', 0xc000, 0x103)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(r3, 0x4008550d, &(0x7f0000000180))
write$P9_RWRITE(r2, &(0x7f0000000380)={0xb, 0x77, 0x2, 0x1000}, 0xb)
connect$inet6(r2, 0x0, 0x0)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0), 0x101701, 0x0)
connect$inet6(r5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000200)="f4f70bfac7d1d1a3a83dd177b7063e43866672dc310bb77470f664bfe623cbb1a83aa59a10df4c7deb8096fcacf9199d185aa30c5a0a02659ab5b0357af192968f37f74edfd9389f609877d6ef96efeb93f822ba7fca9694089b025e8b56aa2c583b4f170cdac84c61e98fba6d62ab20b1c77f66504a3df6a50fd731c15da7cd23463e5d2effee62ffdb8caa973a7912114af8ab58887df3f8a85269ad41211f442faffe53f4671606ecfc7393143a211201c123caa35da0e6cb9d834794943979", &(0x7f0000000300)=@tcp6=r5, 0x4}, 0x20)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000003c0))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x10000, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
mknodat$null(r2, &(0x7f0000000500)='./file0\x00', 0xc000, 0x103) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$USBDEVFS_REAPURBNDELAY(r3, 0x4008550d, &(0x7f0000000180)) (async)
write$P9_RWRITE(r2, &(0x7f0000000380)={0xb, 0x77, 0x2, 0x1000}, 0xb) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0), 0x101701, 0x0) (async)
connect$inet6(r5, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r4, &(0x7f0000000200)="f4f70bfac7d1d1a3a83dd177b7063e43866672dc310bb77470f664bfe623cbb1a83aa59a10df4c7deb8096fcacf9199d185aa30c5a0a02659ab5b0357af192968f37f74edfd9389f609877d6ef96efeb93f822ba7fca9694089b025e8b56aa2c583b4f170cdac84c61e98fba6d62ab20b1c77f66504a3df6a50fd731c15da7cd23463e5d2effee62ffdb8caa973a7912114af8ab58887df3f8a85269ad41211f442faffe53f4671606ecfc7393143a211201c123caa35da0e6cb9d834794943979", &(0x7f0000000300)=@tcp6=r5, 0x4}, 0x20) (async)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f00000003c0)) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/rpmsg', 0x48080, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
write$P9_RREMOVE(r2, &(0x7f0000000000)={0x7, 0x7b, 0x1}, 0x7)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r1, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/rpmsg', 0x48080, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
write$P9_RREMOVE(r2, &(0x7f0000000000)={0x7, 0x7b, 0x1}, 0x7) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
connect$inet6(r1, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:55 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:55 executing program 5:
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xd, 0x1, {{0x20, 0x0, 0x8}, 0xd0}}, 0x18) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:55 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x4000000000000000, 0x300)

12:01:55 executing program 5:
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xd, 0x1, {{0x20, 0x0, 0x8}, 0xd0}}, 0x18)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.pending_reads\x00', 0x40102, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x4, 0x3, 0x800, 0x7, 0x0, r1, 0xfffffffa, '\x00', 0x0, r1, 0x1, 0x4, 0x2}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xf6ffffff00000000, 0x300)

12:01:55 executing program 4:
syz_open_dev$loop(&(0x7f0000000000), 0x3000000, 0x300)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvfrom$inet6(r1, &(0x7f0000000000)=""/44, 0x2c, 0x12180, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000080)=[&(0x7f0000000240)='\x03\xd5k\bX\xeev\xb3\xb8\x84G\x13\x05\xf3A|/\xb2\xdf\x9e\xc4\x86l\x9c\x98\x1do\'\xd6?x\xf5\xe8\x81&\x15\x0e;\x97\xd34\xaa]f\x1c\xb8\xefh\x15\x869\x8e\xd0\xee\x1c(\x7f>\xfe\xbd\xa8\x94 \xd1U\xc1\xd75\xb9\x86S\xe5\x034\xe6\x1f\xe8\xc7\xb8/`\x92\n\x90\xaaa\xbf\x8a\xf7\x87W\'\xe6\xf4|\xa7F\a\'\xd6\x06B\x9fG\x12j\x00\x81Wj*\xcb\xfdP\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000000c0)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x8080, 0x0)
execveat(r4, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000300)='!o', &(0x7f0000000340)='/sys/kernel/debug/binder/stats\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00', &(0x7f00000003c0)='{+^&]\x00', &(0x7f0000000400)='-@\xa3+\xa7\x00'], &(0x7f00000004c0)=[&(0x7f0000000480)='/sys/kernel/debug/binder/stats\x00'], 0x0)
getpeername$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x351180, 0x0)
write$tun(r5, &(0x7f0000000540)={@val={0x0, 0x892f}, @void, @eth={@empty, @remote, @void, {@arp={0x806, @generic={0x23a, 0x86dd, 0x6, 0x5, 0x9, @local, "8447686018", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, "e2ec4bf3"}}}}}, 0x2f)
connect$inet6(r2, 0x0, 0x0)
write$P9_RSYMLINK(r2, &(0x7f0000000140)={0x14, 0x11, 0x2, {0x1, 0x1, 0x2}}, 0x14)
socket$inet6(0xa, 0x6, 0x3f)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x200)
connect$inet6(r2, 0x0, 0x0)
pipe2$watch_queue(&(0x7f00000000c0), 0x80)
ioctl$LOOP_SET_FD(r1, 0x4c00, r2)

12:01:55 executing program 5:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000001c0)={@local, 0x47, 0x1, 0x1, 0x3, 0x100, 0x1}, 0x20)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RRENAME(r1, &(0x7f00000000c0)={0x7, 0x15, 0x2}, 0x7)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000140)={'mangle\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xfeffffff00000000, 0x300)

12:01:55 executing program 5:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000001c0)={@local, 0x47, 0x1, 0x1, 0x3, 0x100, 0x1}, 0x20)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RRENAME(r1, &(0x7f00000000c0)={0x7, 0x15, 0x2}, 0x7) (async, rerun: 32)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4) (rerun: 32)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000140)={'mangle\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)

12:01:55 executing program 4:
syz_open_dev$loop(&(0x7f0000000000), 0x2000000, 0x300)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.pending_reads\x00', 0x40102, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x4, 0x3, 0x800, 0x7, 0x0, r1, 0xfffffffa, '\x00', 0x0, r1, 0x1, 0x4, 0x2}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x200)
connect$inet6(r2, 0x0, 0x0)
pipe2$watch_queue(&(0x7f00000000c0), 0x80)
ioctl$LOOP_SET_FD(r1, 0x4c00, r2)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000040), 0x80) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x200) (async)
connect$inet6(r2, 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f00000000c0), 0x80) (async)
ioctl$LOOP_SET_FD(r1, 0x4c00, r2) (async)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0xffffffff00000000, 0x300)

12:01:55 executing program 5:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000001c0)={@local, 0x47, 0x1, 0x1, 0x3, 0x100, 0x1}, 0x20) (async)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RRENAME(r1, &(0x7f00000000c0)={0x7, 0x15, 0x2}, 0x7)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000140)={'mangle\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)

12:01:55 executing program 4:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x20, 0x3, 0x6, 0x40, r1, 0xf91, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3, 0x7}, 0x48)
getgid()
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
linkat(r4, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x200)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x302)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
recvfrom$inet6(r1, &(0x7f0000000000)=""/44, 0x2c, 0x12180, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000080)=[&(0x7f0000000240)='\x03\xd5k\bX\xeev\xb3\xb8\x84G\x13\x05\xf3A|/\xb2\xdf\x9e\xc4\x86l\x9c\x98\x1do\'\xd6?x\xf5\xe8\x81&\x15\x0e;\x97\xd34\xaa]f\x1c\xb8\xefh\x15\x869\x8e\xd0\xee\x1c(\x7f>\xfe\xbd\xa8\x94 \xd1U\xc1\xd75\xb9\x86S\xe5\x034\xe6\x1f\xe8\xc7\xb8/`\x92\n\x90\xaaa\xbf\x8a\xf7\x87W\'\xe6\xf4|\xa7F\a\'\xd6\x06B\x9fG\x12j\x00\x81Wj*\xcb\xfdP\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000000c0)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async, rerun: 64)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x8080, 0x0)
execveat(r4, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000300)='!o', &(0x7f0000000340)='/sys/kernel/debug/binder/stats\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00', &(0x7f00000003c0)='{+^&]\x00', &(0x7f0000000400)='-@\xa3+\xa7\x00'], &(0x7f00000004c0)=[&(0x7f0000000480)='/sys/kernel/debug/binder/stats\x00'], 0x0) (async)
getpeername$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x351180, 0x0)
write$tun(r5, &(0x7f0000000540)={@val={0x0, 0x892f}, @void, @eth={@empty, @remote, @void, {@arp={0x806, @generic={0x23a, 0x86dd, 0x6, 0x5, 0x9, @local, "8447686018", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, "e2ec4bf3"}}}}}, 0x2f)
connect$inet6(r2, 0x0, 0x0) (async)
write$P9_RSYMLINK(r2, &(0x7f0000000140)={0x14, 0x11, 0x2, {0x1, 0x1, 0x2}}, 0x14)
socket$inet6(0xa, 0x6, 0x3f)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x303)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000180)='.pending_reads\x00', 0x40102, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x4, 0x3, 0x800, 0x7, 0x0, r1, 0xfffffffa, '\x00', 0x0, r1, 0x1, 0x4, 0x2}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x304)

12:01:55 executing program 5:
r0 = syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0xa000)
r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x8, 0x100)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f0000000140)=0x800)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0x1e, 0x8, "3538ef9866c71802285dc5e4d9aa23bb4adf2cfce535b2ad96c1e53c125fc7a9d37b64a69c6268e1f66fcf0e84e53dde2aafe6d66d2202215c51bf479e29a24e", "0bd60dcb6f8428da1b63838992b26a0f8035bb4e98119e0dcad33c647ab15ba6aefb153dff1a282481780321df4e84c96002e26ca6e33b741b4a96a867072015", "aac25ae26c8fa25fdff17e3709c9846c1ca061c9e20f2ef5495ef52ea0d981fb", [0xffffffffffffffff, 0x4]})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvfrom$inet6(r1, &(0x7f0000000000)=""/44, 0x2c, 0x12180, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000080)=[&(0x7f0000000240)='\x03\xd5k\bX\xeev\xb3\xb8\x84G\x13\x05\xf3A|/\xb2\xdf\x9e\xc4\x86l\x9c\x98\x1do\'\xd6?x\xf5\xe8\x81&\x15\x0e;\x97\xd34\xaa]f\x1c\xb8\xefh\x15\x869\x8e\xd0\xee\x1c(\x7f>\xfe\xbd\xa8\x94 \xd1U\xc1\xd75\xb9\x86S\xe5\x034\xe6\x1f\xe8\xc7\xb8/`\x92\n\x90\xaaa\xbf\x8a\xf7\x87W\'\xe6\xf4|\xa7F\a\'\xd6\x06B\x9fG\x12j\x00\x81Wj*\xcb\xfdP\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000000c0)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x8080, 0x0)
execveat(r4, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000300)='!o', &(0x7f0000000340)='/sys/kernel/debug/binder/stats\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00', &(0x7f00000003c0)='{+^&]\x00', &(0x7f0000000400)='-@\xa3+\xa7\x00'], &(0x7f00000004c0)=[&(0x7f0000000480)='/sys/kernel/debug/binder/stats\x00'], 0x0)
getpeername$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x351180, 0x0)
write$tun(r5, &(0x7f0000000540)={@val={0x0, 0x892f}, @void, @eth={@empty, @remote, @void, {@arp={0x806, @generic={0x23a, 0x86dd, 0x6, 0x5, 0x9, @local, "8447686018", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, "e2ec4bf3"}}}}}, 0x2f)
connect$inet6(r2, 0x0, 0x0)
write$P9_RSYMLINK(r2, &(0x7f0000000140)={0x14, 0x11, 0x2, {0x1, 0x1, 0x2}}, 0x14)
socket$inet6(0xa, 0x6, 0x3f)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
recvfrom$inet6(r1, &(0x7f0000000000)=""/44, 0x2c, 0x12180, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000080)=[&(0x7f0000000240)='\x03\xd5k\bX\xeev\xb3\xb8\x84G\x13\x05\xf3A|/\xb2\xdf\x9e\xc4\x86l\x9c\x98\x1do\'\xd6?x\xf5\xe8\x81&\x15\x0e;\x97\xd34\xaa]f\x1c\xb8\xefh\x15\x869\x8e\xd0\xee\x1c(\x7f>\xfe\xbd\xa8\x94 \xd1U\xc1\xd75\xb9\x86S\xe5\x034\xe6\x1f\xe8\xc7\xb8/`\x92\n\x90\xaaa\xbf\x8a\xf7\x87W\'\xe6\xf4|\xa7F\a\'\xd6\x06B\x9fG\x12j\x00\x81Wj*\xcb\xfdP\x00\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000000c0)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x8080, 0x0) (async)
execveat(r4, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000300)='!o', &(0x7f0000000340)='/sys/kernel/debug/binder/stats\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00', &(0x7f00000003c0)='{+^&]\x00', &(0x7f0000000400)='-@\xa3+\xa7\x00'], &(0x7f00000004c0)=[&(0x7f0000000480)='/sys/kernel/debug/binder/stats\x00'], 0x0) (async)
getpeername$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x351180, 0x0) (async)
write$tun(r5, &(0x7f0000000540)={@val={0x0, 0x892f}, @void, @eth={@empty, @remote, @void, {@arp={0x806, @generic={0x23a, 0x86dd, 0x6, 0x5, 0x9, @local, "8447686018", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, "e2ec4bf3"}}}}}, 0x2f) (async)
connect$inet6(r2, 0x0, 0x0) (async)
write$P9_RSYMLINK(r2, &(0x7f0000000140)={0x14, 0x11, 0x2, {0x1, 0x1, 0x2}}, 0x14) (async)
socket$inet6(0xa, 0x6, 0x3f) (async)

12:01:55 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x2041)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80) (async, rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x200) (async)
connect$inet6(r2, 0x0, 0x0) (async, rerun: 32)
pipe2$watch_queue(&(0x7f00000000c0), 0x80) (rerun: 32)
ioctl$LOOP_SET_FD(r1, 0x4c00, r2)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0) (fail_nth: 1)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x310)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
readlinkat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/80, 0x50)
connect$inet6(r3, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xbd8, 0x7, 0x9, 0x204, 0x1, 0x2, '\x00', 0x0, r3, 0x0, 0x3, 0x0, 0x1}, 0x48)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000340)=ANY=[@ANYBLOB="ff79000016009db18938d4f2876c8cbc1ae277cadcff090000160136d6000b5b4bffff8f03"])
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(r5, 0x0, 0x0)
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x181100, 0x0)
write$P9_RXATTRWALK(r7, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x1}, 0xf)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:55 executing program 5:
r0 = syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0xa000)
r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x8, 0x100)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f0000000140)=0x800)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0x1e, 0x8, "3538ef9866c71802285dc5e4d9aa23bb4adf2cfce535b2ad96c1e53c125fc7a9d37b64a69c6268e1f66fcf0e84e53dde2aafe6d66d2202215c51bf479e29a24e", "0bd60dcb6f8428da1b63838992b26a0f8035bb4e98119e0dcad33c647ab15ba6aefb153dff1a282481780321df4e84c96002e26ca6e33b741b4a96a867072015", "aac25ae26c8fa25fdff17e3709c9846c1ca061c9e20f2ef5495ef52ea0d981fb", [0xffffffffffffffff, 0x4]})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)
syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0xa000) (async)
syz_open_dev$usbfs(&(0x7f0000000180), 0x8, 0x100) (async)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f0000000140)=0x800) (async)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0x1e, 0x8, "3538ef9866c71802285dc5e4d9aa23bb4adf2cfce535b2ad96c1e53c125fc7a9d37b64a69c6268e1f66fcf0e84e53dde2aafe6d66d2202215c51bf479e29a24e", "0bd60dcb6f8428da1b63838992b26a0f8035bb4e98119e0dcad33c647ab15ba6aefb153dff1a282481780321df4e84c96002e26ca6e33b741b4a96a867072015", "aac25ae26c8fa25fdff17e3709c9846c1ca061c9e20f2ef5495ef52ea0d981fb", [0xffffffffffffffff, 0x4]}) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) (async)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x414000, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000200)=""/117, 0x75, 0x2, &(0x7f0000000000)={0xa, 0x4e22, 0x10000, @mcast1, 0x6}, 0x1c)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3c, &(0x7f00000001c0), &(0x7f0000000180)=0xffffffe2)

12:01:55 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 1)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
readlinkat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/80, 0x50)
connect$inet6(r3, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xbd8, 0x7, 0x9, 0x204, 0x1, 0x2, '\x00', 0x0, r3, 0x0, 0x3, 0x0, 0x1}, 0x48)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000340)=ANY=[@ANYBLOB="ff79000016009db18938d4f2876c8cbc1ae277cadcff090000160136d6000b5b4bffff8f03"])
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(r5, 0x0, 0x0)
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x181100, 0x0)
write$P9_RXATTRWALK(r7, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x1}, 0xf)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
readlinkat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/80, 0x50) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xbd8, 0x7, 0x9, 0x204, 0x1, 0x2, '\x00', 0x0, r3, 0x0, 0x3, 0x0, 0x1}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r6, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000340)=ANY=[@ANYBLOB="ff79000016009db18938d4f2876c8cbc1ae277cadcff090000160136d6000b5b4bffff8f03"]) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
connect$inet6(r5, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x181100, 0x0) (async)
write$P9_RXATTRWALK(r7, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x1}, 0xf) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:55 executing program 5:
r0 = syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0xa000)
r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x8, 0x100)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f0000000140)=0x800)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0x1e, 0x8, "3538ef9866c71802285dc5e4d9aa23bb4adf2cfce535b2ad96c1e53c125fc7a9d37b64a69c6268e1f66fcf0e84e53dde2aafe6d66d2202215c51bf479e29a24e", "0bd60dcb6f8428da1b63838992b26a0f8035bb4e98119e0dcad33c647ab15ba6aefb153dff1a282481780321df4e84c96002e26ca6e33b741b4a96a867072015", "aac25ae26c8fa25fdff17e3709c9846c1ca061c9e20f2ef5495ef52ea0d981fb", [0xffffffffffffffff, 0x4]})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)
syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0xa000) (async)
syz_open_dev$usbfs(&(0x7f0000000180), 0x8, 0x100) (async)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f0000000140)=0x800) (async)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0x1e, 0x8, "3538ef9866c71802285dc5e4d9aa23bb4adf2cfce535b2ad96c1e53c125fc7a9d37b64a69c6268e1f66fcf0e84e53dde2aafe6d66d2202215c51bf479e29a24e", "0bd60dcb6f8428da1b63838992b26a0f8035bb4e98119e0dcad33c647ab15ba6aefb153dff1a282481780321df4e84c96002e26ca6e33b741b4a96a867072015", "aac25ae26c8fa25fdff17e3709c9846c1ca061c9e20f2ef5495ef52ea0d981fb", [0xffffffffffffffff, 0x4]}) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) (async)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x600)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x7f00)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x414000, 0x0) (async, rerun: 32)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (rerun: 32)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000200)=""/117, 0x75, 0x2, &(0x7f0000000000)={0xa, 0x4e22, 0x10000, @mcast1, 0x6}, 0x1c) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3c, &(0x7f00000001c0), &(0x7f0000000180)=0xffffffe2)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0xf0ff7f)

12:01:55 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x414000, 0x0) (async, rerun: 64)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (rerun: 64)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000200)=""/117, 0x75, 0x2, &(0x7f0000000000)={0xa, 0x4e22, 0x10000, @mcast1, 0x6}, 0x1c) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3c, &(0x7f00000001c0), &(0x7f0000000180)=0xffffffe2)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
readlinkat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/80, 0x50)
connect$inet6(r3, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xbd8, 0x7, 0x9, 0x204, 0x1, 0x2, '\x00', 0x0, r3, 0x0, 0x3, 0x0, 0x1}, 0x48)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000340)=ANY=[@ANYBLOB="ff79000016009db18938d4f2876c8cbc1ae277cadcff090000160136d6000b5b4bffff8f03"])
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(r5, 0x0, 0x0)
r7 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x181100, 0x0)
write$P9_RXATTRWALK(r7, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x1}, 0xf)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
readlinkat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/80, 0x50) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0xbd8, 0x7, 0x9, 0x204, 0x1, 0x2, '\x00', 0x0, r3, 0x0, 0x3, 0x0, 0x1}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r6, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r6, 0x8008551d, &(0x7f0000000340)=ANY=[@ANYBLOB="ff79000016009db18938d4f2876c8cbc1ae277cadcff090000160136d6000b5b4bffff8f03"]) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
connect$inet6(r5, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x181100, 0x0) (async)
write$P9_RXATTRWALK(r7, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x1}, 0xf) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x4000)

[ 2233.977879][T12063] FAULT_INJECTION: forcing a failure.
[ 2233.977879][T12063] name failslab, interval 1, probability 0, space 0, times 0
[ 2233.992941][T12063] CPU: 1 PID: 12063 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2234.003191][T12063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2234.013231][T12063] Call Trace:
[ 2234.016504][T12063]  dump_stack+0x1d8/0x241
[ 2234.020810][T12063]  ? panic+0x73e/0x73e
[ 2234.024890][T12063]  ? arch_stack_walk+0x114/0x140
[ 2234.029797][T12063]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2234.035588][T12063]  should_fail+0x709/0x870
[ 2234.039977][T12063]  ? setup_fault_attr+0x3d0/0x3d0
[ 2234.044970][T12063]  ? kstrtouint_from_user+0x215/0x2b0
[ 2234.050310][T12063]  ? loop_add+0x56/0x710
[ 2234.054523][T12063]  should_failslab+0x5/0x20
[ 2234.059006][T12063]  kmem_cache_alloc_trace+0x28/0x240
[ 2234.064285][T12063]  loop_add+0x56/0x710
[ 2234.068351][T12063]  ? radix_tree_lookup+0x17a/0x1d0
[ 2234.073461][T12063]  loop_control_ioctl+0x564/0x740
12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000001c0))
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x20005080)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0xac7, 0x1, 0x8b9, 0x1000, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0x2}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x80, 0x7, 0x3, 0x1010, r1, 0xef1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x5, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x6c, r4, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0xffff}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x2004c081)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07)
connect$inet6(r3, 0x0, 0x0)
pipe2$9p(&(0x7f0000000180), 0x184800)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
ioctl$USBDEVFS_GET_CAPABILITIES(r3, 0x8004551a, &(0x7f0000000280))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r2, &(0x7f00000002c0)="e52b5eb26337f986c90e9c75d1e58751ce851577bb662b85ebdf912e9b0d7f7b3603f64ac4b14abb0bd8aca78779d706001c0000000094b07e02de678252", &(0x7f0000000200)=@udp6=r3, 0x4}, 0x20)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000500)=0x1c, 0x4)

[ 2234.078505][T12063]  ? loop_remove+0xa0/0xa0
[ 2234.082928][T12063]  ? __lru_cache_add+0x1bf/0x210
[ 2234.087862][T12063]  ? memset+0x1f/0x40
[ 2234.091842][T12063]  ? fsnotify+0x1332/0x13f0
[ 2234.096344][T12063]  ? loop_remove+0xa0/0xa0
[ 2234.100759][T12063]  do_vfs_ioctl+0x744/0x1730
[ 2234.105351][T12063]  ? selinux_file_ioctl+0x723/0x970
[ 2234.110546][T12063]  ? ioctl_preallocate+0x250/0x250
[ 2234.115659][T12063]  ? __fget+0x40c/0x4a0
[ 2234.119817][T12063]  ? fget_many+0x20/0x20
12:01:55 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 2)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x7f000000)

[ 2234.124049][T12063]  ? check_preemption_disabled+0x154/0x330
[ 2234.129841][T12063]  ? debug_smp_processor_id+0x20/0x20
[ 2234.135188][T12063]  ? security_file_ioctl+0x9d/0xb0
[ 2234.140281][T12063]  __x64_sys_ioctl+0xd4/0x110
[ 2234.144938][T12063]  do_syscall_64+0xcb/0x1c0
[ 2234.149422][T12063]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000001c0)) (rerun: 64)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x20005080)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0xac7, 0x1, 0x8b9, 0x1000, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0x2}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x80, 0x7, 0x3, 0x1010, r1, 0xef1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x5, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x6c, r4, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0xffff}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x2004c081)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07) (async)
connect$inet6(r3, 0x0, 0x0)
pipe2$9p(&(0x7f0000000180), 0x184800) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (rerun: 64)
ioctl$USBDEVFS_GET_CAPABILITIES(r3, 0x8004551a, &(0x7f0000000280))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r2, &(0x7f00000002c0)="e52b5eb26337f986c90e9c75d1e58751ce851577bb662b85ebdf912e9b0d7f7b3603f64ac4b14abb0bd8aca78779d706001c0000000094b07e02de678252", &(0x7f0000000200)=@udp6=r3, 0x4}, 0x20)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0) (async, rerun: 32)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000500)=0x1c, 0x4) (rerun: 32)

12:01:55 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x29)

12:01:55 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RWALK(r0, &(0x7f0000000000)={0x3d, 0x6f, 0x2, {0x4, [{0x10, 0x0, 0x6}, {0x2, 0x1, 0x1}, {0x20, 0x0, 0x2}, {0x2, 0x2, 0x8}]}}, 0x3d)
connect$inet6(r1, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000001c0))
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x20005080)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0xac7, 0x1, 0x8b9, 0x1000, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0x2}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x80, 0x7, 0x3, 0x1010, r1, 0xef1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x5, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x6c, r4, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0xffff}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x2004c081)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07)
connect$inet6(r3, 0x0, 0x0)
pipe2$9p(&(0x7f0000000180), 0x184800)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
ioctl$USBDEVFS_GET_CAPABILITIES(r3, 0x8004551a, &(0x7f0000000280))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r2, &(0x7f00000002c0)="e52b5eb26337f986c90e9c75d1e58751ce851577bb662b85ebdf912e9b0d7f7b3603f64ac4b14abb0bd8aca78779d706001c0000000094b07e02de678252", &(0x7f0000000200)=@udp6=r3, 0x4}, 0x20)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000500)=0x1c, 0x4)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000001c0)) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x20005080) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0xac7, 0x1, 0x8b9, 0x1000, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x2, 0x2}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x80, 0x7, 0x3, 0x1010, r1, 0xef1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x5, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000600)={0x6c, r4, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0xffff}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x2004c081) (async)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07) (async)
connect$inet6(r3, 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000000180), 0x184800) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
ioctl$USBDEVFS_GET_CAPABILITIES(r3, 0x8004551a, &(0x7f0000000280)) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r2, &(0x7f00000002c0)="e52b5eb26337f986c90e9c75d1e58751ce851577bb662b85ebdf912e9b0d7f7b3603f64ac4b14abb0bd8aca78779d706001c0000000094b07e02de678252", &(0x7f0000000200)=@udp6=r3, 0x4}, 0x20) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r5, 0x0, 0x0) (async)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000500)=0x1c, 0x4) (async)

[ 2234.179281][T12124] FAULT_INJECTION: forcing a failure.
[ 2234.179281][T12124] name failslab, interval 1, probability 0, space 0, times 0
[ 2234.192406][T12124] CPU: 1 PID: 12124 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2234.202642][T12124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2234.212682][T12124] Call Trace:
[ 2234.215965][T12124]  dump_stack+0x1d8/0x241
[ 2234.220272][T12124]  ? panic+0x73e/0x73e
12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RFLUSH(r2, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)

[ 2234.224314][T12124]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2234.230090][T12124]  ? do_vfs_ioctl+0x744/0x1730
[ 2234.234821][T12124]  ? do_syscall_64+0xcb/0x1c0
[ 2234.239465][T12124]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2234.245499][T12124]  should_fail+0x709/0x870
[ 2234.249884][T12124]  ? setup_fault_attr+0x3d0/0x3d0
[ 2234.254877][T12124]  ? idr_alloc+0x203/0x2f0
[ 2234.259259][T12124]  ? blk_mq_alloc_tag_set+0x300/0x890
[ 2234.264606][T12124]  should_failslab+0x5/0x20
[ 2234.269094][T12124]  __kmalloc+0x51/0x2b0
[ 2234.273234][T12124]  blk_mq_alloc_tag_set+0x300/0x890
[ 2234.278423][T12124]  ? kmem_cache_alloc_trace+0xd8/0x240
[ 2234.283871][T12124]  ? loop_add+0x56/0x710
[ 2234.288086][T12124]  loop_add+0x22b/0x710
[ 2234.292214][T12124]  ? radix_tree_lookup+0x17a/0x1d0
[ 2234.297306][T12124]  loop_control_ioctl+0x564/0x740
[ 2234.302300][T12124]  ? loop_remove+0xa0/0xa0
[ 2234.306684][T12124]  ? __lru_cache_add+0x1bf/0x210
[ 2234.311623][T12124]  ? memset+0x1f/0x40
[ 2234.315592][T12124]  ? fsnotify+0x1332/0x13f0
[ 2234.320078][T12124]  ? loop_remove+0xa0/0xa0
[ 2234.324475][T12124]  do_vfs_ioctl+0x744/0x1730
12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x7ffff000)

12:01:55 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 3)

12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RFLUSH(r2, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
write$P9_RFLUSH(r2, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7) (async)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522) (async)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0xffffff7f)

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async, rerun: 32)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0) (rerun: 32)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x29)

[ 2234.329038][T12124]  ? selinux_file_ioctl+0x723/0x970
[ 2234.334211][T12124]  ? ioctl_preallocate+0x250/0x250
[ 2234.339297][T12124]  ? __fget+0x40c/0x4a0
[ 2234.343435][T12124]  ? fget_many+0x20/0x20
[ 2234.347648][T12124]  ? check_preemption_disabled+0x154/0x330
[ 2234.353423][T12124]  ? debug_smp_processor_id+0x20/0x20
[ 2234.358762][T12124]  ? security_file_ioctl+0x9d/0xb0
[ 2234.363840][T12124]  __x64_sys_ioctl+0xd4/0x110
[ 2234.368486][T12124]  do_syscall_64+0xcb/0x1c0
[ 2234.372960][T12124]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:55 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RWALK(r0, &(0x7f0000000000)={0x3d, 0x6f, 0x2, {0x4, [{0x10, 0x0, 0x6}, {0x2, 0x1, 0x1}, {0x20, 0x0, 0x2}, {0x2, 0x2, 0x8}]}}, 0x3d) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x10000000000)

12:01:55 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))

12:01:55 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x29)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0) (async)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r0, 0x29) (async)

[ 2234.415927][T12169] FAULT_INJECTION: forcing a failure.
[ 2234.415927][T12169] name failslab, interval 1, probability 0, space 0, times 0
[ 2234.431135][T12169] CPU: 0 PID: 12169 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2234.441395][T12169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2234.451427][T12169] Call Trace:
[ 2234.454700][T12169]  dump_stack+0x1d8/0x241
[ 2234.458997][T12169]  ? panic+0x73e/0x73e
[ 2234.463880][T12169]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2234.469661][T12169]  should_fail+0x709/0x870
[ 2234.474054][T12169]  ? setup_fault_attr+0x3d0/0x3d0
[ 2234.479047][T12169]  ? blk_mq_alloc_tag_set+0x3ab/0x890
[ 2234.484384][T12169]  should_failslab+0x5/0x20
[ 2234.488859][T12169]  __kmalloc+0x51/0x2b0
[ 2234.492983][T12169]  ? blk_mq_alloc_tag_set+0x300/0x890
[ 2234.498322][T12169]  blk_mq_alloc_tag_set+0x3ab/0x890
[ 2234.503491][T12169]  loop_add+0x22b/0x710
[ 2234.507618][T12169]  ? radix_tree_lookup+0x17a/0x1d0
[ 2234.512706][T12169]  loop_control_ioctl+0x564/0x740
[ 2234.517700][T12169]  ? loop_remove+0xa0/0xa0
[ 2234.522082][T12169]  ? __lru_cache_add+0x1bf/0x210
[ 2234.526989][T12169]  ? memset+0x1f/0x40
[ 2234.530941][T12169]  ? fsnotify+0x1332/0x13f0
[ 2234.535410][T12169]  ? loop_remove+0xa0/0xa0
[ 2234.539794][T12169]  do_vfs_ioctl+0x744/0x1730
[ 2234.544356][T12169]  ? selinux_file_ioctl+0x723/0x970
[ 2234.549523][T12169]  ? ioctl_preallocate+0x250/0x250
[ 2234.554602][T12169]  ? __fget+0x40c/0x4a0
[ 2234.558725][T12169]  ? fget_many+0x20/0x20
12:01:55 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RFLUSH(r2, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
write$P9_RFLUSH(r2, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7) (async)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522) (async)

12:01:55 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 4)

12:01:55 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040)) (async)

12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x7ffffffff000)

12:01:55 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RSETATTR(r0, &(0x7f0000000180)={0x7, 0x1b, 0x1}, 0x7)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:55 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async, rerun: 64)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
write$P9_RWALK(r0, &(0x7f0000000000)={0x3d, 0x6f, 0x2, {0x4, [{0x10, 0x0, 0x6}, {0x2, 0x1, 0x1}, {0x20, 0x0, 0x2}, {0x2, 0x2, 0x8}]}}, 0x3d)
connect$inet6(r1, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

12:01:55 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x101481)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x10102, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x0, 0xa, 0x5, 0x9, "b8e21d33dd6d1bfd1e7405fe9d9454f8ef3daec648020c491d0ff3b4e7141218c22ca384239057b73cd42ee5e1897c61f52a1eed70f0b8137355d79ae4a77377", "eb8c0f8b4c93073db9e9fdbb046e09f603353a58466e7960faa84db9662737c3", [0x6, 0x9]})
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000100), 0x2, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x2, 0xa, 0x1, 0x8, "df65a710c4560dede1d39379b2322ce67c51827e16ba64e2d19e782a8591e1624f1656a7145a57904f95b4bf3042a8cf17e3aee01c96658172d7632345b5996a", "6c8920de357f92b0e49bbf3260ef7399d2d7423b5c54e898ef25cdd5c88226a2", [0x1, 0xff]})
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)

[ 2234.562933][T12169]  ? check_preemption_disabled+0x154/0x330
[ 2234.568706][T12169]  ? debug_smp_processor_id+0x20/0x20
[ 2234.574047][T12169]  ? security_file_ioctl+0x9d/0xb0
[ 2234.579128][T12169]  __x64_sys_ioctl+0xd4/0x110
[ 2234.583774][T12169]  do_syscall_64+0xcb/0x1c0
[ 2234.588245][T12169]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:55 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0xf0ff7f00000000)

12:01:55 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

[ 2234.639055][T12210] FAULT_INJECTION: forcing a failure.
[ 2234.639055][T12210] name failslab, interval 1, probability 0, space 0, times 0
[ 2234.654212][T12210] CPU: 0 PID: 12210 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2234.664458][T12210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2234.674500][T12210] Call Trace:
[ 2234.677774][T12210]  dump_stack+0x1d8/0x241
[ 2234.682078][T12210]  ? panic+0x73e/0x73e
[ 2234.686116][T12210]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2234.691893][T12210]  should_fail+0x709/0x870
[ 2234.696287][T12210]  ? loop_add+0x22b/0x710
[ 2234.700587][T12210]  ? loop_control_ioctl+0x564/0x740
[ 2234.705760][T12210]  ? do_syscall_64+0xcb/0x1c0
[ 2234.710405][T12210]  ? setup_fault_attr+0x3d0/0x3d0
[ 2234.715397][T12210]  ? blk_mq_init_tags+0x74/0x290
[ 2234.720302][T12210]  should_failslab+0x5/0x20
[ 2234.724773][T12210]  kmem_cache_alloc_trace+0x28/0x240
[ 2234.730030][T12210]  blk_mq_init_tags+0x74/0x290
[ 2234.734767][T12210]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[ 2234.740306][T12210]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2234.745304][T12210]  blk_mq_alloc_rq_maps+0x100/0x650
[ 2234.750472][T12210]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2234.755644][T12210]  loop_add+0x22b/0x710
[ 2234.759782][T12210]  ? radix_tree_lookup+0x17a/0x1d0
[ 2234.764862][T12210]  loop_control_ioctl+0x564/0x740
[ 2234.769856][T12210]  ? loop_remove+0xa0/0xa0
[ 2234.774242][T12210]  ? __lru_cache_add+0x1bf/0x210
[ 2234.779146][T12210]  ? memset+0x1f/0x40
[ 2234.783097][T12210]  ? fsnotify+0x1332/0x13f0
[ 2234.787566][T12210]  ? loop_remove+0xa0/0xa0
[ 2234.791951][T12210]  do_vfs_ioctl+0x744/0x1730
[ 2234.796512][T12210]  ? selinux_file_ioctl+0x723/0x970
[ 2234.801679][T12210]  ? ioctl_preallocate+0x250/0x250
[ 2234.806766][T12210]  ? __fget+0x40c/0x4a0
[ 2234.810901][T12210]  ? fget_many+0x20/0x20
[ 2234.815112][T12210]  ? check_preemption_disabled+0x154/0x330
[ 2234.820888][T12210]  ? debug_smp_processor_id+0x20/0x20
[ 2234.826232][T12210]  ? security_file_ioctl+0x9d/0xb0
[ 2234.831311][T12210]  __x64_sys_ioctl+0xd4/0x110
12:01:56 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x971\xd30\x18gm\xd9\xaa\x8ed\xbb\xbc\x0e\nB\xb8\xa9\xab\x94\x1b\xa7u\nP\xa2#\xfbO`8\xdal\xcc\xb2SP\xc0\x82\x99O<\xae.)\xbe\x83\x92\xa4\xeb\xc9|S\x1e1:\xf6\x83\xafxY\x97\xc3\xf3VO\x96\v\"\x82\xf3l\xe9\x10\x98\xf8\x94\xa6*\x8f\x8bC\xa0\xa0\xa4\x86]\xb6|\xb0r1+,b\x9aE%#\x00\xac\xb3v\x18\"e\xaa\xc1\xc83:\xe0\xe3:~\x98\x11\xf5\f*2I\xa34E\x97\xa24\x91\xd0\x19 \xef\x92\xa5+\xc5\xdc\x9d\xc9\xe2qX\x8a\x10R\xffz\xa9\xae\a\x05j\xed&\xe3\xc2\x80\x90<]K\xd1\x89'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:56 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 5)

12:01:56 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0xf0ffffff7f0000)

12:01:56 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) (async)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x101481) (async)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x10102, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x0, 0xa, 0x5, 0x9, "b8e21d33dd6d1bfd1e7405fe9d9454f8ef3daec648020c491d0ff3b4e7141218c22ca384239057b73cd42ee5e1897c61f52a1eed70f0b8137355d79ae4a77377", "eb8c0f8b4c93073db9e9fdbb046e09f603353a58466e7960faa84db9662737c3", [0x6, 0x9]}) (async)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000100), 0x2, 0x0) (async)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x2, 0xa, 0x1, 0x8, "df65a710c4560dede1d39379b2322ce67c51827e16ba64e2d19e782a8591e1624f1656a7145a57904f95b4bf3042a8cf17e3aee01c96658172d7632345b5996a", "6c8920de357f92b0e49bbf3260ef7399d2d7423b5c54e898ef25cdd5c88226a2", [0x1, 0xff]}) (async)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3) (async)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)

12:01:56 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RSETATTR(r0, &(0x7f0000000180)={0x7, 0x1b, 0x1}, 0x7) (async)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2234.835960][T12210]  do_syscall_64+0xcb/0x1c0
[ 2234.840433][T12210]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2234.846824][T12210] blk-mq: reduced tag depth (128 -> 64)
12:01:56 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x971\xd30\x18gm\xd9\xaa\x8ed\xbb\xbc\x0e\nB\xb8\xa9\xab\x94\x1b\xa7u\nP\xa2#\xfbO`8\xdal\xcc\xb2SP\xc0\x82\x99O<\xae.)\xbe\x83\x92\xa4\xeb\xc9|S\x1e1:\xf6\x83\xafxY\x97\xc3\xf3VO\x96\v\"\x82\xf3l\xe9\x10\x98\xf8\x94\xa6*\x8f\x8bC\xa0\xa0\xa4\x86]\xb6|\xb0r1+,b\x9aE%#\x00\xac\xb3v\x18\"e\xaa\xc1\xc83:\xe0\xe3:~\x98\x11\xf5\f*2I\xa34E\x97\xa24\x91\xd0\x19 \xef\x92\xa5+\xc5\xdc\x9d\xc9\xe2qX\x8a\x10R\xffz\xa9\xae\a\x05j\xed&\xe3\xc2\x80\x90<]K\xd1\x89'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x971\xd30\x18gm\xd9\xaa\x8ed\xbb\xbc\x0e\nB\xb8\xa9\xab\x94\x1b\xa7u\nP\xa2#\xfbO`8\xdal\xcc\xb2SP\xc0\x82\x99O<\xae.)\xbe\x83\x92\xa4\xeb\xc9|S\x1e1:\xf6\x83\xafxY\x97\xc3\xf3VO\x96\v\"\x82\xf3l\xe9\x10\x98\xf8\x94\xa6*\x8f\x8bC\xa0\xa0\xa4\x86]\xb6|\xb0r1+,b\x9aE%#\x00\xac\xb3v\x18\"e\xaa\xc1\xc83:\xe0\xe3:~\x98\x11\xf5\f*2I\xa34E\x97\xa24\x91\xd0\x19 \xef\x92\xa5+\xc5\xdc\x9d\xc9\xe2qX\x8a\x10R\xffz\xa9\xae\a\x05j\xed&\xe3\xc2\x80\x90<]K\xd1\x89'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180)) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:56 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x7f00000000000000)

12:01:56 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) (async)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

[ 2234.899280][T12230] FAULT_INJECTION: forcing a failure.
[ 2234.899280][T12230] name failslab, interval 1, probability 0, space 0, times 0
[ 2234.913720][T12230] CPU: 0 PID: 12230 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2234.923970][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2234.934005][T12230] Call Trace:
[ 2234.937275][T12230]  dump_stack+0x1d8/0x241
[ 2234.941596][T12230]  ? panic+0x73e/0x73e
[ 2234.945634][T12230]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2234.951413][T12230]  ? blk_mq_init_tags+0x74/0x290
[ 2234.956318][T12230]  ? blk_mq_alloc_rq_maps+0x100/0x650
[ 2234.961656][T12230]  ? blk_mq_alloc_tag_set+0x50e/0x890
[ 2234.966993][T12230]  ? loop_add+0x22b/0x710
[ 2234.971290][T12230]  ? do_vfs_ioctl+0x744/0x1730
[ 2234.976028][T12230]  ? __x64_sys_ioctl+0xd4/0x110
[ 2234.980845][T12230]  ? do_syscall_64+0xcb/0x1c0
[ 2234.985493][T12230]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2234.991531][T12230]  should_fail+0x709/0x870
[ 2234.995918][T12230]  ? setup_fault_attr+0x3d0/0x3d0
[ 2235.000909][T12230]  ? sbitmap_queue_init_node+0x15e/0xf70
[ 2235.006507][T12230]  should_failslab+0x5/0x20
[ 2235.010980][T12230]  __kmalloc+0x51/0x2b0
[ 2235.015104][T12230]  sbitmap_queue_init_node+0x15e/0xf70
[ 2235.020532][T12230]  ? blk_mq_init_tags+0x74/0x290
[ 2235.025436][T12230]  blk_mq_init_tags+0xef/0x290
[ 2235.030168][T12230]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2235.035205][T12230]  blk_mq_alloc_rq_maps+0x100/0x650
[ 2235.040392][T12230]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2235.045565][T12230]  loop_add+0x22b/0x710
[ 2235.049694][T12230]  ? radix_tree_lookup+0x17a/0x1d0
[ 2235.054776][T12230]  loop_control_ioctl+0x564/0x740
[ 2235.059800][T12230]  ? loop_remove+0xa0/0xa0
[ 2235.064188][T12230]  ? __lru_cache_add+0x1bf/0x210
[ 2235.069106][T12230]  ? memset+0x1f/0x40
[ 2235.073062][T12230]  ? fsnotify+0x1332/0x13f0
[ 2235.077537][T12230]  ? loop_remove+0xa0/0xa0
[ 2235.081937][T12230]  do_vfs_ioctl+0x744/0x1730
[ 2235.086523][T12230]  ? selinux_file_ioctl+0x723/0x970
[ 2235.091695][T12230]  ? ioctl_preallocate+0x250/0x250
12:01:56 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 6)

[ 2235.096777][T12230]  ? __fget+0x40c/0x4a0
[ 2235.100918][T12230]  ? fget_many+0x20/0x20
[ 2235.105142][T12230]  ? check_preemption_disabled+0x154/0x330
[ 2235.110923][T12230]  ? debug_smp_processor_id+0x20/0x20
[ 2235.116267][T12230]  ? security_file_ioctl+0x9d/0xb0
[ 2235.121346][T12230]  __x64_sys_ioctl+0xd4/0x110
[ 2235.125995][T12230]  do_syscall_64+0xcb/0x1c0
[ 2235.130468][T12230]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2235.137086][T12230] blk-mq: reduced tag depth (128 -> 64)
12:01:56 executing program 0:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 32)
write$P9_RSETATTR(r0, &(0x7f0000000180)={0x7, 0x1b, 0x1}, 0x7) (async, rerun: 32)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:56 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x101481)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x10102, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x0, 0xa, 0x5, 0x9, "b8e21d33dd6d1bfd1e7405fe9d9454f8ef3daec648020c491d0ff3b4e7141218c22ca384239057b73cd42ee5e1897c61f52a1eed70f0b8137355d79ae4a77377", "eb8c0f8b4c93073db9e9fdbb046e09f603353a58466e7960faa84db9662737c3", [0x6, 0x9]})
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000100), 0x2, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x2, 0xa, 0x1, 0x8, "df65a710c4560dede1d39379b2322ce67c51827e16ba64e2d19e782a8591e1624f1656a7145a57904f95b4bf3042a8cf17e3aee01c96658172d7632345b5996a", "6c8920de357f92b0e49bbf3260ef7399d2d7423b5c54e898ef25cdd5c88226a2", [0x1, 0xff]})
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x101481) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x10102, 0x0) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x0, 0xa, 0x5, 0x9, "b8e21d33dd6d1bfd1e7405fe9d9454f8ef3daec648020c491d0ff3b4e7141218c22ca384239057b73cd42ee5e1897c61f52a1eed70f0b8137355d79ae4a77377", "eb8c0f8b4c93073db9e9fdbb046e09f603353a58466e7960faa84db9662737c3", [0x6, 0x9]}) (async)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000100), 0x2, 0x0) (async)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x2, 0xa, 0x1, 0x8, "df65a710c4560dede1d39379b2322ce67c51827e16ba64e2d19e782a8591e1624f1656a7145a57904f95b4bf3042a8cf17e3aee01c96658172d7632345b5996a", "6c8920de357f92b0e49bbf3260ef7399d2d7423b5c54e898ef25cdd5c88226a2", [0x1, 0xff]}) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x3) (async)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) (async)

12:01:56 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0xffffff7f00000000)

12:01:56 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:56 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0xffffffff00000000)

[ 2235.217930][T12254] FAULT_INJECTION: forcing a failure.
[ 2235.217930][T12254] name failslab, interval 1, probability 0, space 0, times 0
[ 2235.232674][T12254] CPU: 1 PID: 12254 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2235.242923][T12254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2235.252955][T12254] Call Trace:
[ 2235.256224][T12254]  dump_stack+0x1d8/0x241
[ 2235.260524][T12254]  ? panic+0x73e/0x73e
12:01:56 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x503202)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[ 2235.264560][T12254]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2235.270338][T12254]  ? pcpu_alloc_area+0x696/0x790
[ 2235.275245][T12254]  should_fail+0x709/0x870
[ 2235.279644][T12254]  ? setup_fault_attr+0x3d0/0x3d0
[ 2235.284661][T12254]  ? sbitmap_queue_init_node+0x69c/0xf70
[ 2235.290283][T12254]  should_failslab+0x5/0x20
[ 2235.294770][T12254]  kmem_cache_alloc_trace+0x28/0x240
[ 2235.300031][T12254]  sbitmap_queue_init_node+0x69c/0xf70
[ 2235.305459][T12254]  blk_mq_init_tags+0xef/0x290
[ 2235.310192][T12254]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2235.315185][T12254]  blk_mq_alloc_rq_maps+0x100/0x650
[ 2235.320350][T12254]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2235.325521][T12254]  loop_add+0x22b/0x710
[ 2235.329651][T12254]  ? radix_tree_lookup+0x17a/0x1d0
[ 2235.334741][T12254]  loop_control_ioctl+0x564/0x740
[ 2235.339734][T12254]  ? loop_remove+0xa0/0xa0
[ 2235.344119][T12254]  ? __lru_cache_add+0x1bf/0x210
[ 2235.349024][T12254]  ? memset+0x1f/0x40
[ 2235.352973][T12254]  ? fsnotify+0x1332/0x13f0
[ 2235.357442][T12254]  ? loop_remove+0xa0/0xa0
[ 2235.361825][T12254]  do_vfs_ioctl+0x744/0x1730
[ 2235.366387][T12254]  ? selinux_file_ioctl+0x723/0x970
[ 2235.371556][T12254]  ? ioctl_preallocate+0x250/0x250
[ 2235.376634][T12254]  ? __fget+0x40c/0x4a0
[ 2235.380764][T12254]  ? fget_many+0x20/0x20
[ 2235.384980][T12254]  ? check_preemption_disabled+0x154/0x330
[ 2235.390754][T12254]  ? debug_smp_processor_id+0x20/0x20
[ 2235.396094][T12254]  ? security_file_ioctl+0x9d/0xb0
[ 2235.401174][T12254]  __x64_sys_ioctl+0xd4/0x110
[ 2235.405826][T12254]  do_syscall_64+0xcb/0x1c0
[ 2235.410299][T12254]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:56 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 7)

[ 2235.417944][T12254] blk-mq: reduced tag depth (128 -> 64)
12:01:56 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x971\xd30\x18gm\xd9\xaa\x8ed\xbb\xbc\x0e\nB\xb8\xa9\xab\x94\x1b\xa7u\nP\xa2#\xfbO`8\xdal\xcc\xb2SP\xc0\x82\x99O<\xae.)\xbe\x83\x92\xa4\xeb\xc9|S\x1e1:\xf6\x83\xafxY\x97\xc3\xf3VO\x96\v\"\x82\xf3l\xe9\x10\x98\xf8\x94\xa6*\x8f\x8bC\xa0\xa0\xa4\x86]\xb6|\xb0r1+,b\x9aE%#\x00\xac\xb3v\x18\"e\xaa\xc1\xc83:\xe0\xe3:~\x98\x11\xf5\f*2I\xa34E\x97\xa24\x91\xd0\x19 \xef\x92\xa5+\xc5\xdc\x9d\xc9\xe2qX\x8a\x10R\xffz\xa9\xae\a\x05j\xed&\xe3\xc2\x80\x90<]K\xd1\x89'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000180))
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:56 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x6, 0x0)
write$P9_RXATTRCREATE(r3, &(0x7f00000001c0)={0x7, 0x21, 0x2}, 0x7)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:56 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x4502)

12:01:56 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async, rerun: 32)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x6, 0x0)
write$P9_RXATTRCREATE(r3, &(0x7f00000001c0)={0x7, 0x21, 0x2}, 0x7) (async, rerun: 32)
connect$inet6(r2, 0x0, 0x0) (rerun: 32)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:56 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async, rerun: 64)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x503202) (rerun: 64)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

12:01:56 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000880)={0x55, 0x7d, 0x2, {{0x0, 0x3b, 0x6, 0x6, {0x8, 0x4, 0x5}, 0x40c0000, 0x9, 0xb3c6, 0x45, 0x0, '', 0x1, '\x00', 0x0, '', 0x7, 'mangle\x00'}, 0x5, ':/-]&', 0xffffffffffffffff, 0x0, 0xee00}}, 0x55)
r2 = openat$incfs(r1, &(0x7f0000000000)='.log\x00', 0x14040, 0x4c)
openat$incfs(r2, &(0x7f0000000040)='.log\x00', 0xc00, 0x123)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000000c0)='./file0/file0\x00', r3, &(0x7f0000000840)='./file0\x00', 0x1)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x5f0, 0x400, 0x2d8, 0x0, 0xf8, 0x0, 0x520, 0x520, 0x520, 0x520, 0x520, 0x6, &(0x7f0000000140), {[{{@ipv6={@mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0x0, 0xff], [0xff000000, 0x0, 0xff000000, 0xff000000], 'veth1_virt_wifi\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x67, 0x7, 0x0, 0x40}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}, {0x0, 0x40}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0xb1, 0x3d}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8, @ipv6=@loopback, 0x4e22}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xff, 0xff000000, 0x7165347d0a4c1d1d, 0xff], [0xffffff00, 0x0, 0xff], 'batadv_slave_0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x29, 0x5, 0x0, 0x44}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@inet=@udplite={{0x30}, {[0x4e23, 0x4e24], [0x4e20, 0x4e22], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0xffff}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, [0xff, 0xffffffff, 0xff000000, 0xff], [0xffffffff, 0xffff00, 0xff000000], 'veth0_to_batadv\x00', 'vlan0\x00', {}, {}, 0x84, 0x5, 0x3, 0x65}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650)

[ 2235.480568][T12287] FAULT_INJECTION: forcing a failure.
[ 2235.480568][T12287] name failslab, interval 1, probability 0, space 0, times 0
[ 2235.497843][T12287] CPU: 0 PID: 12287 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2235.508354][T12287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2235.518409][T12287] Call Trace:
[ 2235.521677][T12287]  dump_stack+0x1d8/0x241
[ 2235.525978][T12287]  ? panic+0x73e/0x73e
[ 2235.530014][T12287]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2235.535792][T12287]  ? pcpu_alloc_area+0x696/0x790
[ 2235.540696][T12287]  should_fail+0x709/0x870
[ 2235.545080][T12287]  ? setup_fault_attr+0x3d0/0x3d0
[ 2235.550074][T12287]  ? sbitmap_queue_init_node+0x69c/0xf70
[ 2235.555675][T12287]  should_failslab+0x5/0x20
[ 2235.560146][T12287]  kmem_cache_alloc_trace+0x28/0x240
[ 2235.565398][T12287]  sbitmap_queue_init_node+0x69c/0xf70
[ 2235.570829][T12287]  blk_mq_init_tags+0x153/0x290
[ 2235.575646][T12287]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2235.580643][T12287]  blk_mq_alloc_rq_maps+0x100/0x650
[ 2235.585833][T12287]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2235.591024][T12287]  loop_add+0x22b/0x710
[ 2235.595160][T12287]  ? radix_tree_lookup+0x17a/0x1d0
[ 2235.600265][T12287]  loop_control_ioctl+0x564/0x740
[ 2235.605259][T12287]  ? loop_remove+0xa0/0xa0
[ 2235.609650][T12287]  ? __lru_cache_add+0x1bf/0x210
[ 2235.614558][T12287]  ? memset+0x1f/0x40
[ 2235.618510][T12287]  ? fsnotify+0x1332/0x13f0
[ 2235.622982][T12287]  ? loop_remove+0xa0/0xa0
[ 2235.627371][T12287]  do_vfs_ioctl+0x744/0x1730
[ 2235.631938][T12287]  ? selinux_file_ioctl+0x723/0x970
[ 2235.637102][T12287]  ? ioctl_preallocate+0x250/0x250
[ 2235.642180][T12287]  ? __fget+0x40c/0x4a0
[ 2235.646307][T12287]  ? fget_many+0x20/0x20
[ 2235.650519][T12287]  ? check_preemption_disabled+0x154/0x330
[ 2235.656292][T12287]  ? debug_smp_processor_id+0x20/0x20
[ 2235.661632][T12287]  ? security_file_ioctl+0x9d/0xb0
[ 2235.666714][T12287]  __x64_sys_ioctl+0xd4/0x110
[ 2235.671360][T12287]  do_syscall_64+0xcb/0x1c0
12:01:57 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x4502)

12:01:57 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 8)

[ 2235.675836][T12287]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2235.682968][T12287] blk-mq: reduced tag depth (128 -> 64)
12:01:57 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffcc57, 0x60000)

12:01:57 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000880)={0x55, 0x7d, 0x2, {{0x0, 0x3b, 0x6, 0x6, {0x8, 0x4, 0x5}, 0x40c0000, 0x9, 0xb3c6, 0x45, 0x0, '', 0x1, '\x00', 0x0, '', 0x7, 'mangle\x00'}, 0x5, ':/-]&', 0xffffffffffffffff, 0x0, 0xee00}}, 0x55)
r2 = openat$incfs(r1, &(0x7f0000000000)='.log\x00', 0x14040, 0x4c)
openat$incfs(r2, &(0x7f0000000040)='.log\x00', 0xc00, 0x123)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000000c0)='./file0/file0\x00', r3, &(0x7f0000000840)='./file0\x00', 0x1)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x5f0, 0x400, 0x2d8, 0x0, 0xf8, 0x0, 0x520, 0x520, 0x520, 0x520, 0x520, 0x6, &(0x7f0000000140), {[{{@ipv6={@mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0x0, 0xff], [0xff000000, 0x0, 0xff000000, 0xff000000], 'veth1_virt_wifi\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x67, 0x7, 0x0, 0x40}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}, {0x0, 0x40}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0xb1, 0x3d}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8, @ipv6=@loopback, 0x4e22}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xff, 0xff000000, 0x7165347d0a4c1d1d, 0xff], [0xffffff00, 0x0, 0xff], 'batadv_slave_0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x29, 0x5, 0x0, 0x44}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@inet=@udplite={{0x30}, {[0x4e23, 0x4e24], [0x4e20, 0x4e22], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0xffff}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, [0xff, 0xffffffff, 0xff000000, 0xff], [0xffffffff, 0xffff00, 0xff000000], 'veth0_to_batadv\x00', 'vlan0\x00', {}, {}, 0x84, 0x5, 0x3, 0x65}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RSTATu(r1, &(0x7f0000000880)={0x55, 0x7d, 0x2, {{0x0, 0x3b, 0x6, 0x6, {0x8, 0x4, 0x5}, 0x40c0000, 0x9, 0xb3c6, 0x45, 0x0, '', 0x1, '\x00', 0x0, '', 0x7, 'mangle\x00'}, 0x5, ':/-]&', 0xffffffffffffffff, 0x0, 0xee00}}, 0x55) (async)
openat$incfs(r1, &(0x7f0000000000)='.log\x00', 0x14040, 0x4c) (async)
openat$incfs(r2, &(0x7f0000000040)='.log\x00', 0xc00, 0x123) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
renameat2(r1, &(0x7f00000000c0)='./file0/file0\x00', r3, &(0x7f0000000840)='./file0\x00', 0x1) (async)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x5f0, 0x400, 0x2d8, 0x0, 0xf8, 0x0, 0x520, 0x520, 0x520, 0x520, 0x520, 0x6, &(0x7f0000000140), {[{{@ipv6={@mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0x0, 0xff], [0xff000000, 0x0, 0xff000000, 0xff000000], 'veth1_virt_wifi\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x67, 0x7, 0x0, 0x40}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}, {0x0, 0x40}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0xb1, 0x3d}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8, @ipv6=@loopback, 0x4e22}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xff, 0xff000000, 0x7165347d0a4c1d1d, 0xff], [0xffffff00, 0x0, 0xff], 'batadv_slave_0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x29, 0x5, 0x0, 0x44}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@inet=@udplite={{0x30}, {[0x4e23, 0x4e24], [0x4e20, 0x4e22], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0xffff}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, [0xff, 0xffffffff, 0xff000000, 0xff], [0xffffffff, 0xffff00, 0xff000000], 'veth0_to_batadv\x00', 'vlan0\x00', {}, {}, 0x84, 0x5, 0x3, 0x65}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650) (async)

12:01:57 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x6, 0x0)
write$P9_RXATTRCREATE(r3, &(0x7f00000001c0)={0x7, 0x21, 0x2}, 0x7)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000180), 0x6, 0x0) (async)
write$P9_RXATTRCREATE(r3, &(0x7f00000001c0)={0x7, 0x21, 0x2}, 0x7) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:01:57 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async, rerun: 32)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffcc57, 0x60000)

12:01:57 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x4502)

12:01:57 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RSTATu(r1, &(0x7f0000000880)={0x55, 0x7d, 0x2, {{0x0, 0x3b, 0x6, 0x6, {0x8, 0x4, 0x5}, 0x40c0000, 0x9, 0xb3c6, 0x45, 0x0, '', 0x1, '\x00', 0x0, '', 0x7, 'mangle\x00'}, 0x5, ':/-]&', 0xffffffffffffffff, 0x0, 0xee00}}, 0x55) (async)
r2 = openat$incfs(r1, &(0x7f0000000000)='.log\x00', 0x14040, 0x4c)
openat$incfs(r2, &(0x7f0000000040)='.log\x00', 0xc00, 0x123) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000000c0)='./file0/file0\x00', r3, &(0x7f0000000840)='./file0\x00', 0x1) (async)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x5f0, 0x400, 0x2d8, 0x0, 0xf8, 0x0, 0x520, 0x520, 0x520, 0x520, 0x520, 0x6, &(0x7f0000000140), {[{{@ipv6={@mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0x0, 0xff], [0xff000000, 0x0, 0xff000000, 0xff000000], 'veth1_virt_wifi\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x67, 0x7, 0x0, 0x40}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}, {0x0, 0x40}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0xb1, 0x3d}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8, @ipv6=@loopback, 0x4e22}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xff, 0xff000000, 0x7165347d0a4c1d1d, 0xff], [0xffffff00, 0x0, 0xff], 'batadv_slave_0\x00', 'veth1_to_batadv\x00', {0xff}, {}, 0x29, 0x5, 0x0, 0x44}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@inet=@udplite={{0x30}, {[0x4e23, 0x4e24], [0x4e20, 0x4e22], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x9, 0xffff}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, [0xff, 0xffffffff, 0xff000000, 0xff], [0xffffffff, 0xffff00, 0xff000000], 'veth0_to_batadv\x00', 'vlan0\x00', {}, {}, 0x84, 0x5, 0x3, 0x65}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650)

[ 2235.762324][T12307] FAULT_INJECTION: forcing a failure.
[ 2235.762324][T12307] name failslab, interval 1, probability 0, space 0, times 0
[ 2235.781224][T12307] CPU: 0 PID: 12307 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2235.791462][T12307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2235.801496][T12307] Call Trace:
[ 2235.804765][T12307]  dump_stack+0x1d8/0x241
12:01:57 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@dev, @in6=@private2}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000300)=0xe8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x3ff)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x9, 0x5, 0x5, 0x20, r4, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x9}, 0x48)

[ 2235.809070][T12307]  ? panic+0x73e/0x73e
[ 2235.813106][T12307]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2235.818879][T12307]  should_fail+0x709/0x870
[ 2235.823264][T12307]  ? setup_fault_attr+0x3d0/0x3d0
[ 2235.828283][T12307]  ? sbitmap_queue_init_node+0xb3d/0xf70
[ 2235.833918][T12307]  ? blk_mq_alloc_rq_map+0xb3/0x1a0
[ 2235.839111][T12307]  should_failslab+0x5/0x20
[ 2235.843611][T12307]  __kmalloc+0x51/0x2b0
[ 2235.847768][T12307]  blk_mq_alloc_rq_map+0xb3/0x1a0
[ 2235.852784][T12307]  blk_mq_alloc_rq_maps+0x100/0x650
[ 2235.857953][T12307]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2235.863121][T12307]  loop_add+0x22b/0x710
[ 2235.867245][T12307]  ? radix_tree_lookup+0x17a/0x1d0
[ 2235.872325][T12307]  loop_control_ioctl+0x564/0x740
[ 2235.877319][T12307]  ? loop_remove+0xa0/0xa0
[ 2235.881704][T12307]  ? __lru_cache_add+0x1bf/0x210
[ 2235.886611][T12307]  ? memset+0x1f/0x40
[ 2235.890561][T12307]  ? fsnotify+0x1332/0x13f0
[ 2235.895030][T12307]  ? loop_remove+0xa0/0xa0
[ 2235.899589][T12307]  do_vfs_ioctl+0x744/0x1730
[ 2235.904158][T12307]  ? selinux_file_ioctl+0x723/0x970
12:01:57 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x503202)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x1, 0x503202) (async)
ioctl$LOOP_CLR_FD(r0, 0x4c01) (async)

12:01:57 executing program 5:
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:57 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 9)

12:01:57 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)

[ 2235.909332][T12307]  ? ioctl_preallocate+0x250/0x250
[ 2235.914414][T12307]  ? __fget+0x40c/0x4a0
[ 2235.918540][T12307]  ? fget_many+0x20/0x20
[ 2235.922750][T12307]  ? check_preemption_disabled+0x154/0x330
[ 2235.928527][T12307]  ? debug_smp_processor_id+0x20/0x20
[ 2235.933869][T12307]  ? security_file_ioctl+0x9d/0xb0
[ 2235.938952][T12307]  __x64_sys_ioctl+0xd4/0x110
[ 2235.943601][T12307]  do_syscall_64+0xcb/0x1c0
[ 2235.948074][T12307]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2235.956764][T12307] blk-mq: reduced tag depth (128 -> 64)
12:01:57 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@dev, @in6=@private2}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000300)=0xe8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x3ff)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x9, 0x5, 0x5, 0x20, r4, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x9}, 0x48)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@dev, @in6=@private2}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000300)=0xe8) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
socket$inet6(0xa, 0x3, 0x3ff) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x9, 0x5, 0x5, 0x20, r4, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x9}, 0x48) (async)

12:01:57 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffcc57, 0x60000)

12:01:57 executing program 5:
prctl$PR_SET_THP_DISABLE(0x29, 0x1) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (rerun: 64)

12:01:57 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x66, 0x9, 0x1c, 0x8, "510bd27a9c4e1533608cf6512a4355b78f5fcefc5828c8089f2949178e49de82063cc71731bb3a9e42e540d624d858c5f503a0d50ce5d360864138496a070231", "cf5f7f179daa13e38a760a30533fe8288259a2afd9ca3f487ee10e0d42990142", [0x6, 0xd8fd]})

12:01:57 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
socket$igmp6(0xa, 0x3, 0x2) (async)

[ 2236.057871][T12351] FAULT_INJECTION: forcing a failure.
[ 2236.057871][T12351] name failslab, interval 1, probability 0, space 0, times 0
[ 2236.071306][T12351] CPU: 1 PID: 12351 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2236.081551][T12351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2236.091586][T12351] Call Trace:
[ 2236.094856][T12351]  dump_stack+0x1d8/0x241
[ 2236.099153][T12351]  ? panic+0x73e/0x73e
[ 2236.103188][T12351]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2236.108965][T12351]  should_fail+0x709/0x870
[ 2236.113351][T12351]  ? setup_fault_attr+0x3d0/0x3d0
[ 2236.118342][T12351]  ? blk_mq_alloc_rq_map+0xe9/0x1a0
[ 2236.123516][T12351]  should_failslab+0x5/0x20
[ 2236.127995][T12351]  __kmalloc+0x51/0x2b0
[ 2236.132128][T12351]  ? blk_mq_alloc_rq_map+0xb3/0x1a0
[ 2236.137349][T12351]  blk_mq_alloc_rq_map+0xe9/0x1a0
[ 2236.142363][T12351]  blk_mq_alloc_rq_maps+0x100/0x650
[ 2236.147537][T12351]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2236.152707][T12351]  loop_add+0x22b/0x710
[ 2236.156832][T12351]  ? radix_tree_lookup+0x17a/0x1d0
[ 2236.161917][T12351]  loop_control_ioctl+0x564/0x740
[ 2236.166914][T12351]  ? loop_remove+0xa0/0xa0
[ 2236.171298][T12351]  ? __lru_cache_add+0x1bf/0x210
[ 2236.176201][T12351]  ? memset+0x1f/0x40
[ 2236.180150][T12351]  ? fsnotify+0x1332/0x13f0
[ 2236.184621][T12351]  ? loop_remove+0xa0/0xa0
[ 2236.189132][T12351]  do_vfs_ioctl+0x744/0x1730
[ 2236.193708][T12351]  ? selinux_file_ioctl+0x723/0x970
[ 2236.198890][T12351]  ? ioctl_preallocate+0x250/0x250
[ 2236.204119][T12351]  ? __fget+0x40c/0x4a0
12:01:57 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async, rerun: 32)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in=@dev, @in6=@private2}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000300)=0xe8) (async, rerun: 32)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async, rerun: 32)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r4, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x3ff) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x9, 0x5, 0x5, 0x20, r4, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x9}, 0x48)

12:01:57 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 10)

[ 2236.208260][T12351]  ? fget_many+0x20/0x20
[ 2236.212502][T12351]  ? check_preemption_disabled+0x154/0x330
[ 2236.218282][T12351]  ? debug_smp_processor_id+0x20/0x20
[ 2236.223629][T12351]  ? security_file_ioctl+0x9d/0xb0
[ 2236.228711][T12351]  __x64_sys_ioctl+0xd4/0x110
[ 2236.233362][T12351]  do_syscall_64+0xcb/0x1c0
[ 2236.237836][T12351]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2236.244990][T12351] blk-mq: reduced tag depth (128 -> 64)
12:01:57 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000)=[&(0x7f0000000080)='\x00', &(0x7f00000000c0)='-@\xa3/\xa7\x00P\x03\xcc\xe1[tK\xa0\x12\xc8Hs\xe3\xa3\xffU0\xa9\xbc\x9c', &(0x7f0000000180)='$\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3/\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
mknodat(r1, &(0x7f00000001c0)='./file0\x00', 0xed31538783ee8b9e, 0x0)

12:01:57 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)

12:01:57 executing program 5:
prctl$PR_SET_THP_DISABLE(0x29, 0x1) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:01:57 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000)=[&(0x7f0000000080)='\x00', &(0x7f00000000c0)='-@\xa3/\xa7\x00P\x03\xcc\xe1[tK\xa0\x12\xc8Hs\xe3\xa3\xffU0\xa9\xbc\x9c', &(0x7f0000000180)='$\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3/\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
mknodat(r1, &(0x7f00000001c0)='./file0\x00', 0xed31538783ee8b9e, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000)=[&(0x7f0000000080)='\x00', &(0x7f00000000c0)='-@\xa3/\xa7\x00P\x03\xcc\xe1[tK\xa0\x12\xc8Hs\xe3\xa3\xffU0\xa9\xbc\x9c', &(0x7f0000000180)='$\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3/\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
mknodat(r1, &(0x7f00000001c0)='./file0\x00', 0xed31538783ee8b9e, 0x0) (async)

12:01:57 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
connect$inet6(r2, 0x0, 0xfffffda0)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000200)=&(0x7f00000001c0))
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
write$P9_RATTACH(r4, &(0x7f0000000180)={0x14, 0x69, 0x1, {0x80, 0x3, 0x6}}, 0x14)
getgid()

12:01:57 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x66, 0x9, 0x1c, 0x8, "510bd27a9c4e1533608cf6512a4355b78f5fcefc5828c8089f2949178e49de82063cc71731bb3a9e42e540d624d858c5f503a0d50ce5d360864138496a070231", "cf5f7f179daa13e38a760a30533fe8288259a2afd9ca3f487ee10e0d42990142", [0x6, 0xd8fd]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
ioctl$LOOP_CLR_FD(r0, 0x4c01) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x66, 0x9, 0x1c, 0x8, "510bd27a9c4e1533608cf6512a4355b78f5fcefc5828c8089f2949178e49de82063cc71731bb3a9e42e540d624d858c5f503a0d50ce5d360864138496a070231", "cf5f7f179daa13e38a760a30533fe8288259a2afd9ca3f487ee10e0d42990142", [0x6, 0xd8fd]}) (async)

[ 2236.337603][T12390] FAULT_INJECTION: forcing a failure.
[ 2236.337603][T12390] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2236.353732][T12390] CPU: 1 PID: 12390 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2236.363945][T12390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2236.373976][T12390] Call Trace:
[ 2236.377251][T12390]  dump_stack+0x1d8/0x241
[ 2236.381551][T12390]  ? panic+0x73e/0x73e
[ 2236.385591][T12390]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2236.391370][T12390]  ? blk_mq_alloc_rq_map+0x93/0x1a0
[ 2236.396539][T12390]  should_fail+0x709/0x870
[ 2236.400924][T12390]  ? setup_fault_attr+0x3d0/0x3d0
[ 2236.405921][T12390]  ? blk_mq_alloc_rq_map+0xe9/0x1a0
[ 2236.411088][T12390]  ? blk_mq_alloc_rq_maps+0x100/0x650
[ 2236.416425][T12390]  ? blk_mq_alloc_tag_set+0x50e/0x890
[ 2236.421765][T12390]  ? loop_add+0x22b/0x710
[ 2236.426063][T12390]  ? loop_control_ioctl+0x564/0x740
[ 2236.431236][T12390]  ? __x64_sys_ioctl+0xd4/0x110
[ 2236.436054][T12390]  ? do_syscall_64+0xcb/0x1c0
[ 2236.440706][T12390]  __alloc_pages_nodemask+0x1b6/0x860
[ 2236.446052][T12390]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 2236.451564][T12390]  ? find_next_bit+0xe5/0x110
[ 2236.456209][T12390]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[ 2236.461721][T12390]  blk_mq_alloc_rqs+0x252/0x6d0
[ 2236.466540][T12390]  blk_mq_alloc_rq_maps+0x194/0x650
[ 2236.471707][T12390]  blk_mq_alloc_tag_set+0x50e/0x890
[ 2236.476876][T12390]  loop_add+0x22b/0x710
[ 2236.481000][T12390]  ? radix_tree_lookup+0x17a/0x1d0
[ 2236.486084][T12390]  loop_control_ioctl+0x564/0x740
[ 2236.491078][T12390]  ? loop_remove+0xa0/0xa0
[ 2236.495464][T12390]  ? __lru_cache_add+0x1bf/0x210
[ 2236.500370][T12390]  ? memset+0x1f/0x40
[ 2236.504318][T12390]  ? fsnotify+0x1332/0x13f0
[ 2236.508788][T12390]  ? loop_remove+0xa0/0xa0
[ 2236.513170][T12390]  do_vfs_ioctl+0x744/0x1730
[ 2236.517741][T12390]  ? selinux_file_ioctl+0x723/0x970
[ 2236.522908][T12390]  ? ioctl_preallocate+0x250/0x250
[ 2236.527987][T12390]  ? __fget+0x40c/0x4a0
[ 2236.532112][T12390]  ? fget_many+0x20/0x20
12:01:57 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r0, 0x4008af75, &(0x7f0000000040)={0x1, 0x9})

12:01:57 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 11)

12:01:57 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:01:57 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x66, 0x9, 0x1c, 0x8, "510bd27a9c4e1533608cf6512a4355b78f5fcefc5828c8089f2949178e49de82063cc71731bb3a9e42e540d624d858c5f503a0d50ce5d360864138496a070231", "cf5f7f179daa13e38a760a30533fe8288259a2afd9ca3f487ee10e0d42990142", [0x6, 0xd8fd]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
ioctl$LOOP_CLR_FD(r0, 0x4c01) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x66, 0x9, 0x1c, 0x8, "510bd27a9c4e1533608cf6512a4355b78f5fcefc5828c8089f2949178e49de82063cc71731bb3a9e42e540d624d858c5f503a0d50ce5d360864138496a070231", "cf5f7f179daa13e38a760a30533fe8288259a2afd9ca3f487ee10e0d42990142", [0x6, 0xd8fd]}) (async)

[ 2236.536326][T12390]  ? check_preemption_disabled+0x154/0x330
[ 2236.542110][T12390]  ? debug_smp_processor_id+0x20/0x20
[ 2236.547461][T12390]  ? security_file_ioctl+0x9d/0xb0
[ 2236.552539][T12390]  __x64_sys_ioctl+0xd4/0x110
[ 2236.557184][T12390]  do_syscall_64+0xcb/0x1c0
[ 2236.561656][T12390]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:57 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
connect$inet6(r2, 0x0, 0xfffffda0)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000200)=&(0x7f00000001c0))
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
write$P9_RATTACH(r4, &(0x7f0000000180)={0x14, 0x69, 0x1, {0x80, 0x3, 0x6}}, 0x14)
getgid()
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0xfffffda0) (async)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000200)=&(0x7f00000001c0)) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
write$P9_RATTACH(r4, &(0x7f0000000180)={0x14, 0x69, 0x1, {0x80, 0x3, 0x6}}, 0x14) (async)
getgid() (async)

12:01:57 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000)=[&(0x7f0000000080)='\x00', &(0x7f00000000c0)='-@\xa3/\xa7\x00P\x03\xcc\xe1[tK\xa0\x12\xc8Hs\xe3\xa3\xffU0\xa9\xbc\x9c', &(0x7f0000000180)='$\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3/\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
mknodat(r1, &(0x7f00000001c0)='./file0\x00', 0xed31538783ee8b9e, 0x0)

12:01:57 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

12:01:58 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r0, 0x4008af75, &(0x7f0000000040)={0x1, 0x9})

[ 2236.654342][T12419] FAULT_INJECTION: forcing a failure.
[ 2236.654342][T12419] name failslab, interval 1, probability 0, space 0, times 0
[ 2236.671774][T12419] CPU: 0 PID: 12419 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2236.682035][T12419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2236.692071][T12419] Call Trace:
[ 2236.695339][T12419]  dump_stack+0x1d8/0x241
[ 2236.699637][T12419]  ? panic+0x73e/0x73e
[ 2236.703673][T12419]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2236.709465][T12419]  ? find_next_bit+0xe5/0x110
[ 2236.714112][T12419]  ? memset+0x1f/0x40
[ 2236.718069][T12419]  should_fail+0x709/0x870
[ 2236.722455][T12419]  ? blk_mq_alloc_rqs+0x664/0x6d0
[ 2236.727446][T12419]  ? setup_fault_attr+0x3d0/0x3d0
[ 2236.732441][T12419]  ? blk_mq_alloc_rq_maps+0x5ac/0x650
[ 2236.737845][T12419]  ? blk_alloc_queue_node+0x2c/0x580
[ 2236.743109][T12419]  should_failslab+0x5/0x20
[ 2236.747585][T12419]  kmem_cache_alloc+0x24/0x210
[ 2236.752318][T12419]  blk_alloc_queue_node+0x2c/0x580
[ 2236.757401][T12419]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2236.762739][T12419]  blk_mq_init_queue+0x33/0xa0
[ 2236.767472][T12419]  loop_add+0x256/0x710
[ 2236.771596][T12419]  ? radix_tree_lookup+0x17a/0x1d0
[ 2236.776675][T12419]  loop_control_ioctl+0x564/0x740
[ 2236.781677][T12419]  ? loop_remove+0xa0/0xa0
[ 2236.786073][T12419]  ? __lru_cache_add+0x1bf/0x210
[ 2236.790978][T12419]  ? memset+0x1f/0x40
[ 2236.794929][T12419]  ? fsnotify+0x1332/0x13f0
[ 2236.799397][T12419]  ? loop_remove+0xa0/0xa0
[ 2236.803779][T12419]  do_vfs_ioctl+0x744/0x1730
[ 2236.808340][T12419]  ? selinux_file_ioctl+0x723/0x970
[ 2236.813505][T12419]  ? ioctl_preallocate+0x250/0x250
[ 2236.818592][T12419]  ? __fget+0x40c/0x4a0
[ 2236.822720][T12419]  ? fget_many+0x20/0x20
[ 2236.826934][T12419]  ? check_preemption_disabled+0x154/0x330
[ 2236.832709][T12419]  ? debug_smp_processor_id+0x20/0x20
[ 2236.838052][T12419]  ? security_file_ioctl+0x9d/0xb0
[ 2236.843132][T12419]  __x64_sys_ioctl+0xd4/0x110
[ 2236.847783][T12419]  do_syscall_64+0xcb/0x1c0
12:01:58 executing program 1:
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x12)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x248400, 0x101)
connect$inet6(r1, 0x0, 0x0)
write$P9_RLERRORu(r0, &(0x7f0000000040)={0x16, 0x7, 0x1, {{0x9, '(-(\\!{.+*'}, 0x6}}, 0x16)

12:01:58 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 12)

12:01:58 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r0, 0x4008af75, &(0x7f0000000040)={0x1, 0x9})

[ 2236.852263][T12419]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:58 executing program 1:
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x12) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x248400, 0x101)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RLERRORu(r0, &(0x7f0000000040)={0x16, 0x7, 0x1, {{0x9, '(-(\\!{.+*'}, 0x6}}, 0x16)

12:01:58 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0xee00, 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
connect$inet6(r2, 0x0, 0xfffffda0) (async)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000200)=&(0x7f00000001c0))
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
write$P9_RATTACH(r4, &(0x7f0000000180)={0x14, 0x69, 0x1, {0x80, 0x3, 0x6}}, 0x14) (async)
getgid()

12:01:58 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r0)

12:01:58 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

[ 2236.879695][T12445] FAULT_INJECTION: forcing a failure.
[ 2236.879695][T12445] name failslab, interval 1, probability 0, space 0, times 0
[ 2236.892661][T12445] CPU: 0 PID: 12445 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2236.902890][T12445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2236.912930][T12445] Call Trace:
[ 2236.916198][T12445]  dump_stack+0x1d8/0x241
[ 2236.920504][T12445]  ? panic+0x73e/0x73e
[ 2236.924542][T12445]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2236.930315][T12445]  should_fail+0x709/0x870
[ 2236.934732][T12445]  ? setup_fault_attr+0x3d0/0x3d0
[ 2236.939745][T12445]  ? mempool_init_node+0x131/0x500
[ 2236.944823][T12445]  should_failslab+0x5/0x20
[ 2236.949292][T12445]  __kmalloc+0x51/0x2b0
[ 2236.953424][T12445]  mempool_init_node+0x131/0x500
[ 2236.958341][T12445]  ? mempool_free+0x380/0x380
[ 2236.962984][T12445]  ? mempool_alloc_slab+0x20/0x20
[ 2236.967977][T12445]  mempool_init+0x35/0x50
[ 2236.972290][T12445]  bioset_init+0x41a/0x620
[ 2236.976675][T12445]  blk_alloc_queue_node+0xc4/0x580
[ 2236.981756][T12445]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2236.987098][T12445]  blk_mq_init_queue+0x33/0xa0
[ 2236.991839][T12445]  loop_add+0x256/0x710
[ 2236.995965][T12445]  ? radix_tree_lookup+0x17a/0x1d0
[ 2237.001046][T12445]  loop_control_ioctl+0x564/0x740
[ 2237.006039][T12445]  ? loop_remove+0xa0/0xa0
[ 2237.010423][T12445]  ? __lru_cache_add+0x1bf/0x210
[ 2237.015332][T12445]  ? memset+0x1f/0x40
[ 2237.019295][T12445]  ? fsnotify+0x1332/0x13f0
[ 2237.023778][T12445]  ? loop_remove+0xa0/0xa0
[ 2237.028170][T12445]  do_vfs_ioctl+0x744/0x1730
[ 2237.032730][T12445]  ? selinux_file_ioctl+0x723/0x970
[ 2237.037897][T12445]  ? ioctl_preallocate+0x250/0x250
[ 2237.042983][T12445]  ? __fget+0x40c/0x4a0
[ 2237.047110][T12445]  ? fget_many+0x20/0x20
[ 2237.051328][T12445]  ? check_preemption_disabled+0x154/0x330
[ 2237.057105][T12445]  ? debug_smp_processor_id+0x20/0x20
[ 2237.062446][T12445]  ? security_file_ioctl+0x9d/0xb0
[ 2237.067538][T12445]  __x64_sys_ioctl+0xd4/0x110
[ 2237.072200][T12445]  do_syscall_64+0xcb/0x1c0
12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x4040, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0xaf02, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f0000000200))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="9e127c614126f098aaa8e393552ec7edd81b9500"/34, &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = syz_open_dev$vcsu(&(0x7f0000000040), 0x5, 0x80000)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x88480, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r5, 0x8008551c, &(0x7f0000000340)={0xb7c, 0x14, [{0x3}, {0xf, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0x7}, {0xb}, {}, {0xf, 0x1}, {0x7, 0x1}, {0xf, 0x1}, {0x5}, {0x9, 0x1}, {0x4}, {0x6}, {0x9}, {0x2, 0x1}, {0x1, 0x1}, {0x2}, {0xc, 0x1}, {0x6}]})
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000380)=0x1)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r4, 0x4004af77, &(0x7f0000000180)=0x4b6)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000240)={'filter\x00', 0x0, [0x7, 0x3, 0x1d1, 0x401, 0x1]}, &(0x7f00000002c0)=0x54)

12:01:58 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 13)

12:01:58 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r0)

12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x4040, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0xaf02, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f0000000200))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async, rerun: 32)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="9e127c614126f098aaa8e393552ec7edd81b9500"/34, &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (rerun: 32)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = syz_open_dev$vcsu(&(0x7f0000000040), 0x5, 0x80000)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x88480, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r5, 0x8008551c, &(0x7f0000000340)={0xb7c, 0x14, [{0x3}, {0xf, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0x7}, {0xb}, {}, {0xf, 0x1}, {0x7, 0x1}, {0xf, 0x1}, {0x5}, {0x9, 0x1}, {0x4}, {0x6}, {0x9}, {0x2, 0x1}, {0x1, 0x1}, {0x2}, {0xc, 0x1}, {0x6}]}) (async, rerun: 64)
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000380)=0x1) (rerun: 64)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r4, 0x4004af77, &(0x7f0000000180)=0x4b6) (async)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000240)={'filter\x00', 0x0, [0x7, 0x3, 0x1d1, 0x401, 0x1]}, &(0x7f00000002c0)=0x54)

12:01:58 executing program 1:
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x12) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x248400, 0x101)
connect$inet6(r1, 0x0, 0x0)
write$P9_RLERRORu(r0, &(0x7f0000000040)={0x16, 0x7, 0x1, {{0x9, '(-(\\!{.+*'}, 0x6}}, 0x16)

[ 2237.076681][T12445]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x4040, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0xaf02, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f0000000200))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="9e127c614126f098aaa8e393552ec7edd81b9500"/34, &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = syz_open_dev$vcsu(&(0x7f0000000040), 0x5, 0x80000) (async)
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x88480, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r5, 0x8008551c, &(0x7f0000000340)={0xb7c, 0x14, [{0x3}, {0xf, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0x7}, {0xb}, {}, {0xf, 0x1}, {0x7, 0x1}, {0xf, 0x1}, {0x5}, {0x9, 0x1}, {0x4}, {0x6}, {0x9}, {0x2, 0x1}, {0x1, 0x1}, {0x2}, {0xc, 0x1}, {0x6}]}) (async)
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000380)=0x1) (async, rerun: 64)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r4, 0x4004af77, &(0x7f0000000180)=0x4b6) (async, rerun: 64)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000240)={'filter\x00', 0x0, [0x7, 0x3, 0x1d1, 0x401, 0x1]}, &(0x7f00000002c0)=0x54)

12:01:58 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r0)

12:01:58 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0xee00, 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:58 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0xc80, 0x0)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000000c0)=0x1, 0x4)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x4c)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f00000002c0)={'HL\x00'}, &(0x7f0000000300)=0x1e)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r5 = openat$incfs(0xffffffffffffffff, &(0x7f00000001c0)='.pending_reads\x00', 0x4000, 0x163)
write$P9_RRENAMEAT(r5, &(0x7f0000000200)={0x7, 0x4b, 0x1}, 0x7)
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x7, 0x2, {0x1f, '/sys/kernel/debug/binder/stats\x00'}}, 0x28)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r5, 0x5521)
fchmodat(r4, &(0x7f0000000180)='./file0\x00', 0xa6)
connect$inet6(r3, 0x0, 0x0)
accept$inet6(r3, &(0x7f0000000100), &(0x7f0000000140)=0x1c)

[ 2237.117259][T12475] FAULT_INJECTION: forcing a failure.
[ 2237.117259][T12475] name failslab, interval 1, probability 0, space 0, times 0
[ 2237.135065][T12475] CPU: 0 PID: 12475 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2237.145317][T12475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2237.155350][T12475] Call Trace:
[ 2237.158620][T12475]  dump_stack+0x1d8/0x241
[ 2237.162918][T12475]  ? panic+0x73e/0x73e
[ 2237.166960][T12475]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2237.172743][T12475]  should_fail+0x709/0x870
[ 2237.177124][T12475]  ? setup_fault_attr+0x3d0/0x3d0
[ 2237.182121][T12475]  ? mempool_init_node+0x1f6/0x500
[ 2237.187198][T12475]  should_failslab+0x5/0x20
[ 2237.191671][T12475]  kmem_cache_alloc+0x24/0x210
[ 2237.196400][T12475]  ? mempool_free+0x380/0x380
[ 2237.201055][T12475]  mempool_init_node+0x1f6/0x500
[ 2237.205969][T12475]  ? mempool_free+0x380/0x380
[ 2237.210621][T12475]  ? mempool_alloc_slab+0x20/0x20
[ 2237.215623][T12475]  mempool_init+0x35/0x50
[ 2237.219928][T12475]  bioset_init+0x41a/0x620
[ 2237.224326][T12475]  blk_alloc_queue_node+0xc4/0x580
[ 2237.229418][T12475]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2237.234763][T12475]  blk_mq_init_queue+0x33/0xa0
[ 2237.239499][T12475]  loop_add+0x256/0x710
[ 2237.243652][T12475]  ? radix_tree_lookup+0x17a/0x1d0
[ 2237.248735][T12475]  loop_control_ioctl+0x564/0x740
[ 2237.253726][T12475]  ? loop_remove+0xa0/0xa0
[ 2237.258128][T12475]  ? __lru_cache_add+0x1bf/0x210
[ 2237.263036][T12475]  ? memset+0x1f/0x40
[ 2237.266994][T12475]  ? fsnotify+0x1332/0x13f0
[ 2237.271466][T12475]  ? loop_remove+0xa0/0xa0
[ 2237.275852][T12475]  do_vfs_ioctl+0x744/0x1730
[ 2237.280411][T12475]  ? selinux_file_ioctl+0x723/0x970
[ 2237.285574][T12475]  ? ioctl_preallocate+0x250/0x250
[ 2237.290655][T12475]  ? __fget+0x40c/0x4a0
[ 2237.294778][T12475]  ? fget_many+0x20/0x20
[ 2237.298988][T12475]  ? check_preemption_disabled+0x154/0x330
[ 2237.304759][T12475]  ? debug_smp_processor_id+0x20/0x20
[ 2237.310098][T12475]  ? security_file_ioctl+0x9d/0xb0
12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x4, 0x2, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x805, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
getdents(r2, &(0x7f0000000200)=""/137, 0x89)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
write$P9_RWALK(r3, &(0x7f0000000180)={0x71, 0x6f, 0x2, {0x8, [{0x80, 0x0, 0x8}, {0x4, 0x4, 0x8}, {0x40, 0x0, 0x7}, {0x0, 0x0, 0x50}, {0x74, 0x0, 0x4}, {0x80, 0x1, 0x4}, {}, {0x1, 0x1, 0x3}]}}, 0x71)

12:01:58 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0xc80, 0x0)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000000c0)=0x1, 0x4)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x4c)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f00000002c0)={'HL\x00'}, &(0x7f0000000300)=0x1e)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r5 = openat$incfs(0xffffffffffffffff, &(0x7f00000001c0)='.pending_reads\x00', 0x4000, 0x163)
write$P9_RRENAMEAT(r5, &(0x7f0000000200)={0x7, 0x4b, 0x1}, 0x7)
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x7, 0x2, {0x1f, '/sys/kernel/debug/binder/stats\x00'}}, 0x28)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r5, 0x5521)
fchmodat(r4, &(0x7f0000000180)='./file0\x00', 0xa6)
connect$inet6(r3, 0x0, 0x0)
accept$inet6(r3, &(0x7f0000000100), &(0x7f0000000140)=0x1c)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0xc80, 0x0) (async)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000000c0)=0x1, 0x4) (async)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x4c) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000240), &(0x7f0000000280)=0x4) (async)
getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f00000002c0)={'HL\x00'}, &(0x7f0000000300)=0x1e) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(0xffffffffffffffff, &(0x7f00000001c0)='.pending_reads\x00', 0x4000, 0x163) (async)
write$P9_RRENAMEAT(r5, &(0x7f0000000200)={0x7, 0x4b, 0x1}, 0x7) (async)
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x7, 0x2, {0x1f, '/sys/kernel/debug/binder/stats\x00'}}, 0x28) (async)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r5, 0x5521) (async)
fchmodat(r4, &(0x7f0000000180)='./file0\x00', 0xa6) (async)
connect$inet6(r3, 0x0, 0x0) (async)
accept$inet6(r3, &(0x7f0000000100), &(0x7f0000000140)=0x1c) (async)

12:01:58 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 14)

12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x4, 0x2, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x805, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
getdents(r2, &(0x7f0000000200)=""/137, 0x89) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
write$P9_RWALK(r3, &(0x7f0000000180)={0x71, 0x6f, 0x2, {0x8, [{0x80, 0x0, 0x8}, {0x4, 0x4, 0x8}, {0x40, 0x0, 0x7}, {0x0, 0x0, 0x50}, {0x74, 0x0, 0x4}, {0x80, 0x1, 0x4}, {}, {0x1, 0x1, 0x3}]}}, 0x71)

12:01:58 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0xee00, 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0xee00, 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

[ 2237.315180][T12475]  __x64_sys_ioctl+0xd4/0x110
[ 2237.319824][T12475]  do_syscall_64+0xcb/0x1c0
[ 2237.324297][T12475]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:58 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xd, 0x80300)

12:01:58 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x6a0341)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000040)={r0, 0xcb1, {0x0, 0x0, 0x0, 0x1000000000007, 0x594, 0x0, 0xa, 0x1d, 0x30, "b90d32f75dbb791552b715389318011dce3427cf61f75ca4033ae9c3f6de728c03c29fdacfe293b16e322abfe399170000000000003c6ea6ad9479f0c7a35e4f", "0a923b994948643df7a7abee8857080e7ee6c120f0e33d65757623aa19270c71a115d6398abd757069c951ca4876b1d7a35786e405f96aec1fd081d1ceedcbb9", "dfda3bf6edbe8a89535557c026c1e236f8ff97e26b992e0c8b9a0c82ed9ee7d0", [0x50f, 0x400]}})
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f00000001c0)={'nat\x00', 0x0, [0xd3, 0x80000001, 0xbe43, 0xd84, 0x7]}, &(0x7f0000000240)=0x54)

12:01:58 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0xc80, 0x0)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000000c0)=0x1, 0x4)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x4c)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f00000002c0)={'HL\x00'}, &(0x7f0000000300)=0x1e) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r5 = openat$incfs(0xffffffffffffffff, &(0x7f00000001c0)='.pending_reads\x00', 0x4000, 0x163)
write$P9_RRENAMEAT(r5, &(0x7f0000000200)={0x7, 0x4b, 0x1}, 0x7) (async)
write$P9_RLERROR(0xffffffffffffffff, &(0x7f0000000340)={0x28, 0x7, 0x2, {0x1f, '/sys/kernel/debug/binder/stats\x00'}}, 0x28)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r5, 0x5521)
fchmodat(r4, &(0x7f0000000180)='./file0\x00', 0xa6) (async)
connect$inet6(r3, 0x0, 0x0) (async)
accept$inet6(r3, &(0x7f0000000100), &(0x7f0000000140)=0x1c)

[ 2237.382440][T12503] FAULT_INJECTION: forcing a failure.
[ 2237.382440][T12503] name failslab, interval 1, probability 0, space 0, times 0
[ 2237.399197][T12503] CPU: 1 PID: 12503 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2237.409455][T12503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2237.419488][T12503] Call Trace:
[ 2237.422758][T12503]  dump_stack+0x1d8/0x241
[ 2237.427058][T12503]  ? panic+0x73e/0x73e
[ 2237.431095][T12503]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2237.436871][T12503]  should_fail+0x709/0x870
[ 2237.441265][T12503]  ? setup_fault_attr+0x3d0/0x3d0
[ 2237.446258][T12503]  ? mempool_init_node+0x1f6/0x500
[ 2237.451336][T12503]  should_failslab+0x5/0x20
[ 2237.455808][T12503]  kmem_cache_alloc+0x24/0x210
[ 2237.460538][T12503]  ? mempool_free+0x380/0x380
[ 2237.465192][T12503]  mempool_init_node+0x1f6/0x500
[ 2237.470113][T12503]  ? mempool_free+0x380/0x380
[ 2237.474766][T12503]  ? mempool_alloc_slab+0x20/0x20
[ 2237.479760][T12503]  mempool_init+0x35/0x50
[ 2237.484059][T12503]  bioset_init+0x41a/0x620
[ 2237.488461][T12503]  blk_alloc_queue_node+0xc4/0x580
[ 2237.493552][T12503]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2237.498897][T12503]  blk_mq_init_queue+0x33/0xa0
[ 2237.503641][T12503]  loop_add+0x256/0x710
[ 2237.507768][T12503]  ? radix_tree_lookup+0x17a/0x1d0
[ 2237.512847][T12503]  loop_control_ioctl+0x564/0x740
[ 2237.517840][T12503]  ? loop_remove+0xa0/0xa0
[ 2237.522224][T12503]  ? __lru_cache_add+0x1bf/0x210
[ 2237.527131][T12503]  ? memset+0x1f/0x40
[ 2237.531084][T12503]  ? fsnotify+0x1332/0x13f0
[ 2237.535574][T12503]  ? loop_remove+0xa0/0xa0
[ 2237.539964][T12503]  do_vfs_ioctl+0x744/0x1730
[ 2237.544526][T12503]  ? selinux_file_ioctl+0x723/0x970
[ 2237.549693][T12503]  ? ioctl_preallocate+0x250/0x250
[ 2237.554775][T12503]  ? __fget+0x40c/0x4a0
[ 2237.558906][T12503]  ? fget_many+0x20/0x20
[ 2237.563124][T12503]  ? check_preemption_disabled+0x154/0x330
[ 2237.568903][T12503]  ? debug_smp_processor_id+0x20/0x20
[ 2237.574244][T12503]  ? security_file_ioctl+0x9d/0xb0
12:01:58 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x6a0341) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000040)={r0, 0xcb1, {0x0, 0x0, 0x0, 0x1000000000007, 0x594, 0x0, 0xa, 0x1d, 0x30, "b90d32f75dbb791552b715389318011dce3427cf61f75ca4033ae9c3f6de728c03c29fdacfe293b16e322abfe399170000000000003c6ea6ad9479f0c7a35e4f", "0a923b994948643df7a7abee8857080e7ee6c120f0e33d65757623aa19270c71a115d6398abd757069c951ca4876b1d7a35786e405f96aec1fd081d1ceedcbb9", "dfda3bf6edbe8a89535557c026c1e236f8ff97e26b992e0c8b9a0c82ed9ee7d0", [0x50f, 0x400]}}) (async, rerun: 32)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) (rerun: 32)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f00000001c0)={'nat\x00', 0x0, [0xd3, 0x80000001, 0xbe43, 0xd84, 0x7]}, &(0x7f0000000240)=0x54)

12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x4, 0x2, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x805, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
getdents(r2, &(0x7f0000000200)=""/137, 0x89)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async, rerun: 32)
write$P9_RWALK(r3, &(0x7f0000000180)={0x71, 0x6f, 0x2, {0x8, [{0x80, 0x0, 0x8}, {0x4, 0x4, 0x8}, {0x40, 0x0, 0x7}, {0x0, 0x0, 0x50}, {0x74, 0x0, 0x4}, {0x80, 0x1, 0x4}, {}, {0x1, 0x1, 0x3}]}}, 0x71) (rerun: 32)

12:01:58 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xd, 0x80300)
syz_open_dev$loop(&(0x7f0000000000), 0xd, 0x80300) (async)

12:01:58 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 15)

12:01:58 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:58 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000100040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006900"/105], 0x68)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r2, 0x4004af77, &(0x7f0000000000)=0x4)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/usbcore', 0x101400, 0x28)

12:01:58 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)

[ 2237.579322][T12503]  __x64_sys_ioctl+0xd4/0x110
[ 2237.583970][T12503]  do_syscall_64+0xcb/0x1c0
[ 2237.588447][T12503]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:58 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xd, 0x80300)

12:01:58 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)

12:01:58 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000100040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006900"/105], 0x68)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r2, 0x4004af77, &(0x7f0000000000)=0x4)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/usbcore', 0x101400, 0x28)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000100040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006900"/105], 0x68) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r2, 0x4004af77, &(0x7f0000000000)=0x4) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/usbcore', 0x101400, 0x28) (async)

12:01:58 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x6a0341) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000040)={r0, 0xcb1, {0x0, 0x0, 0x0, 0x1000000000007, 0x594, 0x0, 0xa, 0x1d, 0x30, "b90d32f75dbb791552b715389318011dce3427cf61f75ca4033ae9c3f6de728c03c29fdacfe293b16e322abfe399170000000000003c6ea6ad9479f0c7a35e4f", "0a923b994948643df7a7abee8857080e7ee6c120f0e33d65757623aa19270c71a115d6398abd757069c951ca4876b1d7a35786e405f96aec1fd081d1ceedcbb9", "dfda3bf6edbe8a89535557c026c1e236f8ff97e26b992e0c8b9a0c82ed9ee7d0", [0x50f, 0x400]}}) (async)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f00000001c0)={'nat\x00', 0x0, [0xd3, 0x80000001, 0xbe43, 0xd84, 0x7]}, &(0x7f0000000240)=0x54)

[ 2237.633932][T12555] FAULT_INJECTION: forcing a failure.
[ 2237.633932][T12555] name failslab, interval 1, probability 0, space 0, times 0
[ 2237.650751][T12555] CPU: 1 PID: 12555 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2237.661003][T12555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2237.671035][T12555] Call Trace:
[ 2237.674303][T12555]  dump_stack+0x1d8/0x241
[ 2237.678601][T12555]  ? panic+0x73e/0x73e
[ 2237.682637][T12555]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2237.688426][T12555]  should_fail+0x709/0x870
[ 2237.692815][T12555]  ? setup_fault_attr+0x3d0/0x3d0
[ 2237.697808][T12555]  ? mempool_init_node+0x131/0x500
[ 2237.702895][T12555]  should_failslab+0x5/0x20
[ 2237.707374][T12555]  __kmalloc+0x51/0x2b0
[ 2237.711507][T12555]  ? kmem_cache_alloc+0xd0/0x210
[ 2237.716420][T12555]  mempool_init_node+0x131/0x500
[ 2237.721324][T12555]  ? mempool_free+0x380/0x380
[ 2237.725973][T12555]  ? mempool_alloc_slab+0x20/0x20
[ 2237.730978][T12555]  mempool_init+0x35/0x50
[ 2237.735285][T12555]  bioset_init+0x4ec/0x620
[ 2237.739676][T12555]  blk_alloc_queue_node+0xc4/0x580
[ 2237.744755][T12555]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2237.750093][T12555]  blk_mq_init_queue+0x33/0xa0
[ 2237.754826][T12555]  loop_add+0x256/0x710
[ 2237.758948][T12555]  ? radix_tree_lookup+0x17a/0x1d0
[ 2237.764053][T12555]  loop_control_ioctl+0x564/0x740
[ 2237.769047][T12555]  ? loop_remove+0xa0/0xa0
[ 2237.773431][T12555]  ? __lru_cache_add+0x1bf/0x210
[ 2237.778337][T12555]  ? memset+0x1f/0x40
[ 2237.782287][T12555]  ? fsnotify+0x1332/0x13f0
[ 2237.786757][T12555]  ? loop_remove+0xa0/0xa0
[ 2237.791140][T12555]  do_vfs_ioctl+0x744/0x1730
[ 2237.795705][T12555]  ? selinux_file_ioctl+0x723/0x970
[ 2237.800877][T12555]  ? ioctl_preallocate+0x250/0x250
[ 2237.805964][T12555]  ? __fget+0x40c/0x4a0
[ 2237.810093][T12555]  ? fget_many+0x20/0x20
[ 2237.814304][T12555]  ? check_preemption_disabled+0x154/0x330
[ 2237.820078][T12555]  ? debug_smp_processor_id+0x20/0x20
[ 2237.825425][T12555]  ? security_file_ioctl+0x9d/0xb0
12:01:59 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x2000000008f8, 0x640381)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x40)

12:01:59 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async, rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r2, 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:59 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
socket$igmp6(0xa, 0x3, 0x2) (async)

12:01:59 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 16)

12:01:59 executing program 1:
syz_open_dev$loop(&(0x7f0000000040), 0x802, 0x8c000)

12:01:59 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x2000000008f8, 0x640381)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x40)

[ 2237.830510][T12555]  __x64_sys_ioctl+0xd4/0x110
[ 2237.835165][T12555]  do_syscall_64+0xcb/0x1c0
[ 2237.839649][T12555]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:59 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ramoops', 0x2000, 0x80)
r1 = openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0xc0082, 0x100)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$incfs(r1, &(0x7f00000000c0)='.pending_reads\x00', 0x408000, 0x10)
syz_open_dev$vcsu(&(0x7f0000000080), 0xffffffffbfffffff, 0x2c443)
write$P9_RREMOVE(r2, 0x0, 0x0)

12:01:59 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000240)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000100040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006900"/105], 0x68) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r2, 0x4004af77, &(0x7f0000000000)=0x4) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/usbcore', 0x101400, 0x28)

12:01:59 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:59 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x2000000008f8, 0x640381) (async)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x40)

12:01:59 executing program 1:
syz_open_dev$loop(&(0x7f0000000040), 0x802, 0x8c000)

[ 2237.890605][T12590] FAULT_INJECTION: forcing a failure.
[ 2237.890605][T12590] name failslab, interval 1, probability 0, space 0, times 0
[ 2237.909474][T12590] CPU: 0 PID: 12590 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2237.919723][T12590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2237.929759][T12590] Call Trace:
[ 2237.933026][T12590]  dump_stack+0x1d8/0x241
[ 2237.937327][T12590]  ? panic+0x73e/0x73e
[ 2237.941364][T12590]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2237.947143][T12590]  should_fail+0x709/0x870
[ 2237.951532][T12590]  ? setup_fault_attr+0x3d0/0x3d0
[ 2237.956526][T12590]  ? mempool_init_node+0x1f6/0x500
[ 2237.961604][T12590]  should_failslab+0x5/0x20
[ 2237.966076][T12590]  kmem_cache_alloc+0x24/0x210
[ 2237.970806][T12590]  ? mempool_free+0x380/0x380
[ 2237.975469][T12590]  mempool_init_node+0x1f6/0x500
[ 2237.980374][T12590]  ? mempool_free+0x380/0x380
[ 2237.985023][T12590]  ? mempool_alloc_slab+0x20/0x20
[ 2237.990014][T12590]  mempool_init+0x35/0x50
[ 2237.994314][T12590]  bioset_init+0x4ec/0x620
[ 2237.998697][T12590]  blk_alloc_queue_node+0xc4/0x580
[ 2238.003865][T12590]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2238.009226][T12590]  blk_mq_init_queue+0x33/0xa0
[ 2238.013956][T12590]  loop_add+0x256/0x710
[ 2238.018083][T12590]  ? radix_tree_lookup+0x17a/0x1d0
[ 2238.023181][T12590]  loop_control_ioctl+0x564/0x740
[ 2238.028176][T12590]  ? loop_remove+0xa0/0xa0
[ 2238.032577][T12590]  ? __lru_cache_add+0x1bf/0x210
[ 2238.037481][T12590]  ? memset+0x1f/0x40
[ 2238.041430][T12590]  ? fsnotify+0x1332/0x13f0
[ 2238.045899][T12590]  ? loop_remove+0xa0/0xa0
[ 2238.050281][T12590]  do_vfs_ioctl+0x744/0x1730
[ 2238.054840][T12590]  ? selinux_file_ioctl+0x723/0x970
[ 2238.060004][T12590]  ? ioctl_preallocate+0x250/0x250
[ 2238.065101][T12590]  ? __fget+0x40c/0x4a0
[ 2238.069232][T12590]  ? fget_many+0x20/0x20
[ 2238.073446][T12590]  ? check_preemption_disabled+0x154/0x330
[ 2238.079225][T12590]  ? debug_smp_processor_id+0x20/0x20
[ 2238.084572][T12590]  ? security_file_ioctl+0x9d/0xb0
12:01:59 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 17)

12:01:59 executing program 1:
syz_open_dev$loop(&(0x7f0000000040), 0x802, 0x8c000)

12:01:59 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vcsu(&(0x7f0000000100), 0x8, 0x80)
r1 = syz_open_dev$vcsu(&(0x7f0000000140), 0x7, 0x400800)
connect$inet6(r1, 0x0, 0xffffffffffffffaf)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f00000000c0)=[&(0x7f0000000180)='-n\x00\x00\x00O\xd0\xfe\x86\x05Y\xb4ieQm\x81\xaet\xc7\x82\x9e\x83\xfe\xe8\x05l\bdH?p\x81\xed\xb8\'f\b\x02\\\x99=\x1e\xe6^6A%\xa3\x88O\x11<A\n\x80\xb1pG1\xae\x96\xf2/!\x19\xb5\xa5\x98 y^\xf9\x1f\x98yj\xc3-\x01\xde\xc9\xc1\xdaS\x95\xd0\xd5au\xda\xb3:', &(0x7f00000002c0)='\xd8\x89\xa6\x00_{\xa1=\x89^}\xdb\n\xd4\x8d\x17\xf8\xcb]\x86|\xc5AVB\t\x91\x1a0\x900q\xd6h\xaf$\x9b\xc1:K\xc4u8\xcb\xedi\xd7\x9bj\xf0\x05\xac\xd1m7_;\xb2\xae\x05\x9d\xfa\"(\xe3\xa2#\x14S\x7f\x91\x96JZ\v5\xb4X\xe3\xa79\x9e8\xf9\xf4\xe0Z\x8e\xabF\xd3\xc9\xe3\xf5Ra\x9d8+\xcf4\xde\x17R\xe8\xeb\x14xG\xa3\xb6\x88?\xd1Pt\xf1Q\x01\xf8\f\xc2\x0e\x87Z35\xaf\xa5e\x92]3I\x9b\xbdw\"\xf2\xb5\xdf\xe8\xbc^\xb5\xbb\xc2\x8a\xce\x19\x7f\x00\x00\x00\xc1\xff\xa7\xcb_x\xa2\xe12\x8b\xe4I\xc6\xfa\xd5c\xe0\xdb\x13\x93\xa1\xc2\x1eF\x02\xc1\xdb\xab\xc2\xcc\xba\xe3\xc0\x96\xbe\x7f\xd4\xab\x9b\xa6N]\x80u^+\xe8\xf2 \xa8~\r\x90\xb02\x00xq\x00\xe4\xdft\xd8\xa7b\x1a\xe3\x06\"\x88)\x06\x8c\xba\x825o\f\x9f#b6\x91\xa3Y\x14\x0fY\xd3\xb6\xe1\xf853\xca\x96b\x04\xe8\x18\x05W\xc6\xaf\xbd\xa7N\xc5\xbbk\xfb\x8c\xfa{t\x8ap\x99\r\xa1s?\x84\xd84\xe0\x96+\xc0d8:r\xaf\xa0\x1a\xfbp\xa3\x06\x90\xe7\vV\xf9\xd1\xa2 \xe6\x8e\x18Hc\x14\x18A\x00e;\xbe\xbd\xb0t6We\x11}U\xb3J\xf6\x82\xe1\xbb\xb1\xb8\xc6\xea\xb2\xb3L\xce\x96uq\xccd\xa6\x9e\xf2\xa5u~~\xecu`bk\x97oI\xd62\xe9k\xabF\x89\xe9q\x8eb\"\x185FC\x1ddz\r!ZH\xcc\x05\x96\t\xf0[\x9a\x9d\xcda\x1e\x96\xb6\xd3\xe4\x02\xe3:{\xbeud\x8a5B\x04&\xe4\x83\xe7s3\t\xeb\x7f\f\x81\v?Y\v\xc4h\xd2P\xfb\xfe\xa9\xe2\x82\xfc\f[\xce\x11\x18K\xf8mG\xaa\x14\x96\xd3\xf4\xbcM0\xfch\xb1\xd9\t_\xe1\x17\xf1\xed\xba\xe7\xb9;\x97kW\x9f\x9dW\x1b', &(0x7f0000000000)='+^{\x00', &(0x7f0000000080)='^\x00'], 0x1000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r2, 0x5761, &(0x7f0000000200)={0x1, 0x0, [{0x51, 0x1000, 0x8000, [0x5, 0x8, 0x5, 0xa85d, 0x6, 0x80, 0x0, 0x5c]}]})
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:59 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x2, 0xa, 0xf, 0x30, "79a25ae797eac54838adb2b17bfb24aeca0be19fd9f0d831aef54e99c68df95d009450313195833a2a02b6e3194d8e5e1053d5f0b93e609ea7e0cb50dd1aef8f", "1604f9b80a8d3e19e1684d3b0c3b62354df0b903c684780c1c67b71aa0fe6b1d", [0x12da, 0x7]})

12:01:59 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x20, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@udp6=r1, 0x4}, 0x20)

[ 2238.089650][T12590]  __x64_sys_ioctl+0xd4/0x110
[ 2238.094297][T12590]  do_syscall_64+0xcb/0x1c0
[ 2238.098769][T12590]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2238.127633][T12610] FAULT_INJECTION: forcing a failure.
[ 2238.127633][T12610] name failslab, interval 1, probability 0, space 0, times 0
[ 2238.142800][T12610] CPU: 1 PID: 12610 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2238.153046][T12610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2238.163097][T12610] Call Trace:
[ 2238.166364][T12610]  dump_stack+0x1d8/0x241
[ 2238.170691][T12610]  ? panic+0x73e/0x73e
[ 2238.174731][T12610]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2238.180506][T12610]  should_fail+0x709/0x870
[ 2238.184889][T12610]  ? setup_fault_attr+0x3d0/0x3d0
[ 2238.189881][T12610]  ? mempool_init_node+0x1f6/0x500
[ 2238.194968][T12610]  should_failslab+0x5/0x20
[ 2238.199459][T12610]  kmem_cache_alloc+0x24/0x210
[ 2238.204191][T12610]  ? mempool_free+0x380/0x380
[ 2238.208843][T12610]  mempool_init_node+0x1f6/0x500
[ 2238.213750][T12610]  ? mempool_free+0x380/0x380
[ 2238.218411][T12610]  ? mempool_alloc_slab+0x20/0x20
[ 2238.223404][T12610]  mempool_init+0x35/0x50
[ 2238.227712][T12610]  bioset_init+0x4ec/0x620
[ 2238.232096][T12610]  blk_alloc_queue_node+0xc4/0x580
[ 2238.237324][T12610]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2238.242700][T12610]  blk_mq_init_queue+0x33/0xa0
[ 2238.247444][T12610]  loop_add+0x256/0x710
[ 2238.251571][T12610]  ? radix_tree_lookup+0x17a/0x1d0
[ 2238.256650][T12610]  loop_control_ioctl+0x564/0x740
[ 2238.261646][T12610]  ? loop_remove+0xa0/0xa0
[ 2238.266074][T12610]  ? __lru_cache_add+0x1bf/0x210
[ 2238.270980][T12610]  ? memset+0x1f/0x40
[ 2238.274932][T12610]  ? fsnotify+0x1332/0x13f0
[ 2238.279420][T12610]  ? loop_remove+0xa0/0xa0
[ 2238.283811][T12610]  do_vfs_ioctl+0x744/0x1730
[ 2238.288371][T12610]  ? selinux_file_ioctl+0x723/0x970
12:01:59 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ramoops', 0x2000, 0x80)
r1 = openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0xc0082, 0x100)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$incfs(r1, &(0x7f00000000c0)='.pending_reads\x00', 0x408000, 0x10)
syz_open_dev$vcsu(&(0x7f0000000080), 0xffffffffbfffffff, 0x2c443)
write$P9_RREMOVE(r2, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ramoops', 0x2000, 0x80) (async)
openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0xc0082, 0x100) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$incfs(r1, &(0x7f00000000c0)='.pending_reads\x00', 0x408000, 0x10) (async)
syz_open_dev$vcsu(&(0x7f0000000080), 0xffffffffbfffffff, 0x2c443) (async)
write$P9_RREMOVE(r2, 0x0, 0x0) (async)

12:01:59 executing program 1:
clock_gettime(0x6, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:01:59 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vcsu(&(0x7f0000000100), 0x8, 0x80)
r1 = syz_open_dev$vcsu(&(0x7f0000000140), 0x7, 0x400800)
connect$inet6(r1, 0x0, 0xffffffffffffffaf)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f00000000c0)=[&(0x7f0000000180)='-n\x00\x00\x00O\xd0\xfe\x86\x05Y\xb4ieQm\x81\xaet\xc7\x82\x9e\x83\xfe\xe8\x05l\bdH?p\x81\xed\xb8\'f\b\x02\\\x99=\x1e\xe6^6A%\xa3\x88O\x11<A\n\x80\xb1pG1\xae\x96\xf2/!\x19\xb5\xa5\x98 y^\xf9\x1f\x98yj\xc3-\x01\xde\xc9\xc1\xdaS\x95\xd0\xd5au\xda\xb3:', &(0x7f00000002c0)='\xd8\x89\xa6\x00_{\xa1=\x89^}\xdb\n\xd4\x8d\x17\xf8\xcb]\x86|\xc5AVB\t\x91\x1a0\x900q\xd6h\xaf$\x9b\xc1:K\xc4u8\xcb\xedi\xd7\x9bj\xf0\x05\xac\xd1m7_;\xb2\xae\x05\x9d\xfa\"(\xe3\xa2#\x14S\x7f\x91\x96JZ\v5\xb4X\xe3\xa79\x9e8\xf9\xf4\xe0Z\x8e\xabF\xd3\xc9\xe3\xf5Ra\x9d8+\xcf4\xde\x17R\xe8\xeb\x14xG\xa3\xb6\x88?\xd1Pt\xf1Q\x01\xf8\f\xc2\x0e\x87Z35\xaf\xa5e\x92]3I\x9b\xbdw\"\xf2\xb5\xdf\xe8\xbc^\xb5\xbb\xc2\x8a\xce\x19\x7f\x00\x00\x00\xc1\xff\xa7\xcb_x\xa2\xe12\x8b\xe4I\xc6\xfa\xd5c\xe0\xdb\x13\x93\xa1\xc2\x1eF\x02\xc1\xdb\xab\xc2\xcc\xba\xe3\xc0\x96\xbe\x7f\xd4\xab\x9b\xa6N]\x80u^+\xe8\xf2 \xa8~\r\x90\xb02\x00xq\x00\xe4\xdft\xd8\xa7b\x1a\xe3\x06\"\x88)\x06\x8c\xba\x825o\f\x9f#b6\x91\xa3Y\x14\x0fY\xd3\xb6\xe1\xf853\xca\x96b\x04\xe8\x18\x05W\xc6\xaf\xbd\xa7N\xc5\xbbk\xfb\x8c\xfa{t\x8ap\x99\r\xa1s?\x84\xd84\xe0\x96+\xc0d8:r\xaf\xa0\x1a\xfbp\xa3\x06\x90\xe7\vV\xf9\xd1\xa2 \xe6\x8e\x18Hc\x14\x18A\x00e;\xbe\xbd\xb0t6We\x11}U\xb3J\xf6\x82\xe1\xbb\xb1\xb8\xc6\xea\xb2\xb3L\xce\x96uq\xccd\xa6\x9e\xf2\xa5u~~\xecu`bk\x97oI\xd62\xe9k\xabF\x89\xe9q\x8eb\"\x185FC\x1ddz\r!ZH\xcc\x05\x96\t\xf0[\x9a\x9d\xcda\x1e\x96\xb6\xd3\xe4\x02\xe3:{\xbeud\x8a5B\x04&\xe4\x83\xe7s3\t\xeb\x7f\f\x81\v?Y\v\xc4h\xd2P\xfb\xfe\xa9\xe2\x82\xfc\f[\xce\x11\x18K\xf8mG\xaa\x14\x96\xd3\xf4\xbcM0\xfch\xb1\xd9\t_\xe1\x17\xf1\xed\xba\xe7\xb9;\x97kW\x9f\x9dW\x1b', &(0x7f0000000000)='+^{\x00', &(0x7f0000000080)='^\x00'], 0x1000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r2, 0x5761, &(0x7f0000000200)={0x1, 0x0, [{0x51, 0x1000, 0x8000, [0x5, 0x8, 0x5, 0xa85d, 0x6, 0x80, 0x0, 0x5c]}]})
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000100), 0x8, 0x80) (async)
syz_open_dev$vcsu(&(0x7f0000000140), 0x7, 0x400800) (async)
connect$inet6(r1, 0x0, 0xffffffffffffffaf) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f00000000c0)=[&(0x7f0000000180)='-n\x00\x00\x00O\xd0\xfe\x86\x05Y\xb4ieQm\x81\xaet\xc7\x82\x9e\x83\xfe\xe8\x05l\bdH?p\x81\xed\xb8\'f\b\x02\\\x99=\x1e\xe6^6A%\xa3\x88O\x11<A\n\x80\xb1pG1\xae\x96\xf2/!\x19\xb5\xa5\x98 y^\xf9\x1f\x98yj\xc3-\x01\xde\xc9\xc1\xdaS\x95\xd0\xd5au\xda\xb3:', &(0x7f00000002c0)='\xd8\x89\xa6\x00_{\xa1=\x89^}\xdb\n\xd4\x8d\x17\xf8\xcb]\x86|\xc5AVB\t\x91\x1a0\x900q\xd6h\xaf$\x9b\xc1:K\xc4u8\xcb\xedi\xd7\x9bj\xf0\x05\xac\xd1m7_;\xb2\xae\x05\x9d\xfa\"(\xe3\xa2#\x14S\x7f\x91\x96JZ\v5\xb4X\xe3\xa79\x9e8\xf9\xf4\xe0Z\x8e\xabF\xd3\xc9\xe3\xf5Ra\x9d8+\xcf4\xde\x17R\xe8\xeb\x14xG\xa3\xb6\x88?\xd1Pt\xf1Q\x01\xf8\f\xc2\x0e\x87Z35\xaf\xa5e\x92]3I\x9b\xbdw\"\xf2\xb5\xdf\xe8\xbc^\xb5\xbb\xc2\x8a\xce\x19\x7f\x00\x00\x00\xc1\xff\xa7\xcb_x\xa2\xe12\x8b\xe4I\xc6\xfa\xd5c\xe0\xdb\x13\x93\xa1\xc2\x1eF\x02\xc1\xdb\xab\xc2\xcc\xba\xe3\xc0\x96\xbe\x7f\xd4\xab\x9b\xa6N]\x80u^+\xe8\xf2 \xa8~\r\x90\xb02\x00xq\x00\xe4\xdft\xd8\xa7b\x1a\xe3\x06\"\x88)\x06\x8c\xba\x825o\f\x9f#b6\x91\xa3Y\x14\x0fY\xd3\xb6\xe1\xf853\xca\x96b\x04\xe8\x18\x05W\xc6\xaf\xbd\xa7N\xc5\xbbk\xfb\x8c\xfa{t\x8ap\x99\r\xa1s?\x84\xd84\xe0\x96+\xc0d8:r\xaf\xa0\x1a\xfbp\xa3\x06\x90\xe7\vV\xf9\xd1\xa2 \xe6\x8e\x18Hc\x14\x18A\x00e;\xbe\xbd\xb0t6We\x11}U\xb3J\xf6\x82\xe1\xbb\xb1\xb8\xc6\xea\xb2\xb3L\xce\x96uq\xccd\xa6\x9e\xf2\xa5u~~\xecu`bk\x97oI\xd62\xe9k\xabF\x89\xe9q\x8eb\"\x185FC\x1ddz\r!ZH\xcc\x05\x96\t\xf0[\x9a\x9d\xcda\x1e\x96\xb6\xd3\xe4\x02\xe3:{\xbeud\x8a5B\x04&\xe4\x83\xe7s3\t\xeb\x7f\f\x81\v?Y\v\xc4h\xd2P\xfb\xfe\xa9\xe2\x82\xfc\f[\xce\x11\x18K\xf8mG\xaa\x14\x96\xd3\xf4\xbcM0\xfch\xb1\xd9\t_\xe1\x17\xf1\xed\xba\xe7\xb9;\x97kW\x9f\x9dW\x1b', &(0x7f0000000000)='+^{\x00', &(0x7f0000000080)='^\x00'], 0x1000) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r2, 0x5761, &(0x7f0000000200)={0x1, 0x0, [{0x51, 0x1000, 0x8000, [0x5, 0x8, 0x5, 0xa85d, 0x6, 0x80, 0x0, 0x5c]}]}) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:01:59 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x20, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@udp6=r1, 0x4}, 0x20)

12:01:59 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 18)

12:01:59 executing program 1:
clock_gettime(0x6, &(0x7f0000000040)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

[ 2238.293534][T12610]  ? ioctl_preallocate+0x250/0x250
[ 2238.298615][T12610]  ? __fget+0x40c/0x4a0
[ 2238.302740][T12610]  ? fget_many+0x20/0x20
[ 2238.306952][T12610]  ? check_preemption_disabled+0x154/0x330
[ 2238.312725][T12610]  ? debug_smp_processor_id+0x20/0x20
[ 2238.318067][T12610]  ? security_file_ioctl+0x9d/0xb0
[ 2238.323146][T12610]  __x64_sys_ioctl+0xd4/0x110
[ 2238.327792][T12610]  do_syscall_64+0xcb/0x1c0
[ 2238.332266][T12610]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:59 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ramoops', 0x2000, 0x80)
r1 = openat$incfs(r0, &(0x7f0000000040)='.log\x00', 0xc0082, 0x100) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
openat$incfs(r1, &(0x7f00000000c0)='.pending_reads\x00', 0x408000, 0x10) (async)
syz_open_dev$vcsu(&(0x7f0000000080), 0xffffffffbfffffff, 0x2c443) (async)
write$P9_RREMOVE(r2, 0x0, 0x0)

12:01:59 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x20, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@udp6=r1, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000180), &(0x7f00000001c0)=0x4) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x20, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@udp6=r1, 0x4}, 0x20) (async)

12:01:59 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x2, 0xa, 0xf, 0x30, "79a25ae797eac54838adb2b17bfb24aeca0be19fd9f0d831aef54e99c68df95d009450313195833a2a02b6e3194d8e5e1053d5f0b93e609ea7e0cb50dd1aef8f", "1604f9b80a8d3e19e1684d3b0c3b62354df0b903c684780c1c67b71aa0fe6b1d", [0x12da, 0x7]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x2, 0xa, 0xf, 0x30, "79a25ae797eac54838adb2b17bfb24aeca0be19fd9f0d831aef54e99c68df95d009450313195833a2a02b6e3194d8e5e1053d5f0b93e609ea7e0cb50dd1aef8f", "1604f9b80a8d3e19e1684d3b0c3b62354df0b903c684780c1c67b71aa0fe6b1d", [0x12da, 0x7]}) (async)

12:01:59 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vcsu(&(0x7f0000000100), 0x8, 0x80)
r1 = syz_open_dev$vcsu(&(0x7f0000000140), 0x7, 0x400800)
connect$inet6(r1, 0x0, 0xffffffffffffffaf)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f00000000c0)=[&(0x7f0000000180)='-n\x00\x00\x00O\xd0\xfe\x86\x05Y\xb4ieQm\x81\xaet\xc7\x82\x9e\x83\xfe\xe8\x05l\bdH?p\x81\xed\xb8\'f\b\x02\\\x99=\x1e\xe6^6A%\xa3\x88O\x11<A\n\x80\xb1pG1\xae\x96\xf2/!\x19\xb5\xa5\x98 y^\xf9\x1f\x98yj\xc3-\x01\xde\xc9\xc1\xdaS\x95\xd0\xd5au\xda\xb3:', &(0x7f00000002c0)='\xd8\x89\xa6\x00_{\xa1=\x89^}\xdb\n\xd4\x8d\x17\xf8\xcb]\x86|\xc5AVB\t\x91\x1a0\x900q\xd6h\xaf$\x9b\xc1:K\xc4u8\xcb\xedi\xd7\x9bj\xf0\x05\xac\xd1m7_;\xb2\xae\x05\x9d\xfa\"(\xe3\xa2#\x14S\x7f\x91\x96JZ\v5\xb4X\xe3\xa79\x9e8\xf9\xf4\xe0Z\x8e\xabF\xd3\xc9\xe3\xf5Ra\x9d8+\xcf4\xde\x17R\xe8\xeb\x14xG\xa3\xb6\x88?\xd1Pt\xf1Q\x01\xf8\f\xc2\x0e\x87Z35\xaf\xa5e\x92]3I\x9b\xbdw\"\xf2\xb5\xdf\xe8\xbc^\xb5\xbb\xc2\x8a\xce\x19\x7f\x00\x00\x00\xc1\xff\xa7\xcb_x\xa2\xe12\x8b\xe4I\xc6\xfa\xd5c\xe0\xdb\x13\x93\xa1\xc2\x1eF\x02\xc1\xdb\xab\xc2\xcc\xba\xe3\xc0\x96\xbe\x7f\xd4\xab\x9b\xa6N]\x80u^+\xe8\xf2 \xa8~\r\x90\xb02\x00xq\x00\xe4\xdft\xd8\xa7b\x1a\xe3\x06\"\x88)\x06\x8c\xba\x825o\f\x9f#b6\x91\xa3Y\x14\x0fY\xd3\xb6\xe1\xf853\xca\x96b\x04\xe8\x18\x05W\xc6\xaf\xbd\xa7N\xc5\xbbk\xfb\x8c\xfa{t\x8ap\x99\r\xa1s?\x84\xd84\xe0\x96+\xc0d8:r\xaf\xa0\x1a\xfbp\xa3\x06\x90\xe7\vV\xf9\xd1\xa2 \xe6\x8e\x18Hc\x14\x18A\x00e;\xbe\xbd\xb0t6We\x11}U\xb3J\xf6\x82\xe1\xbb\xb1\xb8\xc6\xea\xb2\xb3L\xce\x96uq\xccd\xa6\x9e\xf2\xa5u~~\xecu`bk\x97oI\xd62\xe9k\xabF\x89\xe9q\x8eb\"\x185FC\x1ddz\r!ZH\xcc\x05\x96\t\xf0[\x9a\x9d\xcda\x1e\x96\xb6\xd3\xe4\x02\xe3:{\xbeud\x8a5B\x04&\xe4\x83\xe7s3\t\xeb\x7f\f\x81\v?Y\v\xc4h\xd2P\xfb\xfe\xa9\xe2\x82\xfc\f[\xce\x11\x18K\xf8mG\xaa\x14\x96\xd3\xf4\xbcM0\xfch\xb1\xd9\t_\xe1\x17\xf1\xed\xba\xe7\xb9;\x97kW\x9f\x9dW\x1b', &(0x7f0000000000)='+^{\x00', &(0x7f0000000080)='^\x00'], 0x1000)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r2, 0x5761, &(0x7f0000000200)={0x1, 0x0, [{0x51, 0x1000, 0x8000, [0x5, 0x8, 0x5, 0xa85d, 0x6, 0x80, 0x0, 0x5c]}]})
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000100), 0x8, 0x80) (async)
syz_open_dev$vcsu(&(0x7f0000000140), 0x7, 0x400800) (async)
connect$inet6(r1, 0x0, 0xffffffffffffffaf) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f00000000c0)=[&(0x7f0000000180)='-n\x00\x00\x00O\xd0\xfe\x86\x05Y\xb4ieQm\x81\xaet\xc7\x82\x9e\x83\xfe\xe8\x05l\bdH?p\x81\xed\xb8\'f\b\x02\\\x99=\x1e\xe6^6A%\xa3\x88O\x11<A\n\x80\xb1pG1\xae\x96\xf2/!\x19\xb5\xa5\x98 y^\xf9\x1f\x98yj\xc3-\x01\xde\xc9\xc1\xdaS\x95\xd0\xd5au\xda\xb3:', &(0x7f00000002c0)='\xd8\x89\xa6\x00_{\xa1=\x89^}\xdb\n\xd4\x8d\x17\xf8\xcb]\x86|\xc5AVB\t\x91\x1a0\x900q\xd6h\xaf$\x9b\xc1:K\xc4u8\xcb\xedi\xd7\x9bj\xf0\x05\xac\xd1m7_;\xb2\xae\x05\x9d\xfa\"(\xe3\xa2#\x14S\x7f\x91\x96JZ\v5\xb4X\xe3\xa79\x9e8\xf9\xf4\xe0Z\x8e\xabF\xd3\xc9\xe3\xf5Ra\x9d8+\xcf4\xde\x17R\xe8\xeb\x14xG\xa3\xb6\x88?\xd1Pt\xf1Q\x01\xf8\f\xc2\x0e\x87Z35\xaf\xa5e\x92]3I\x9b\xbdw\"\xf2\xb5\xdf\xe8\xbc^\xb5\xbb\xc2\x8a\xce\x19\x7f\x00\x00\x00\xc1\xff\xa7\xcb_x\xa2\xe12\x8b\xe4I\xc6\xfa\xd5c\xe0\xdb\x13\x93\xa1\xc2\x1eF\x02\xc1\xdb\xab\xc2\xcc\xba\xe3\xc0\x96\xbe\x7f\xd4\xab\x9b\xa6N]\x80u^+\xe8\xf2 \xa8~\r\x90\xb02\x00xq\x00\xe4\xdft\xd8\xa7b\x1a\xe3\x06\"\x88)\x06\x8c\xba\x825o\f\x9f#b6\x91\xa3Y\x14\x0fY\xd3\xb6\xe1\xf853\xca\x96b\x04\xe8\x18\x05W\xc6\xaf\xbd\xa7N\xc5\xbbk\xfb\x8c\xfa{t\x8ap\x99\r\xa1s?\x84\xd84\xe0\x96+\xc0d8:r\xaf\xa0\x1a\xfbp\xa3\x06\x90\xe7\vV\xf9\xd1\xa2 \xe6\x8e\x18Hc\x14\x18A\x00e;\xbe\xbd\xb0t6We\x11}U\xb3J\xf6\x82\xe1\xbb\xb1\xb8\xc6\xea\xb2\xb3L\xce\x96uq\xccd\xa6\x9e\xf2\xa5u~~\xecu`bk\x97oI\xd62\xe9k\xabF\x89\xe9q\x8eb\"\x185FC\x1ddz\r!ZH\xcc\x05\x96\t\xf0[\x9a\x9d\xcda\x1e\x96\xb6\xd3\xe4\x02\xe3:{\xbeud\x8a5B\x04&\xe4\x83\xe7s3\t\xeb\x7f\f\x81\v?Y\v\xc4h\xd2P\xfb\xfe\xa9\xe2\x82\xfc\f[\xce\x11\x18K\xf8mG\xaa\x14\x96\xd3\xf4\xbcM0\xfch\xb1\xd9\t_\xe1\x17\xf1\xed\xba\xe7\xb9;\x97kW\x9f\x9dW\x1b', &(0x7f0000000000)='+^{\x00', &(0x7f0000000080)='^\x00'], 0x1000) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r2, 0x5761, &(0x7f0000000200)={0x1, 0x0, [{0x51, 0x1000, 0x8000, [0x5, 0x8, 0x5, 0xa85d, 0x6, 0x80, 0x0, 0x5c]}]}) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

[ 2238.379813][T12646] FAULT_INJECTION: forcing a failure.
[ 2238.379813][T12646] name failslab, interval 1, probability 0, space 0, times 0
[ 2238.395611][T12646] CPU: 0 PID: 12646 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2238.405866][T12646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2238.415899][T12646] Call Trace:
[ 2238.419178][T12646]  dump_stack+0x1d8/0x241
[ 2238.423476][T12646]  ? panic+0x73e/0x73e
[ 2238.427511][T12646]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2238.433288][T12646]  ? mempool_init_node+0x1f6/0x500
[ 2238.438366][T12646]  should_fail+0x709/0x870
[ 2238.442750][T12646]  ? setup_fault_attr+0x3d0/0x3d0
[ 2238.447745][T12646]  ? mempool_free+0x380/0x380
[ 2238.452392][T12646]  ? mempool_alloc_slab+0x20/0x20
[ 2238.457385][T12646]  ? mempool_init+0x35/0x50
[ 2238.461863][T12646]  ? bdi_alloc_node+0x69/0xd0
[ 2238.466505][T12646]  should_failslab+0x5/0x20
[ 2238.470976][T12646]  kmem_cache_alloc_trace+0x28/0x240
[ 2238.476233][T12646]  bdi_alloc_node+0x69/0xd0
[ 2238.480705][T12646]  blk_alloc_queue_node+0x10b/0x580
[ 2238.485879][T12646]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2238.491221][T12646]  blk_mq_init_queue+0x33/0xa0
[ 2238.495955][T12646]  loop_add+0x256/0x710
[ 2238.500081][T12646]  ? radix_tree_lookup+0x17a/0x1d0
[ 2238.505161][T12646]  loop_control_ioctl+0x564/0x740
[ 2238.510154][T12646]  ? loop_remove+0xa0/0xa0
[ 2238.514539][T12646]  ? __lru_cache_add+0x1bf/0x210
[ 2238.519444][T12646]  ? memset+0x1f/0x40
[ 2238.523396][T12646]  ? fsnotify+0x1332/0x13f0
[ 2238.527871][T12646]  ? loop_remove+0xa0/0xa0
[ 2238.532256][T12646]  do_vfs_ioctl+0x744/0x1730
[ 2238.536814][T12646]  ? selinux_file_ioctl+0x723/0x970
[ 2238.541977][T12646]  ? ioctl_preallocate+0x250/0x250
[ 2238.547054][T12646]  ? __fget+0x40c/0x4a0
[ 2238.551176][T12646]  ? fget_many+0x20/0x20
[ 2238.555387][T12646]  ? check_preemption_disabled+0x154/0x330
[ 2238.561403][T12646]  ? debug_smp_processor_id+0x20/0x20
[ 2238.566743][T12646]  ? security_file_ioctl+0x9d/0xb0
[ 2238.571822][T12646]  __x64_sys_ioctl+0xd4/0x110
[ 2238.576467][T12646]  do_syscall_64+0xcb/0x1c0
12:01:59 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
utimensat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={{}, {r1, r2/1000+60000}}, 0x100)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$MRT6_TABLE(r3, 0x29, 0xcf, &(0x7f00000000c0)=0xff, 0x4)
setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000140)=0x1, 0x4)
clock_gettime(0x7, &(0x7f0000000180))
write$P9_RREMOVE(r0, 0x0, 0x0)

12:01:59 executing program 1:
clock_gettime(0x6, &(0x7f0000000040)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:01:59 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 19)

12:01:59 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
utimensat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={{}, {r1, r2/1000+60000}}, 0x100)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$MRT6_TABLE(r3, 0x29, 0xcf, &(0x7f00000000c0)=0xff, 0x4) (async)
setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000140)=0x1, 0x4) (async)
clock_gettime(0x7, &(0x7f0000000180)) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:01:59 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x2, 0xa, 0xf, 0x30, "79a25ae797eac54838adb2b17bfb24aeca0be19fd9f0d831aef54e99c68df95d009450313195833a2a02b6e3194d8e5e1053d5f0b93e609ea7e0cb50dd1aef8f", "1604f9b80a8d3e19e1684d3b0c3b62354df0b903c684780c1c67b71aa0fe6b1d", [0x12da, 0x7]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x2, 0xa, 0xf, 0x30, "79a25ae797eac54838adb2b17bfb24aeca0be19fd9f0d831aef54e99c68df95d009450313195833a2a02b6e3194d8e5e1053d5f0b93e609ea7e0cb50dd1aef8f", "1604f9b80a8d3e19e1684d3b0c3b62354df0b903c684780c1c67b71aa0fe6b1d", [0x12da, 0x7]}) (async)

12:01:59 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @mcast1, 0x3f1}, 0x1c)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x1000)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

[ 2238.580940][T12646]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:01:59 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000200)={@ipv4={'\x00', '\xff\xff', @remote}, 0x3d6, 0x0, 0x3, 0x3, 0x1, 0x7}, 0x20)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r1, 0x8008551c, &(0x7f0000000240)={0xefce, 0x18, [{0x6, 0x1}, {0x7, 0x1}, {0x53, 0x1}, {0x7}, {0xd, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0xb}, {0x4, 0x1}, {0x9}, {0xd, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0xa}, {0x4, 0x1}, {0x0, 0x1}, {0xf, 0x1}, {0x2, 0x1}, {0x7, 0x1}, {0xb}, {0x5}, {0x4, 0x1}, {0x2, 0x1}, {0xc, 0x1}]})
connect$inet6(r1, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
futimesat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={{}, {r2, r3/1000+10000}})
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:01:59 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
utimensat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={{}, {r1, r2/1000+60000}}, 0x100) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$MRT6_TABLE(r3, 0x29, 0xcf, &(0x7f00000000c0)=0xff, 0x4) (async)
setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000140)=0x1, 0x4) (async)
clock_gettime(0x7, &(0x7f0000000180))
write$P9_RREMOVE(r0, 0x0, 0x0)

12:01:59 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a7502)

12:01:59 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1c, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RLOPEN(r1, &(0x7f0000000180)={0x18, 0xd, 0x2, {{0x8, 0x4, 0x8}, 0x1}}, 0x18)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6abbd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:01:59 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @mcast1, 0x3f1}, 0x1c)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x1000)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

[ 2238.623565][T12689] FAULT_INJECTION: forcing a failure.
[ 2238.623565][T12689] name failslab, interval 1, probability 0, space 0, times 0
[ 2238.640236][T12689] CPU: 0 PID: 12689 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2238.650487][T12689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2238.660532][T12689] Call Trace:
[ 2238.663821][T12689]  dump_stack+0x1d8/0x241
[ 2238.668149][T12689]  ? panic+0x73e/0x73e
[ 2238.672193][T12689]  ? blk_mq_init_queue+0x33/0xa0
[ 2238.677098][T12689]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2238.682896][T12689]  ? __x64_sys_ioctl+0xd4/0x110
[ 2238.687719][T12689]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2238.693754][T12689]  should_fail+0x709/0x870
[ 2238.698145][T12689]  ? setup_fault_attr+0x3d0/0x3d0
[ 2238.703139][T12689]  ? bdi_init+0x19a/0xa90
[ 2238.707434][T12689]  should_failslab+0x5/0x20
[ 2238.711905][T12689]  kmem_cache_alloc_trace+0x28/0x240
[ 2238.717164][T12689]  bdi_init+0x19a/0xa90
[ 2238.721293][T12689]  ? kmem_cache_alloc_trace+0xd8/0x240
[ 2238.726727][T12689]  ? bdi_alloc_node+0x69/0xd0
[ 2238.731377][T12689]  bdi_alloc_node+0x79/0xd0
[ 2238.735852][T12689]  blk_alloc_queue_node+0x10b/0x580
[ 2238.741016][T12689]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2238.746357][T12689]  blk_mq_init_queue+0x33/0xa0
[ 2238.751093][T12689]  loop_add+0x256/0x710
[ 2238.755220][T12689]  ? radix_tree_lookup+0x17a/0x1d0
[ 2238.760299][T12689]  loop_control_ioctl+0x564/0x740
[ 2238.765293][T12689]  ? loop_remove+0xa0/0xa0
[ 2238.769685][T12689]  ? __lru_cache_add+0x1bf/0x210
[ 2238.774594][T12689]  ? memset+0x1f/0x40
[ 2238.778543][T12689]  ? fsnotify+0x1332/0x13f0
[ 2238.783014][T12689]  ? loop_remove+0xa0/0xa0
[ 2238.787401][T12689]  do_vfs_ioctl+0x744/0x1730
[ 2238.791960][T12689]  ? selinux_file_ioctl+0x723/0x970
[ 2238.797133][T12689]  ? ioctl_preallocate+0x250/0x250
[ 2238.802216][T12689]  ? __fget+0x40c/0x4a0
[ 2238.806341][T12689]  ? fget_many+0x20/0x20
[ 2238.810551][T12689]  ? check_preemption_disabled+0x154/0x330
[ 2238.816323][T12689]  ? debug_smp_processor_id+0x20/0x20
12:02:00 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 20)

12:02:00 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1c, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RLOPEN(r1, &(0x7f0000000180)={0x18, 0xd, 0x2, {{0x8, 0x4, 0x8}, 0x1}}, 0x18) (async)
connect$inet6(r1, 0x0, 0x0) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6abbd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:00 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000200)={@ipv4={'\x00', '\xff\xff', @remote}, 0x3d6, 0x0, 0x3, 0x3, 0x1, 0x7}, 0x20) (async, rerun: 32)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async, rerun: 32)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r1, 0x8008551c, &(0x7f0000000240)={0xefce, 0x18, [{0x6, 0x1}, {0x7, 0x1}, {0x53, 0x1}, {0x7}, {0xd, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0xb}, {0x4, 0x1}, {0x9}, {0xd, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0xa}, {0x4, 0x1}, {0x0, 0x1}, {0xf, 0x1}, {0x2, 0x1}, {0x7, 0x1}, {0xb}, {0x5}, {0x4, 0x1}, {0x2, 0x1}, {0xc, 0x1}]})
connect$inet6(r1, 0x0, 0x0) (async, rerun: 64)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0}) (rerun: 64)
futimesat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={{}, {r2, r3/1000+10000}}) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2238.821664][T12689]  ? security_file_ioctl+0x9d/0xb0
[ 2238.826742][T12689]  __x64_sys_ioctl+0xd4/0x110
[ 2238.831391][T12689]  do_syscall_64+0xcb/0x1c0
[ 2238.835866][T12689]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:00 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a7502)

12:02:00 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @mcast1, 0x3f1}, 0x1c)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x1000)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @mcast1, 0x3f1}, 0x1c) (async)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x1000) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)

[ 2238.866930][T12710] FAULT_INJECTION: forcing a failure.
[ 2238.866930][T12710] name failslab, interval 1, probability 0, space 0, times 0
[ 2238.880378][T12710] CPU: 0 PID: 12710 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2238.890616][T12710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2238.900653][T12710] Call Trace:
[ 2238.903920][T12710]  dump_stack+0x1d8/0x241
[ 2238.908222][T12710]  ? panic+0x73e/0x73e
[ 2238.912257][T12710]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2238.918031][T12710]  ? _raw_spin_lock_irqsave+0xf8/0x210
[ 2238.923454][T12710]  ? cpumask_next+0xc/0x20
[ 2238.927838][T12710]  should_fail+0x709/0x870
[ 2238.932222][T12710]  ? setup_fault_attr+0x3d0/0x3d0
[ 2238.937214][T12710]  ? _raw_spin_unlock_irqrestore+0x57/0x80
[ 2238.942986][T12710]  ? blk_alloc_queue_stats+0x48/0x100
[ 2238.948326][T12710]  should_failslab+0x5/0x20
[ 2238.952798][T12710]  kmem_cache_alloc_trace+0x28/0x240
[ 2238.958058][T12710]  blk_alloc_queue_stats+0x48/0x100
[ 2238.963227][T12710]  blk_alloc_queue_node+0x150/0x580
[ 2238.968400][T12710]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2238.973738][T12710]  blk_mq_init_queue+0x33/0xa0
[ 2238.978471][T12710]  loop_add+0x256/0x710
[ 2238.982597][T12710]  ? radix_tree_lookup+0x17a/0x1d0
[ 2238.987679][T12710]  loop_control_ioctl+0x564/0x740
[ 2238.992673][T12710]  ? loop_remove+0xa0/0xa0
[ 2238.997079][T12710]  ? __lru_cache_add+0x1bf/0x210
[ 2239.001996][T12710]  ? memset+0x1f/0x40
[ 2239.006084][T12710]  ? fsnotify+0x1332/0x13f0
[ 2239.010563][T12710]  ? loop_remove+0xa0/0xa0
[ 2239.014952][T12710]  do_vfs_ioctl+0x744/0x1730
[ 2239.019512][T12710]  ? selinux_file_ioctl+0x723/0x970
[ 2239.024678][T12710]  ? ioctl_preallocate+0x250/0x250
[ 2239.029756][T12710]  ? __fget+0x40c/0x4a0
[ 2239.033878][T12710]  ? fget_many+0x20/0x20
[ 2239.038178][T12710]  ? check_preemption_disabled+0x154/0x330
[ 2239.043953][T12710]  ? debug_smp_processor_id+0x20/0x20
[ 2239.049291][T12710]  ? security_file_ioctl+0x9d/0xb0
[ 2239.054371][T12710]  __x64_sys_ioctl+0xd4/0x110
[ 2239.059019][T12710]  do_syscall_64+0xcb/0x1c0
12:02:00 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:00 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 21)

12:02:00 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000200)={@ipv4={'\x00', '\xff\xff', @remote}, 0x3d6, 0x0, 0x3, 0x3, 0x1, 0x7}, 0x20) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r1, 0x8008551c, &(0x7f0000000240)={0xefce, 0x18, [{0x6, 0x1}, {0x7, 0x1}, {0x53, 0x1}, {0x7}, {0xd, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0xb}, {0x4, 0x1}, {0x9}, {0xd, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0xa}, {0x4, 0x1}, {0x0, 0x1}, {0xf, 0x1}, {0x2, 0x1}, {0x7, 0x1}, {0xb}, {0x5}, {0x4, 0x1}, {0x2, 0x1}, {0xc, 0x1}]})
connect$inet6(r1, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
futimesat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={{}, {r2, r3/1000+10000}}) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2239.063494][T12710]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:00 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1c, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
write$P9_RLOPEN(r1, &(0x7f0000000180)={0x18, 0xd, 0x2, {{0x8, 0x4, 0x8}, 0x1}}, 0x18)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6abbd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:00 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

12:02:00 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x1a7502)

12:02:00 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x10000, 0x300)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[ 2239.088099][T12726] FAULT_INJECTION: forcing a failure.
[ 2239.088099][T12726] name failslab, interval 1, probability 0, space 0, times 0
[ 2239.109156][T12726] CPU: 0 PID: 12726 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2239.119409][T12726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2239.129450][T12726] Call Trace:
[ 2239.132746][T12726]  dump_stack+0x1d8/0x241
[ 2239.137055][T12726]  ? panic+0x73e/0x73e
[ 2239.141099][T12726]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2239.146875][T12726]  ? pcpu_chunk_relocate+0xe5/0x3a0
[ 2239.152041][T12726]  should_fail+0x709/0x870
[ 2239.156424][T12726]  ? setup_fault_attr+0x3d0/0x3d0
[ 2239.161415][T12726]  ? find_next_bit+0xc6/0x110
[ 2239.166069][T12726]  ? cpumask_next+0xc/0x20
[ 2239.170465][T12726]  ? blk_mq_poll_stats_fn+0x1b0/0x1b0
[ 2239.175812][T12726]  ? blk_stat_alloc_callback+0x5c/0x210
[ 2239.181328][T12726]  should_failslab+0x5/0x20
[ 2239.185807][T12726]  kmem_cache_alloc_trace+0x28/0x240
[ 2239.191088][T12726]  ? blk_mq_poll_stats_fn+0x1b0/0x1b0
[ 2239.196440][T12726]  ? blk_mq_free_tag_set+0x480/0x480
[ 2239.201700][T12726]  blk_stat_alloc_callback+0x5c/0x210
[ 2239.207047][T12726]  blk_mq_init_allocated_queue+0x86/0x16c0
[ 2239.212825][T12726]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2239.218164][T12726]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2239.223503][T12726]  blk_mq_init_queue+0x48/0xa0
[ 2239.228245][T12726]  loop_add+0x256/0x710
[ 2239.232381][T12726]  ? radix_tree_lookup+0x17a/0x1d0
[ 2239.237461][T12726]  loop_control_ioctl+0x564/0x740
[ 2239.242456][T12726]  ? loop_remove+0xa0/0xa0
[ 2239.246845][T12726]  ? __lru_cache_add+0x1bf/0x210
[ 2239.251754][T12726]  ? memset+0x1f/0x40
[ 2239.255705][T12726]  ? fsnotify+0x1332/0x13f0
[ 2239.260186][T12726]  ? loop_remove+0xa0/0xa0
[ 2239.264578][T12726]  do_vfs_ioctl+0x744/0x1730
[ 2239.269138][T12726]  ? selinux_file_ioctl+0x723/0x970
[ 2239.274303][T12726]  ? ioctl_preallocate+0x250/0x250
[ 2239.279383][T12726]  ? __fget+0x40c/0x4a0
[ 2239.283506][T12726]  ? fget_many+0x20/0x20
12:02:00 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000000), &(0x7f0000000180)=0x4)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:00 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 22)

12:02:00 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x880, 0xb1)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x1, @desc1})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:00 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
getdents64(r0, &(0x7f0000000040)=""/28, 0x1c)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @auto="bc37f13a7b651c29"}})
ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000080))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r3 = openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0x80, 0x1)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000140))
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)

12:02:00 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x10000, 0x300)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[ 2239.287717][T12726]  ? check_preemption_disabled+0x154/0x330
[ 2239.293496][T12726]  ? debug_smp_processor_id+0x20/0x20
[ 2239.298835][T12726]  ? security_file_ioctl+0x9d/0xb0
[ 2239.303913][T12726]  __x64_sys_ioctl+0xd4/0x110
[ 2239.308559][T12726]  do_syscall_64+0xcb/0x1c0
[ 2239.313041][T12726]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:00 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
getdents64(r0, &(0x7f0000000040)=""/28, 0x1c)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @auto="bc37f13a7b651c29"}})
ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000080))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r3 = openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0x80, 0x1)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000140))
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
getdents64(r0, &(0x7f0000000040)=""/28, 0x1c) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @auto="bc37f13a7b651c29"}}) (async)
ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000080)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0x80, 0x1) (async)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000140)) (async)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) (async)

12:02:00 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
getsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000000), &(0x7f0000000180)=0x4)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2239.351816][T12757] FAULT_INJECTION: forcing a failure.
[ 2239.351816][T12757] name failslab, interval 1, probability 0, space 0, times 0
[ 2239.365213][T12757] CPU: 1 PID: 12757 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2239.375442][T12757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2239.385492][T12757] Call Trace:
[ 2239.388760][T12757]  dump_stack+0x1d8/0x241
[ 2239.393060][T12757]  ? panic+0x73e/0x73e
[ 2239.397125][T12757]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2239.402911][T12757]  ? pcpu_chunk_relocate+0xe5/0x3a0
[ 2239.408085][T12757]  should_fail+0x709/0x870
[ 2239.412472][T12757]  ? setup_fault_attr+0x3d0/0x3d0
[ 2239.417465][T12757]  ? find_next_bit+0xc6/0x110
[ 2239.422107][T12757]  ? cpumask_next+0xc/0x20
[ 2239.426491][T12757]  ? blk_mq_poll_stats_fn+0x1b0/0x1b0
[ 2239.431835][T12757]  ? blk_stat_alloc_callback+0x5c/0x210
[ 2239.437349][T12757]  should_failslab+0x5/0x20
[ 2239.441825][T12757]  kmem_cache_alloc_trace+0x28/0x240
[ 2239.447077][T12757]  ? blk_mq_poll_stats_fn+0x1b0/0x1b0
[ 2239.452417][T12757]  ? blk_mq_free_tag_set+0x480/0x480
[ 2239.457668][T12757]  blk_stat_alloc_callback+0x5c/0x210
[ 2239.463020][T12757]  blk_mq_init_allocated_queue+0x86/0x16c0
[ 2239.468799][T12757]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2239.474138][T12757]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2239.479476][T12757]  blk_mq_init_queue+0x48/0xa0
[ 2239.484221][T12757]  loop_add+0x256/0x710
[ 2239.488355][T12757]  ? radix_tree_lookup+0x17a/0x1d0
[ 2239.493435][T12757]  loop_control_ioctl+0x564/0x740
[ 2239.498430][T12757]  ? loop_remove+0xa0/0xa0
[ 2239.502815][T12757]  ? __lru_cache_add+0x1bf/0x210
[ 2239.507718][T12757]  ? memset+0x1f/0x40
[ 2239.511666][T12757]  ? fsnotify+0x1332/0x13f0
[ 2239.516137][T12757]  ? loop_remove+0xa0/0xa0
[ 2239.520519][T12757]  do_vfs_ioctl+0x744/0x1730
[ 2239.525080][T12757]  ? selinux_file_ioctl+0x723/0x970
[ 2239.530245][T12757]  ? ioctl_preallocate+0x250/0x250
[ 2239.535324][T12757]  ? __fget+0x40c/0x4a0
[ 2239.539459][T12757]  ? fget_many+0x20/0x20
[ 2239.543677][T12757]  ? check_preemption_disabled+0x154/0x330
12:02:00 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

12:02:00 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 23)

12:02:00 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x10000, 0x300)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
syz_open_dev$loop(&(0x7f0000000000), 0x10000, 0x300) (async)
ioctl$LOOP_CLR_FD(r0, 0x4c01) (async)

12:02:00 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
getsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000000), &(0x7f0000000180)=0x4) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2239.549458][T12757]  ? debug_smp_processor_id+0x20/0x20
[ 2239.554799][T12757]  ? security_file_ioctl+0x9d/0xb0
[ 2239.559884][T12757]  __x64_sys_ioctl+0xd4/0x110
[ 2239.564540][T12757]  do_syscall_64+0xcb/0x1c0
[ 2239.569023][T12757]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:00 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x880, 0xb1)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x1, @desc1})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x880, 0xb1) (async)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x1, @desc1}) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:00 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
getdents64(r0, &(0x7f0000000040)=""/28, 0x1c) (rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @auto="bc37f13a7b651c29"}}) (async, rerun: 64)
ioctl$VHOST_VDPA_GET_VQS_COUNT(r1, 0x8004af80, &(0x7f0000000080)) (rerun: 64)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r3 = openat$incfs(r0, &(0x7f00000000c0)='.log\x00', 0x80, 0x1)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000140))
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)

[ 2239.599033][T12787] FAULT_INJECTION: forcing a failure.
[ 2239.599033][T12787] name failslab, interval 1, probability 0, space 0, times 0
[ 2239.613943][T12787] CPU: 1 PID: 12787 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2239.624184][T12787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2239.634219][T12787] Call Trace:
[ 2239.637487][T12787]  dump_stack+0x1d8/0x241
[ 2239.641783][T12787]  ? panic+0x73e/0x73e
[ 2239.645817][T12787]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2239.651591][T12787]  should_fail+0x709/0x870
[ 2239.655978][T12787]  ? setup_fault_attr+0x3d0/0x3d0
[ 2239.660970][T12787]  ? blk_mq_init_allocated_queue+0xef/0x16c0
[ 2239.666913][T12787]  should_failslab+0x5/0x20
[ 2239.671382][T12787]  kmem_cache_alloc_trace+0x28/0x240
[ 2239.676636][T12787]  blk_mq_init_allocated_queue+0xef/0x16c0
[ 2239.682409][T12787]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2239.687749][T12787]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2239.693095][T12787]  blk_mq_init_queue+0x48/0xa0
[ 2239.697826][T12787]  loop_add+0x256/0x710
[ 2239.701951][T12787]  ? radix_tree_lookup+0x17a/0x1d0
[ 2239.707028][T12787]  loop_control_ioctl+0x564/0x740
[ 2239.712023][T12787]  ? loop_remove+0xa0/0xa0
[ 2239.716405][T12787]  ? __lru_cache_add+0x1bf/0x210
[ 2239.721308][T12787]  ? memset+0x1f/0x40
[ 2239.725259][T12787]  ? fsnotify+0x1332/0x13f0
[ 2239.729730][T12787]  ? loop_remove+0xa0/0xa0
[ 2239.734113][T12787]  do_vfs_ioctl+0x744/0x1730
[ 2239.738673][T12787]  ? selinux_file_ioctl+0x723/0x970
[ 2239.743835][T12787]  ? ioctl_preallocate+0x250/0x250
12:02:01 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r1, 0x4008af75, &(0x7f0000000000)={0x2, 0x7fff})

12:02:01 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 24)

12:02:01 executing program 1:
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x7, 0xf8a13612176f44ac)

12:02:01 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r1, 0x4008af75, &(0x7f0000000000)={0x2, 0x7fff})
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r1, 0x4008af75, &(0x7f0000000000)={0x2, 0x7fff}) (async)

12:02:01 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x880, 0xb1)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @adiantum, 0x1, @desc1})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:01 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$VHOST_VDPA_SET_VRING_ENABLE(r1, 0x4008af75, &(0x7f0000000000)={0x2, 0x7fff})

[ 2239.748915][T12787]  ? __fget+0x40c/0x4a0
[ 2239.753039][T12787]  ? fget_many+0x20/0x20
[ 2239.757249][T12787]  ? check_preemption_disabled+0x154/0x330
[ 2239.763021][T12787]  ? debug_smp_processor_id+0x20/0x20
[ 2239.768361][T12787]  ? security_file_ioctl+0x9d/0xb0
[ 2239.773439][T12787]  __x64_sys_ioctl+0xd4/0x110
[ 2239.778083][T12787]  do_syscall_64+0xcb/0x1c0
[ 2239.782558][T12787]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:01 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x460040)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x7fff, 0x9, 0x1f, 0x8, "30738deab7df496bbaecc88deef883942b774965f876039cbb006ec65112fca41f3d6f626654b3852fd0143642840948a336e2d0dc3281b73b06b922d1488b49", "5766183a112cc03301468e8c1bcd8db5fe141ab692852a86fa192e542ed9971e", [0x7, 0x4fd0b5a5]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)

12:02:01 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:01 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000000), 0x4880)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvfrom$inet6(r1, &(0x7f0000000040)=""/95, 0x5f, 0x40010000, &(0x7f00000000c0)={0xa, 0x4e21, 0x3, @private1, 0x4}, 0x1c)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x10040, 0x0)
write$P9_RXATTRCREATE(r2, &(0x7f0000000180)={0x7, 0x21, 0x1}, 0x7)

12:02:01 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
pipe2$watch_queue(&(0x7f0000000180), 0x80)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x4e8, 0xffffffff, 0x0, 0x1c8, 0x0, 0xffffffff, 0xffffffff, 0x418, 0x418, 0x418, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, [0x0, 0xffffff00, 0x0, 0x8000007f], [0xffffff00, 0x0, 0xffffff00, 0xff], 'ip6gretap0\x00', 'bridge0\x00', {0xff}, {}, 0x2c, 0x1, 0x5, 0x8}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [0x0, 0xffffff00, 0xff, 0xff000000], [0x0, 0xffffff00, 0xff000000], 'geneve0\x00', 'geneve0\x00', {}, {0xff}, 0x3a, 0x9b, 0x2, 0x11}, 0x0, 0x208, 0x250, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x18}}, @common=@rt={{0x138}, {0x51eddb56, [0x4, 0x6], 0x9, 0x30, 0x4, [@empty, @dev={0xfe, 0x80, '\x00', 0x40}, @loopback, @dev={0xfe, 0x80, '\x00', 0xd}, @ipv4={'\x00', '\xff\xff', @loopback}, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @loopback, @private2, @remote, @local, @local, @empty], 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x80, {0x1518}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x9, 0x0, 0x6, 0x144, r2, 0xfffffff8, '\x00', 0x0, r1, 0x1, 0x4, 0x2, 0x5}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2239.826064][T12820] FAULT_INJECTION: forcing a failure.
[ 2239.826064][T12820] name failslab, interval 1, probability 0, space 0, times 0
[ 2239.840549][T12820] CPU: 1 PID: 12820 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2239.850803][T12820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2239.860842][T12820] Call Trace:
[ 2239.864119][T12820]  dump_stack+0x1d8/0x241
[ 2239.868427][T12820]  ? panic+0x73e/0x73e
[ 2239.872467][T12820]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2239.878242][T12820]  should_fail+0x709/0x870
[ 2239.882814][T12820]  ? setup_fault_attr+0x3d0/0x3d0
[ 2239.887807][T12820]  ? blk_mq_init_allocated_queue+0xef/0x16c0
[ 2239.893752][T12820]  should_failslab+0x5/0x20
[ 2239.898226][T12820]  kmem_cache_alloc_trace+0x28/0x240
[ 2239.903477][T12820]  blk_mq_init_allocated_queue+0xef/0x16c0
[ 2239.909266][T12820]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2239.914621][T12820]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2239.919974][T12820]  blk_mq_init_queue+0x48/0xa0
[ 2239.924708][T12820]  loop_add+0x256/0x710
[ 2239.928834][T12820]  ? radix_tree_lookup+0x17a/0x1d0
[ 2239.933914][T12820]  loop_control_ioctl+0x564/0x740
[ 2239.938906][T12820]  ? loop_remove+0xa0/0xa0
[ 2239.943289][T12820]  ? __lru_cache_add+0x1bf/0x210
[ 2239.948192][T12820]  ? memset+0x1f/0x40
[ 2239.952140][T12820]  ? fsnotify+0x1332/0x13f0
[ 2239.956612][T12820]  ? loop_remove+0xa0/0xa0
[ 2239.961000][T12820]  do_vfs_ioctl+0x744/0x1730
[ 2239.965572][T12820]  ? selinux_file_ioctl+0x723/0x970
[ 2239.970753][T12820]  ? ioctl_preallocate+0x250/0x250
12:02:01 executing program 1:
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x7, 0xf8a13612176f44ac)

12:02:01 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 25)

12:02:01 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
pipe2$watch_queue(&(0x7f0000000180), 0x80)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x4e8, 0xffffffff, 0x0, 0x1c8, 0x0, 0xffffffff, 0xffffffff, 0x418, 0x418, 0x418, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, [0x0, 0xffffff00, 0x0, 0x8000007f], [0xffffff00, 0x0, 0xffffff00, 0xff], 'ip6gretap0\x00', 'bridge0\x00', {0xff}, {}, 0x2c, 0x1, 0x5, 0x8}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [0x0, 0xffffff00, 0xff, 0xff000000], [0x0, 0xffffff00, 0xff000000], 'geneve0\x00', 'geneve0\x00', {}, {0xff}, 0x3a, 0x9b, 0x2, 0x11}, 0x0, 0x208, 0x250, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x18}}, @common=@rt={{0x138}, {0x51eddb56, [0x4, 0x6], 0x9, 0x30, 0x4, [@empty, @dev={0xfe, 0x80, '\x00', 0x40}, @loopback, @dev={0xfe, 0x80, '\x00', 0xd}, @ipv4={'\x00', '\xff\xff', @loopback}, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @loopback, @private2, @remote, @local, @local, @empty], 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x80, {0x1518}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x9, 0x0, 0x6, 0x144, r2, 0xfffffff8, '\x00', 0x0, r1, 0x1, 0x4, 0x2, 0x5}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000180), 0x80) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f00000001c0), 0x80) (async)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x4e8, 0xffffffff, 0x0, 0x1c8, 0x0, 0xffffffff, 0xffffffff, 0x418, 0x418, 0x418, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, [0x0, 0xffffff00, 0x0, 0x8000007f], [0xffffff00, 0x0, 0xffffff00, 0xff], 'ip6gretap0\x00', 'bridge0\x00', {0xff}, {}, 0x2c, 0x1, 0x5, 0x8}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [0x0, 0xffffff00, 0xff, 0xff000000], [0x0, 0xffffff00, 0xff000000], 'geneve0\x00', 'geneve0\x00', {}, {0xff}, 0x3a, 0x9b, 0x2, 0x11}, 0x0, 0x208, 0x250, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x18}}, @common=@rt={{0x138}, {0x51eddb56, [0x4, 0x6], 0x9, 0x30, 0x4, [@empty, @dev={0xfe, 0x80, '\x00', 0x40}, @loopback, @dev={0xfe, 0x80, '\x00', 0xd}, @ipv4={'\x00', '\xff\xff', @loopback}, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @loopback, @private2, @remote, @local, @local, @empty], 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x80, {0x1518}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x9, 0x0, 0x6, 0x144, r2, 0xfffffff8, '\x00', 0x0, r1, 0x1, 0x4, 0x2, 0x5}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:01 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000000000), 0x4880) (async)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
recvfrom$inet6(r1, &(0x7f0000000040)=""/95, 0x5f, 0x40010000, &(0x7f00000000c0)={0xa, 0x4e21, 0x3, @private1, 0x4}, 0x1c)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x10040, 0x0)
write$P9_RXATTRCREATE(r2, &(0x7f0000000180)={0x7, 0x21, 0x1}, 0x7)

[ 2239.975845][T12820]  ? __fget+0x40c/0x4a0
[ 2239.979972][T12820]  ? fget_many+0x20/0x20
[ 2239.984184][T12820]  ? check_preemption_disabled+0x154/0x330
[ 2239.989958][T12820]  ? debug_smp_processor_id+0x20/0x20
[ 2239.995308][T12820]  ? security_file_ioctl+0x9d/0xb0
[ 2240.000389][T12820]  __x64_sys_ioctl+0xd4/0x110
[ 2240.005046][T12820]  do_syscall_64+0xcb/0x1c0
[ 2240.009529][T12820]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:01 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x460040)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x7fff, 0x9, 0x1f, 0x8, "30738deab7df496bbaecc88deef883942b774965f876039cbb006ec65112fca41f3d6f626654b3852fd0143642840948a336e2d0dc3281b73b06b922d1488b49", "5766183a112cc03301468e8c1bcd8db5fe141ab692852a86fa192e542ed9971e", [0x7, 0x4fd0b5a5]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x460040) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x7fff, 0x9, 0x1f, 0x8, "30738deab7df496bbaecc88deef883942b774965f876039cbb006ec65112fca41f3d6f626654b3852fd0143642840948a336e2d0dc3281b73b06b922d1488b49", "5766183a112cc03301468e8c1bcd8db5fe141ab692852a86fa192e542ed9971e", [0x7, 0x4fd0b5a5]}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)

12:02:01 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:01 executing program 1:
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x7, 0xf8a13612176f44ac)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x7, 0xf8a13612176f44ac) (async)

12:02:01 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
pipe2$9p(&(0x7f0000000000), 0x4880) (rerun: 64)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvfrom$inet6(r1, &(0x7f0000000040)=""/95, 0x5f, 0x40010000, &(0x7f00000000c0)={0xa, 0x4e21, 0x3, @private1, 0x4}, 0x1c) (async)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x10040, 0x0)
write$P9_RXATTRCREATE(r2, &(0x7f0000000180)={0x7, 0x21, 0x1}, 0x7)

[ 2240.043955][T12842] FAULT_INJECTION: forcing a failure.
[ 2240.043955][T12842] name failslab, interval 1, probability 0, space 0, times 0
[ 2240.059648][T12842] CPU: 1 PID: 12842 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2240.069895][T12842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2240.079929][T12842] Call Trace:
[ 2240.083195][T12842]  dump_stack+0x1d8/0x241
[ 2240.087492][T12842]  ? panic+0x73e/0x73e
[ 2240.091529][T12842]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2240.097306][T12842]  ? pcpu_alloc_area+0x696/0x790
[ 2240.102213][T12842]  should_fail+0x709/0x870
[ 2240.106597][T12842]  ? setup_fault_attr+0x3d0/0x3d0
[ 2240.111587][T12842]  ? find_next_bit+0xc6/0x110
[ 2240.116229][T12842]  ? cpumask_next+0xc/0x20
[ 2240.120610][T12842]  ? kobject_init+0x7d/0x1d0
[ 2240.125165][T12842]  ? find_next_bit+0xc6/0x110
[ 2240.129808][T12842]  ? blk_mq_init_allocated_queue+0x427/0x16c0
[ 2240.135839][T12842]  should_failslab+0x5/0x20
[ 2240.140308][T12842]  __kmalloc+0x51/0x2b0
[ 2240.144433][T12842]  blk_mq_init_allocated_queue+0x427/0x16c0
[ 2240.150314][T12842]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2240.155670][T12842]  ? blk_mq_alloc_tag_set+0x68b/0x890
[ 2240.161018][T12842]  blk_mq_init_queue+0x48/0xa0
[ 2240.165763][T12842]  loop_add+0x256/0x710
[ 2240.169892][T12842]  ? radix_tree_lookup+0x17a/0x1d0
[ 2240.174975][T12842]  loop_control_ioctl+0x564/0x740
[ 2240.179965][T12842]  ? loop_remove+0xa0/0xa0
[ 2240.184349][T12842]  ? __lru_cache_add+0x1bf/0x210
[ 2240.189256][T12842]  ? memset+0x1f/0x40
[ 2240.193206][T12842]  ? fsnotify+0x1332/0x13f0
[ 2240.197675][T12842]  ? loop_remove+0xa0/0xa0
[ 2240.202057][T12842]  do_vfs_ioctl+0x744/0x1730
[ 2240.206614][T12842]  ? selinux_file_ioctl+0x723/0x970
[ 2240.211778][T12842]  ? ioctl_preallocate+0x250/0x250
[ 2240.216854][T12842]  ? __fget+0x40c/0x4a0
[ 2240.220978][T12842]  ? fget_many+0x20/0x20
[ 2240.225275][T12842]  ? check_preemption_disabled+0x154/0x330
[ 2240.231048][T12842]  ? debug_smp_processor_id+0x20/0x20
[ 2240.236403][T12842]  ? security_file_ioctl+0x9d/0xb0
12:02:01 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 26)

12:02:01 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:02:01 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
pipe2$watch_queue(&(0x7f0000000180), 0x80)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x4e8, 0xffffffff, 0x0, 0x1c8, 0x0, 0xffffffff, 0xffffffff, 0x418, 0x418, 0x418, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, [0x0, 0xffffff00, 0x0, 0x8000007f], [0xffffff00, 0x0, 0xffffff00, 0xff], 'ip6gretap0\x00', 'bridge0\x00', {0xff}, {}, 0x2c, 0x1, 0x5, 0x8}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [0x0, 0xffffff00, 0xff, 0xff000000], [0x0, 0xffffff00, 0xff000000], 'geneve0\x00', 'geneve0\x00', {}, {0xff}, 0x3a, 0x9b, 0x2, 0x11}, 0x0, 0x208, 0x250, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x18}}, @common=@rt={{0x138}, {0x51eddb56, [0x4, 0x6], 0x9, 0x30, 0x4, [@empty, @dev={0xfe, 0x80, '\x00', 0x40}, @loopback, @dev={0xfe, 0x80, '\x00', 0xd}, @ipv4={'\x00', '\xff\xff', @loopback}, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @loopback, @private2, @remote, @local, @local, @empty], 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x80, {0x1518}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x9, 0x0, 0x6, 0x144, r2, 0xfffffff8, '\x00', 0x0, r1, 0x1, 0x4, 0x2, 0x5}, 0x48)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000180), 0x80) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f00000001c0), 0x80) (async)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x4e8, 0xffffffff, 0x0, 0x1c8, 0x0, 0xffffffff, 0xffffffff, 0x418, 0x418, 0x418, 0xffffffff, 0x4, &(0x7f0000000200), {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, [0x0, 0xffffff00, 0x0, 0x8000007f], [0xffffff00, 0x0, 0xffffff00, 0xff], 'ip6gretap0\x00', 'bridge0\x00', {0xff}, {}, 0x2c, 0x1, 0x5, 0x8}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [0x0, 0xffffff00, 0xff, 0xff000000], [0x0, 0xffffff00, 0xff000000], 'geneve0\x00', 'geneve0\x00', {}, {0xff}, 0x3a, 0x9b, 0x2, 0x11}, 0x0, 0x208, 0x250, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x18}}, @common=@rt={{0x138}, {0x51eddb56, [0x4, 0x6], 0x9, 0x30, 0x4, [@empty, @dev={0xfe, 0x80, '\x00', 0x40}, @loopback, @dev={0xfe, 0x80, '\x00', 0xd}, @ipv4={'\x00', '\xff\xff', @loopback}, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @loopback, @private2, @remote, @local, @local, @empty], 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x80, {0x1518}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x9, 0x0, 0x6, 0x144, r2, 0xfffffff8, '\x00', 0x0, r1, 0x1, 0x4, 0x2, 0x5}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

[ 2240.241483][T12842]  __x64_sys_ioctl+0xd4/0x110
[ 2240.246131][T12842]  do_syscall_64+0xcb/0x1c0
[ 2240.250602][T12842]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:01 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1, 0x80002)
ioctl$USBDEVFS_GETDRIVER(r1, 0x41045508, &(0x7f0000000040)={0x0, "65ece4435f8e488a9330ff003ec25d6c6c6efe5198539df74a7c3e4a6680adf38a42fe87073213053ffbefe18e17cc1654744bd93fe5fb0fc03aeb09d9fd0b3ef3fd3633a8e8fea3c57252ebd72890189a446cddd0cd6cfe404803ab07a938d98d2ae4af1f556a438d36b2fa9c9bc16558a59c6fe0673778fed8196136ad85cd7dbec82f987db2a19a3b396096ba8f2c405f249e2e6e1d6f8582dfd27a440fc7052f07a7398ebb4cb013debcfdc50e221dde9b3d1b313e2bc39c67be65c9657af1d85bf20b0a8dbb590db250912c274611d3aa3fc66002b8c2665600c68b31560cc857091de3c8aaac6460545260adf5f0fcba37039bbd33fb151a90891084fa"})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x401, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:01 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file0\x00', 0x20, 0x1)

12:02:01 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$9p(r0, &(0x7f0000000040)="4c10cb", 0x3)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:01 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0xb, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x5, 0x5, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2240.288422][T12892] FAULT_INJECTION: forcing a failure.
[ 2240.288422][T12892] name failslab, interval 1, probability 0, space 0, times 0
[ 2240.305344][T12892] CPU: 0 PID: 12892 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2240.315600][T12892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2240.325667][T12892] Call Trace:
[ 2240.328939][T12892]  dump_stack+0x1d8/0x241
[ 2240.333237][T12892]  ? panic+0x73e/0x73e
[ 2240.337279][T12892]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2240.343063][T12892]  should_fail+0x709/0x870
[ 2240.347449][T12892]  ? setup_fault_attr+0x3d0/0x3d0
[ 2240.352446][T12892]  ? blk_mq_realloc_hw_ctxs+0x68a/0x1450
[ 2240.358047][T12892]  should_failslab+0x5/0x20
[ 2240.362526][T12892]  __kmalloc+0x51/0x2b0
[ 2240.366652][T12892]  ? init_timer_key+0x23/0x1c0
[ 2240.371385][T12892]  blk_mq_realloc_hw_ctxs+0x68a/0x1450
[ 2240.376817][T12892]  blk_mq_init_allocated_queue+0x4d6/0x16c0
[ 2240.382681][T12892]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2240.388029][T12892]  blk_mq_init_queue+0x48/0xa0
[ 2240.392772][T12892]  loop_add+0x256/0x710
[ 2240.396897][T12892]  ? radix_tree_lookup+0x17a/0x1d0
[ 2240.401980][T12892]  loop_control_ioctl+0x564/0x740
[ 2240.406980][T12892]  ? loop_remove+0xa0/0xa0
[ 2240.411371][T12892]  ? __lru_cache_add+0x1bf/0x210
[ 2240.416276][T12892]  ? memset+0x1f/0x40
[ 2240.420229][T12892]  ? fsnotify+0x1332/0x13f0
[ 2240.424702][T12892]  ? loop_remove+0xa0/0xa0
[ 2240.429097][T12892]  do_vfs_ioctl+0x744/0x1730
[ 2240.433659][T12892]  ? selinux_file_ioctl+0x723/0x970
12:02:01 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x460040)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x7fff, 0x9, 0x1f, 0x8, "30738deab7df496bbaecc88deef883942b774965f876039cbb006ec65112fca41f3d6f626654b3852fd0143642840948a336e2d0dc3281b73b06b922d1488b49", "5766183a112cc03301468e8c1bcd8db5fe141ab692852a86fa192e542ed9971e", [0x7, 0x4fd0b5a5]})
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x460040) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x7fff, 0x9, 0x1f, 0x8, "30738deab7df496bbaecc88deef883942b774965f876039cbb006ec65112fca41f3d6f626654b3852fd0143642840948a336e2d0dc3281b73b06b922d1488b49", "5766183a112cc03301468e8c1bcd8db5fe141ab692852a86fa192e542ed9971e", [0x7, 0x4fd0b5a5]}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)

12:02:01 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1, 0x80002)
ioctl$USBDEVFS_GETDRIVER(r1, 0x41045508, &(0x7f0000000040)={0x0, "65ece4435f8e488a9330ff003ec25d6c6c6efe5198539df74a7c3e4a6680adf38a42fe87073213053ffbefe18e17cc1654744bd93fe5fb0fc03aeb09d9fd0b3ef3fd3633a8e8fea3c57252ebd72890189a446cddd0cd6cfe404803ab07a938d98d2ae4af1f556a438d36b2fa9c9bc16558a59c6fe0673778fed8196136ad85cd7dbec82f987db2a19a3b396096ba8f2c405f249e2e6e1d6f8582dfd27a440fc7052f07a7398ebb4cb013debcfdc50e221dde9b3d1b313e2bc39c67be65c9657af1d85bf20b0a8dbb590db250912c274611d3aa3fc66002b8c2665600c68b31560cc857091de3c8aaac6460545260adf5f0fcba37039bbd33fb151a90891084fa"}) (async)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x401, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:01 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0xb, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x5, 0x5, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0xb, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x5, 0x5, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:01 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 27)

12:02:01 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x4000)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000000c0))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x57c)

12:02:01 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file0\x00', 0x20, 0x1)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
mknodat$loop(r1, &(0x7f0000000000)='./file0\x00', 0x20, 0x1) (async)

[ 2240.438829][T12892]  ? ioctl_preallocate+0x250/0x250
[ 2240.443911][T12892]  ? __fget+0x40c/0x4a0
[ 2240.448034][T12892]  ? fget_many+0x20/0x20
[ 2240.452243][T12892]  ? check_preemption_disabled+0x154/0x330
[ 2240.458018][T12892]  ? debug_smp_processor_id+0x20/0x20
[ 2240.463382][T12892]  ? security_file_ioctl+0x9d/0xb0
[ 2240.468472][T12892]  __x64_sys_ioctl+0xd4/0x110
[ 2240.473121][T12892]  do_syscall_64+0xcb/0x1c0
[ 2240.477609][T12892]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:01 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1, 0x80002)
ioctl$USBDEVFS_GETDRIVER(r1, 0x41045508, &(0x7f0000000040)={0x0, "65ece4435f8e488a9330ff003ec25d6c6c6efe5198539df74a7c3e4a6680adf38a42fe87073213053ffbefe18e17cc1654744bd93fe5fb0fc03aeb09d9fd0b3ef3fd3633a8e8fea3c57252ebd72890189a446cddd0cd6cfe404803ab07a938d98d2ae4af1f556a438d36b2fa9c9bc16558a59c6fe0673778fed8196136ad85cd7dbec82f987db2a19a3b396096ba8f2c405f249e2e6e1d6f8582dfd27a440fc7052f07a7398ebb4cb013debcfdc50e221dde9b3d1b313e2bc39c67be65c9657af1d85bf20b0a8dbb590db250912c274611d3aa3fc66002b8c2665600c68b31560cc857091de3c8aaac6460545260adf5f0fcba37039bbd33fb151a90891084fa"})
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x401, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1, 0x80002) (async)
ioctl$USBDEVFS_GETDRIVER(r1, 0x41045508, &(0x7f0000000040)={0x0, "65ece4435f8e488a9330ff003ec25d6c6c6efe5198539df74a7c3e4a6680adf38a42fe87073213053ffbefe18e17cc1654744bd93fe5fb0fc03aeb09d9fd0b3ef3fd3633a8e8fea3c57252ebd72890189a446cddd0cd6cfe404803ab07a938d98d2ae4af1f556a438d36b2fa9c9bc16558a59c6fe0673778fed8196136ad85cd7dbec82f987db2a19a3b396096ba8f2c405f249e2e6e1d6f8582dfd27a440fc7052f07a7398ebb4cb013debcfdc50e221dde9b3d1b313e2bc39c67be65c9657af1d85bf20b0a8dbb590db250912c274611d3aa3fc66002b8c2665600c68b31560cc857091de3c8aaac6460545260adf5f0fcba37039bbd33fb151a90891084fa"}) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x401, 0x0) (async)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

12:02:01 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$9p(r0, &(0x7f0000000040)="4c10cb", 0x3)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:01 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)

[ 2240.522913][T12912] FAULT_INJECTION: forcing a failure.
[ 2240.522913][T12912] name failslab, interval 1, probability 0, space 0, times 0
[ 2240.536626][T12912] CPU: 0 PID: 12912 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2240.546864][T12912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2240.556896][T12912] Call Trace:
[ 2240.560167][T12912]  dump_stack+0x1d8/0x241
[ 2240.564465][T12912]  ? panic+0x73e/0x73e
[ 2240.568502][T12912]  ? blk_mq_realloc_hw_ctxs+0x68a/0x1450
[ 2240.574100][T12912]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2240.579873][T12912]  ? loop_control_ioctl+0x564/0x740
[ 2240.585039][T12912]  ? __x64_sys_ioctl+0xd4/0x110
[ 2240.589854][T12912]  ? do_syscall_64+0xcb/0x1c0
[ 2240.594500][T12912]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2240.600537][T12912]  should_fail+0x709/0x870
[ 2240.604924][T12912]  ? setup_fault_attr+0x3d0/0x3d0
[ 2240.609916][T12912]  ? sbitmap_init_node+0x14e/0x3a0
[ 2240.614999][T12912]  should_failslab+0x5/0x20
[ 2240.619478][T12912]  __kmalloc+0x51/0x2b0
[ 2240.623604][T12912]  sbitmap_init_node+0x14e/0x3a0
[ 2240.628510][T12912]  blk_mq_realloc_hw_ctxs+0x6f0/0x1450
[ 2240.633937][T12912]  blk_mq_init_allocated_queue+0x4d6/0x16c0
[ 2240.639800][T12912]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2240.645140][T12912]  blk_mq_init_queue+0x48/0xa0
[ 2240.649872][T12912]  loop_add+0x256/0x710
[ 2240.653999][T12912]  ? radix_tree_lookup+0x17a/0x1d0
[ 2240.659080][T12912]  loop_control_ioctl+0x564/0x740
[ 2240.664073][T12912]  ? loop_remove+0xa0/0xa0
[ 2240.668457][T12912]  ? __lru_cache_add+0x1bf/0x210
[ 2240.673365][T12912]  ? memset+0x1f/0x40
[ 2240.677316][T12912]  ? fsnotify+0x1332/0x13f0
[ 2240.683004][T12912]  ? loop_remove+0xa0/0xa0
[ 2240.687390][T12912]  do_vfs_ioctl+0x744/0x1730
[ 2240.691949][T12912]  ? selinux_file_ioctl+0x723/0x970
[ 2240.697816][T12912]  ? ioctl_preallocate+0x250/0x250
[ 2240.702897][T12912]  ? __fget+0x40c/0x4a0
[ 2240.707021][T12912]  ? fget_many+0x20/0x20
[ 2240.711238][T12912]  ? check_preemption_disabled+0x154/0x330
[ 2240.717011][T12912]  ? debug_smp_processor_id+0x20/0x20
12:02:02 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r1, 0x0, 0x0) (async)
mknodat$loop(r1, &(0x7f0000000000)='./file0\x00', 0x20, 0x1)

12:02:02 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0xb, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x5, 0x5, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000180), 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0xb, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x5, 0x5, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:02 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 28)

[ 2240.722350][T12912]  ? security_file_ioctl+0x9d/0xb0
[ 2240.727430][T12912]  __x64_sys_ioctl+0xd4/0x110
[ 2240.732077][T12912]  do_syscall_64+0xcb/0x1c0
[ 2240.736553][T12912]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:02 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x4000)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000000c0))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x57c)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x4000) (async)
ioctl$LOOP_CLR_FD(r0, 0x4c01) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000000c0)) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x57c) (async)

12:02:02 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)

12:02:02 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
write$9p(r0, &(0x7f0000000040)="4c10cb", 0x3) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

[ 2240.796608][T12949] FAULT_INJECTION: forcing a failure.
[ 2240.796608][T12949] name failslab, interval 1, probability 0, space 0, times 0
[ 2240.812542][T12949] CPU: 0 PID: 12949 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2240.822877][T12949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2240.832933][T12949] Call Trace:
[ 2240.836202][T12949]  dump_stack+0x1d8/0x241
[ 2240.840500][T12949]  ? panic+0x73e/0x73e
[ 2240.844538][T12949]  ? blk_mq_realloc_hw_ctxs+0x68a/0x1450
[ 2240.850136][T12949]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2240.855914][T12949]  ? loop_control_ioctl+0x564/0x740
[ 2240.861085][T12949]  ? __x64_sys_ioctl+0xd4/0x110
[ 2240.865903][T12949]  ? do_syscall_64+0xcb/0x1c0
[ 2240.870547][T12949]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2240.876589][T12949]  should_fail+0x709/0x870
[ 2240.880980][T12949]  ? setup_fault_attr+0x3d0/0x3d0
[ 2240.885973][T12949]  ? sbitmap_init_node+0x14e/0x3a0
[ 2240.891050][T12949]  should_failslab+0x5/0x20
[ 2240.895519][T12949]  __kmalloc+0x51/0x2b0
[ 2240.899645][T12949]  sbitmap_init_node+0x14e/0x3a0
[ 2240.904552][T12949]  blk_mq_realloc_hw_ctxs+0x6f0/0x1450
[ 2240.909980][T12949]  blk_mq_init_allocated_queue+0x4d6/0x16c0
[ 2240.915840][T12949]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2240.921181][T12949]  blk_mq_init_queue+0x48/0xa0
[ 2240.925914][T12949]  loop_add+0x256/0x710
[ 2240.930036][T12949]  ? radix_tree_lookup+0x17a/0x1d0
[ 2240.935116][T12949]  loop_control_ioctl+0x564/0x740
[ 2240.940109][T12949]  ? loop_remove+0xa0/0xa0
[ 2240.944492][T12949]  ? __lru_cache_add+0x1bf/0x210
[ 2240.949394][T12949]  ? memset+0x1f/0x40
[ 2240.953347][T12949]  ? fsnotify+0x1332/0x13f0
[ 2240.957815][T12949]  ? loop_remove+0xa0/0xa0
[ 2240.962202][T12949]  do_vfs_ioctl+0x744/0x1730
[ 2240.966762][T12949]  ? selinux_file_ioctl+0x723/0x970
[ 2240.971931][T12949]  ? ioctl_preallocate+0x250/0x250
[ 2240.977012][T12949]  ? __fget+0x40c/0x4a0
[ 2240.981136][T12949]  ? fget_many+0x20/0x20
[ 2240.985348][T12949]  ? check_preemption_disabled+0x154/0x330
[ 2240.991120][T12949]  ? debug_smp_processor_id+0x20/0x20
12:02:02 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)

12:02:02 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
mknodat$null(r1, &(0x7f0000000200)='./file0\x00', 0x10, 0x103)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x129000, 0x0)

12:02:02 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1) (async)

12:02:02 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 29)

12:02:02 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) (async)

[ 2240.996462][T12949]  ? security_file_ioctl+0x9d/0xb0
[ 2241.001545][T12949]  __x64_sys_ioctl+0xd4/0x110
[ 2241.006194][T12949]  do_syscall_64+0xcb/0x1c0
[ 2241.010668][T12949]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:02 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) (async)

12:02:02 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
write$P9_RRENAMEAT(r2, &(0x7f0000000340)={0x7, 0x4b, 0x1}, 0x7)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="080002000000ffdbdf25040000006c00088014000780080006009400000008000500e6fb94272400078008000500bc1718070800050049626d41080005001d5e2567080006003700000014000780080006009300000008000500ecaa15401c000780080005008ec97b75080005007674992d080085822aef7a5a0500ca7c875f0800"], 0x88}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004881)
ioctl$USBDEVFS_CONNECTINFO(r2, 0x40085511, &(0x7f0000000380))
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x3, 0x2, 0x4, 0x190, r5, 0xa2, '\x00', 0x0, r6, 0x3, 0x0, 0x2, 0x5}, 0x48)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:02 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x121082)
write$P9_RSYMLINK(r0, &(0x7f0000000040)={0x14, 0x11, 0x2, {0x80, 0x0, 0x6}}, 0x14)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/hci_uart', 0x400580, 0xb0)

12:02:02 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x4000)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000000c0))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x57c)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x4000) (async)
ioctl$LOOP_CLR_FD(r0, 0x4c01) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000000c0)) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x57c) (async)

[ 2241.083643][T12982] FAULT_INJECTION: forcing a failure.
[ 2241.083643][T12982] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.097090][T12982] CPU: 1 PID: 12982 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2241.107327][T12982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2241.117365][T12982] Call Trace:
[ 2241.120642][T12982]  dump_stack+0x1d8/0x241
[ 2241.124943][T12982]  ? panic+0x73e/0x73e
[ 2241.128981][T12982]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2241.134754][T12982]  should_fail+0x709/0x870
[ 2241.139137][T12982]  ? setup_fault_attr+0x3d0/0x3d0
[ 2241.144129][T12982]  ? blk_alloc_flush_queue+0xd0/0x230
[ 2241.149466][T12982]  should_failslab+0x5/0x20
[ 2241.153937][T12982]  __kmalloc+0x51/0x2b0
[ 2241.158061][T12982]  ? blk_alloc_flush_queue+0x70/0x230
[ 2241.163418][T12982]  blk_alloc_flush_queue+0xd0/0x230
[ 2241.168608][T12982]  blk_mq_realloc_hw_ctxs+0x8b5/0x1450
[ 2241.174050][T12982]  blk_mq_init_allocated_queue+0x4d6/0x16c0
[ 2241.179925][T12982]  ? blk_alloc_queue_node+0x4e7/0x580
[ 2241.185276][T12982]  blk_mq_init_queue+0x48/0xa0
[ 2241.190022][T12982]  loop_add+0x256/0x710
[ 2241.194156][T12982]  ? radix_tree_lookup+0x17a/0x1d0
[ 2241.199238][T12982]  loop_control_ioctl+0x564/0x740
[ 2241.204233][T12982]  ? loop_remove+0xa0/0xa0
[ 2241.208620][T12982]  ? __lru_cache_add+0x1bf/0x210
[ 2241.213523][T12982]  ? memset+0x1f/0x40
[ 2241.217475][T12982]  ? fsnotify+0x1332/0x13f0
[ 2241.221975][T12982]  ? loop_remove+0xa0/0xa0
[ 2241.226373][T12982]  do_vfs_ioctl+0x744/0x1730
12:02:02 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 30)

12:02:02 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
write$P9_RRENAMEAT(r2, &(0x7f0000000340)={0x7, 0x4b, 0x1}, 0x7) (async)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="080002000000ffdbdf25040000006c00088014000780080006009400000008000500e6fb94272400078008000500bc1718070800050049626d41080005001d5e2567080006003700000014000780080006009300000008000500ecaa15401c000780080005008ec97b75080005007674992d080085822aef7a5a0500ca7c875f0800"], 0x88}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004881) (async)
ioctl$USBDEVFS_CONNECTINFO(r2, 0x40085511, &(0x7f0000000380))
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x3, 0x2, 0x4, 0x190, r5, 0xa2, '\x00', 0x0, r6, 0x3, 0x0, 0x2, 0x5}, 0x48) (async)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:02 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e) (async)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
mknodat$null(r1, &(0x7f0000000200)='./file0\x00', 0x10, 0x103)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x129000, 0x0)

12:02:02 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)

12:02:02 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x121082)
write$P9_RSYMLINK(r0, &(0x7f0000000040)={0x14, 0x11, 0x2, {0x80, 0x0, 0x6}}, 0x14) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/hci_uart', 0x400580, 0xb0)

[ 2241.230945][T12982]  ? selinux_file_ioctl+0x723/0x970
[ 2241.236114][T12982]  ? ioctl_preallocate+0x250/0x250
[ 2241.241206][T12982]  ? __fget+0x40c/0x4a0
[ 2241.245491][T12982]  ? fget_many+0x20/0x20
[ 2241.249709][T12982]  ? check_preemption_disabled+0x154/0x330
[ 2241.255485][T12982]  ? debug_smp_processor_id+0x20/0x20
[ 2241.260827][T12982]  ? security_file_ioctl+0x9d/0xb0
[ 2241.265911][T12982]  __x64_sys_ioctl+0xd4/0x110
[ 2241.270557][T12982]  do_syscall_64+0xcb/0x1c0
[ 2241.275032][T12982]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2241.319499][T13003] FAULT_INJECTION: forcing a failure.
[ 2241.319499][T13003] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.332407][T13003] CPU: 1 PID: 13003 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2241.342627][T13003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2241.352660][T13003] Call Trace:
[ 2241.355929][T13003]  dump_stack+0x1d8/0x241
[ 2241.360232][T13003]  ? panic+0x73e/0x73e
[ 2241.364270][T13003]  ? find_next_and_bit+0x17b/0x1a0
[ 2241.369348][T13003]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2241.375123][T13003]  ? blk_mq_map_swqueue+0x16f6/0x1850
[ 2241.380461][T13003]  should_fail+0x709/0x870
[ 2241.384843][T13003]  ? setup_fault_attr+0x3d0/0x3d0
[ 2241.389833][T13003]  ? blk_mq_init_allocated_queue+0x1416/0x16c0
[ 2241.395953][T13003]  ? __alloc_disk_node+0x72/0x380
[ 2241.401040][T13003]  should_failslab+0x5/0x20
[ 2241.405516][T13003]  kmem_cache_alloc_trace+0x28/0x240
[ 2241.410776][T13003]  __alloc_disk_node+0x72/0x380
[ 2241.415606][T13003]  loop_add+0x323/0x710
[ 2241.419735][T13003]  loop_control_ioctl+0x564/0x740
[ 2241.424731][T13003]  ? loop_remove+0xa0/0xa0
[ 2241.429114][T13003]  ? __lru_cache_add+0x1bf/0x210
[ 2241.434021][T13003]  ? memset+0x1f/0x40
[ 2241.437979][T13003]  ? fsnotify+0x1332/0x13f0
[ 2241.442458][T13003]  ? loop_remove+0xa0/0xa0
[ 2241.446840][T13003]  do_vfs_ioctl+0x744/0x1730
[ 2241.451401][T13003]  ? selinux_file_ioctl+0x723/0x970
[ 2241.456567][T13003]  ? ioctl_preallocate+0x250/0x250
[ 2241.461644][T13003]  ? __fget+0x40c/0x4a0
[ 2241.465766][T13003]  ? fget_many+0x20/0x20
12:02:02 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x0)

12:02:02 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 31)

12:02:02 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)

12:02:02 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
mknodat$null(r1, &(0x7f0000000200)='./file0\x00', 0x10, 0x103)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x129000, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e) (async)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
mknodat$null(r1, &(0x7f0000000200)='./file0\x00', 0x10, 0x103) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x129000, 0x0) (async)

[ 2241.469978][T13003]  ? check_preemption_disabled+0x154/0x330
[ 2241.475751][T13003]  ? debug_smp_processor_id+0x20/0x20
[ 2241.481089][T13003]  ? security_file_ioctl+0x9d/0xb0
[ 2241.486165][T13003]  __x64_sys_ioctl+0xd4/0x110
[ 2241.490812][T13003]  do_syscall_64+0xcb/0x1c0
[ 2241.495286][T13003]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:02 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x0)

12:02:02 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
write$P9_RRENAMEAT(r2, &(0x7f0000000340)={0x7, 0x4b, 0x1}, 0x7)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="080002000000ffdbdf25040000006c00088014000780080006009400000008000500e6fb94272400078008000500bc1718070800050049626d41080005001d5e2567080006003700000014000780080006009300000008000500ecaa15401c000780080005008ec97b75080005007674992d080085822aef7a5a0500ca7c875f0800"], 0x88}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004881)
ioctl$USBDEVFS_CONNECTINFO(r2, 0x40085511, &(0x7f0000000380))
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x3, 0x2, 0x4, 0x190, r5, 0xa2, '\x00', 0x0, r6, 0x3, 0x0, 0x2, 0x5}, 0x48)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
write$P9_RRENAMEAT(r2, &(0x7f0000000340)={0x7, 0x4b, 0x1}, 0x7) (async)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), 0xffffffffffffffff) (async)
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="080002000000ffdbdf25040000006c00088014000780080006009400000008000500e6fb94272400078008000500bc1718070800050049626d41080005001d5e2567080006003700000014000780080006009300000008000500ecaa15401c000780080005008ec97b75080005007674992d080085822aef7a5a0500ca7c875f0800"], 0x88}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004881) (async)
ioctl$USBDEVFS_CONNECTINFO(r2, 0x40085511, &(0x7f0000000380)) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r6, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x3, 0x2, 0x4, 0x190, r5, 0xa2, '\x00', 0x0, r6, 0x3, 0x0, 0x2, 0x5}, 0x48) (async)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:02 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x0, 0x121082)
write$P9_RSYMLINK(r0, &(0x7f0000000040)={0x14, 0x11, 0x2, {0x80, 0x0, 0x6}}, 0x14)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/hci_uart', 0x400580, 0xb0)

[ 2241.527995][T13029] FAULT_INJECTION: forcing a failure.
[ 2241.527995][T13029] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.541798][T13029] CPU: 1 PID: 13029 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2241.552032][T13029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2241.562068][T13029] Call Trace:
[ 2241.565341][T13029]  dump_stack+0x1d8/0x241
[ 2241.569650][T13029]  ? panic+0x73e/0x73e
12:02:02 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000300)={0x3}, 0x4)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
ioctl$USBDEVFS_GETDRIVER(r2, 0x41045508, &(0x7f00000001c0)={0x9, "7cbe40fa9043967cdea27b29930633dc319ced7abaca225e007312a68c8a1fb0e26227bd2df7d6f7ae629247809f49aa49e9f9c78717996cee4d4a775f116428c4b771b8d23d9cd40d64bc3fd28c29373679c72f1932c782af869a3089bfd82fc12848cc1fc917a9a5f04d644a9debf779f57a1c2ebf9ebc2453ba5d1450832f7d422a91e3cb6191c44152f9d11cc7740738f5b0670601faa94df5aafe0c1792babc8c9298e7df6bc7beb2227b33286e917937bb9d200a6501d69cfc23cc0305543cdf036f5441c27ae0a4d30d937bc355f2463042dd426a2f3f643d428bc92619d704acd094f9c2cb79f47f648c3552a1301044ec20f32526edf4306d998e91"})

[ 2241.573695][T13029]  ? find_next_and_bit+0x17b/0x1a0
[ 2241.578770][T13029]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2241.584541][T13029]  ? blk_mq_map_swqueue+0x16f6/0x1850
[ 2241.589884][T13029]  should_fail+0x709/0x870
[ 2241.594296][T13029]  ? setup_fault_attr+0x3d0/0x3d0
[ 2241.599294][T13029]  ? blk_mq_init_allocated_queue+0x1416/0x16c0
[ 2241.605441][T13029]  ? __alloc_disk_node+0x72/0x380
[ 2241.610459][T13029]  should_failslab+0x5/0x20
[ 2241.614954][T13029]  kmem_cache_alloc_trace+0x28/0x240
[ 2241.620237][T13029]  __alloc_disk_node+0x72/0x380
[ 2241.625061][T13029]  loop_add+0x323/0x710
[ 2241.629184][T13029]  loop_control_ioctl+0x564/0x740
[ 2241.634179][T13029]  ? loop_remove+0xa0/0xa0
[ 2241.638563][T13029]  ? __lru_cache_add+0x1bf/0x210
[ 2241.643466][T13029]  ? memset+0x1f/0x40
[ 2241.647416][T13029]  ? fsnotify+0x1332/0x13f0
[ 2241.651920][T13029]  ? loop_remove+0xa0/0xa0
[ 2241.656305][T13029]  do_vfs_ioctl+0x744/0x1730
[ 2241.660874][T13029]  ? selinux_file_ioctl+0x723/0x970
[ 2241.666049][T13029]  ? ioctl_preallocate+0x250/0x250
[ 2241.671151][T13029]  ? __fget+0x40c/0x4a0
12:02:03 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)

12:02:03 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RFLUSH(r1, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)

12:02:03 executing program 1:
write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000080)={@val={0x0, 0x883e}, @void, @eth={@local, @random="f6e265846798", @void, {@generic={0x11, "d3a3b0450b4358547cbc0199866ee1f74be641bfc8696b98816b7769c5deda82a11c6ae086d7b1ecba9762e645b0cb3cd464dbc5150a298dc4e4f9a6bae1d4d83b731066fb63ba76cf8f1d2eb1879377d8731643f452a4dc2eafb5d6865688aa20faed4127335e998061ce65b534ecc965a56bf46e6713ef3e7ce7a4eb5d72232b42df2659c6ede2c981b027"}}}}, 0x9e)

12:02:03 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 32)

[ 2241.675286][T13029]  ? fget_many+0x20/0x20
[ 2241.679495][T13029]  ? check_preemption_disabled+0x154/0x330
[ 2241.685276][T13029]  ? debug_smp_processor_id+0x20/0x20
[ 2241.690617][T13029]  ? security_file_ioctl+0x9d/0xb0
[ 2241.695719][T13029]  __x64_sys_ioctl+0xd4/0x110
[ 2241.700370][T13029]  do_syscall_64+0xcb/0x1c0
[ 2241.704842][T13029]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:03 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x0) (async)

12:02:03 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000300)={0x3}, 0x4)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
ioctl$USBDEVFS_GETDRIVER(r2, 0x41045508, &(0x7f00000001c0)={0x9, "7cbe40fa9043967cdea27b29930633dc319ced7abaca225e007312a68c8a1fb0e26227bd2df7d6f7ae629247809f49aa49e9f9c78717996cee4d4a775f116428c4b771b8d23d9cd40d64bc3fd28c29373679c72f1932c782af869a3089bfd82fc12848cc1fc917a9a5f04d644a9debf779f57a1c2ebf9ebc2453ba5d1450832f7d422a91e3cb6191c44152f9d11cc7740738f5b0670601faa94df5aafe0c1792babc8c9298e7df6bc7beb2227b33286e917937bb9d200a6501d69cfc23cc0305543cdf036f5441c27ae0a4d30d937bc355f2463042dd426a2f3f643d428bc92619d704acd094f9c2cb79f47f648c3552a1301044ec20f32526edf4306d998e91"})

12:02:03 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f00000002c0)=[&(0x7f0000000000)='%$\x00', &(0x7f0000000100)='\'{:##\x00', &(0x7f0000000140)='\x00', &(0x7f0000000300)='#\x8a\x1c}#*\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:03 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RFLUSH(r1, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)

12:02:03 executing program 1:
write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
write$tun(r0, &(0x7f0000000080)={@val={0x0, 0x883e}, @void, @eth={@local, @random="f6e265846798", @void, {@generic={0x11, "d3a3b0450b4358547cbc0199866ee1f74be641bfc8696b98816b7769c5deda82a11c6ae086d7b1ecba9762e645b0cb3cd464dbc5150a298dc4e4f9a6bae1d4d83b731066fb63ba76cf8f1d2eb1879377d8731643f452a4dc2eafb5d6865688aa20faed4127335e998061ce65b534ecc965a56bf46e6713ef3e7ce7a4eb5d72232b42df2659c6ede2c981b027"}}}}, 0x9e)

[ 2241.736753][T13072] FAULT_INJECTION: forcing a failure.
[ 2241.736753][T13072] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.758191][T13072] CPU: 1 PID: 13072 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2241.768439][T13072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2241.778470][T13072] Call Trace:
[ 2241.781741][T13072]  dump_stack+0x1d8/0x241
[ 2241.786053][T13072]  ? panic+0x73e/0x73e
[ 2241.790091][T13072]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2241.795870][T13072]  ? pcpu_chunk_relocate+0xe5/0x3a0
[ 2241.801036][T13072]  should_fail+0x709/0x870
[ 2241.805421][T13072]  ? setup_fault_attr+0x3d0/0x3d0
[ 2241.810410][T13072]  ? find_next_bit+0xc6/0x110
[ 2241.815052][T13072]  ? cpumask_next+0xc/0x20
[ 2241.819438][T13072]  ? disk_expand_part_tbl+0x195/0x3b0
[ 2241.824778][T13072]  should_failslab+0x5/0x20
[ 2241.829248][T13072]  __kmalloc+0x51/0x2b0
[ 2241.833372][T13072]  disk_expand_part_tbl+0x195/0x3b0
[ 2241.838537][T13072]  __alloc_disk_node+0x10b/0x380
[ 2241.843443][T13072]  loop_add+0x323/0x710
[ 2241.847566][T13072]  loop_control_ioctl+0x564/0x740
[ 2241.852555][T13072]  ? loop_remove+0xa0/0xa0
[ 2241.856938][T13072]  ? __lru_cache_add+0x1bf/0x210
[ 2241.861840][T13072]  ? memset+0x1f/0x40
[ 2241.865789][T13072]  ? fsnotify+0x1332/0x13f0
[ 2241.870257][T13072]  ? loop_remove+0xa0/0xa0
[ 2241.874640][T13072]  do_vfs_ioctl+0x744/0x1730
[ 2241.879202][T13072]  ? selinux_file_ioctl+0x723/0x970
12:02:03 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 33)

12:02:03 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x6, 0x840)
getdents64(r0, &(0x7f0000000080)=""/37, 0x25)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

[ 2241.884365][T13072]  ? ioctl_preallocate+0x250/0x250
[ 2241.889444][T13072]  ? __fget+0x40c/0x4a0
[ 2241.893567][T13072]  ? fget_many+0x20/0x20
[ 2241.897778][T13072]  ? check_preemption_disabled+0x154/0x330
[ 2241.903550][T13072]  ? debug_smp_processor_id+0x20/0x20
[ 2241.908892][T13072]  ? security_file_ioctl+0x9d/0xb0
[ 2241.913969][T13072]  __x64_sys_ioctl+0xd4/0x110
[ 2241.918615][T13072]  do_syscall_64+0xcb/0x1c0
[ 2241.923087][T13072]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:03 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000300)={0x3}, 0x4) (async, rerun: 32)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (rerun: 32)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async, rerun: 64)
ioctl$USBDEVFS_GETDRIVER(r2, 0x41045508, &(0x7f00000001c0)={0x9, "7cbe40fa9043967cdea27b29930633dc319ced7abaca225e007312a68c8a1fb0e26227bd2df7d6f7ae629247809f49aa49e9f9c78717996cee4d4a775f116428c4b771b8d23d9cd40d64bc3fd28c29373679c72f1932c782af869a3089bfd82fc12848cc1fc917a9a5f04d644a9debf779f57a1c2ebf9ebc2453ba5d1450832f7d422a91e3cb6191c44152f9d11cc7740738f5b0670601faa94df5aafe0c1792babc8c9298e7df6bc7beb2227b33286e917937bb9d200a6501d69cfc23cc0305543cdf036f5441c27ae0a4d30d937bc355f2463042dd426a2f3f643d428bc92619d704acd094f9c2cb79f47f648c3552a1301044ec20f32526edf4306d998e91"})

12:02:03 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f00000002c0)=[&(0x7f0000000000)='%$\x00', &(0x7f0000000100)='\'{:##\x00', &(0x7f0000000140)='\x00', &(0x7f0000000300)='#\x8a\x1c}#*\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:03 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x6, 0x840)
getdents64(r0, &(0x7f0000000080)=""/37, 0x25) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

[ 2241.984978][T13087] FAULT_INJECTION: forcing a failure.
[ 2241.984978][T13087] name failslab, interval 1, probability 0, space 0, times 0
[ 2241.999675][T13087] CPU: 0 PID: 13087 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2242.009917][T13087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2242.019947][T13087] Call Trace:
[ 2242.023215][T13087]  dump_stack+0x1d8/0x241
[ 2242.027518][T13087]  ? panic+0x73e/0x73e
[ 2242.031553][T13087]  ? stack_trace_save+0x200/0x200
[ 2242.036554][T13087]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2242.042330][T13087]  ? arch_stack_walk+0x114/0x140
[ 2242.047254][T13087]  should_fail+0x709/0x870
[ 2242.051651][T13087]  ? setup_fault_attr+0x3d0/0x3d0
[ 2242.056660][T13087]  ? _raw_spin_unlock_irqrestore+0x57/0x80
[ 2242.062446][T13087]  ? init_wait_entry+0xd0/0xd0
[ 2242.067183][T13087]  ? blk_mq_init_tags+0x74/0x290
[ 2242.072089][T13087]  should_failslab+0x5/0x20
[ 2242.076558][T13087]  kmem_cache_alloc_trace+0x28/0x240
[ 2242.081815][T13087]  blk_mq_init_tags+0x74/0x290
[ 2242.086545][T13087]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[ 2242.092058][T13087]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2242.097051][T13087]  blk_mq_init_sched+0x1f2/0xaf0
[ 2242.101958][T13087]  elevator_init_mq+0x2cd/0x3f0
[ 2242.106786][T13087]  __device_add_disk+0xf1/0x1200
[ 2242.111694][T13087]  ? sprintf+0xd6/0x120
[ 2242.115821][T13087]  ? device_add_disk+0x30/0x30
[ 2242.120556][T13087]  ? vsprintf+0x30/0x30
[ 2242.124686][T13087]  ? device_initialize+0x1c7/0x3d0
[ 2242.129767][T13087]  ? __alloc_disk_node+0x326/0x380
[ 2242.134856][T13087]  loop_add+0x554/0x710
[ 2242.138981][T13087]  loop_control_ioctl+0x564/0x740
[ 2242.143975][T13087]  ? loop_remove+0xa0/0xa0
[ 2242.148361][T13087]  ? __lru_cache_add+0x1bf/0x210
[ 2242.153266][T13087]  ? memset+0x1f/0x40
[ 2242.157218][T13087]  ? fsnotify+0x1332/0x13f0
[ 2242.161690][T13087]  ? loop_remove+0xa0/0xa0
[ 2242.166077][T13087]  do_vfs_ioctl+0x744/0x1730
[ 2242.170639][T13087]  ? selinux_file_ioctl+0x723/0x970
[ 2242.175809][T13087]  ? ioctl_preallocate+0x250/0x250
[ 2242.180891][T13087]  ? __fget+0x40c/0x4a0
12:02:03 executing program 1:
write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000080)={@val={0x0, 0x883e}, @void, @eth={@local, @random="f6e265846798", @void, {@generic={0x11, "d3a3b0450b4358547cbc0199866ee1f74be641bfc8696b98816b7769c5deda82a11c6ae086d7b1ecba9762e645b0cb3cd464dbc5150a298dc4e4f9a6bae1d4d83b731066fb63ba76cf8f1d2eb1879377d8731643f452a4dc2eafb5d6865688aa20faed4127335e998061ce65b534ecc965a56bf46e6713ef3e7ce7a4eb5d72232b42df2659c6ede2c981b027"}}}}, 0x9e)

12:02:03 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RFLUSH(r1, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RFLUSH(r1, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7) (async)

12:02:03 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 34)

[ 2242.185015][T13087]  ? fget_many+0x20/0x20
[ 2242.189232][T13087]  ? check_preemption_disabled+0x154/0x330
[ 2242.195013][T13087]  ? debug_smp_processor_id+0x20/0x20
[ 2242.200352][T13087]  ? security_file_ioctl+0x9d/0xb0
[ 2242.205432][T13087]  __x64_sys_ioctl+0xd4/0x110
[ 2242.210080][T13087]  do_syscall_64+0xcb/0x1c0
[ 2242.214554][T13087]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2242.220528][T13087] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:03 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x1c)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:03 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f00000002c0)=[&(0x7f0000000000)='%$\x00', &(0x7f0000000100)='\'{:##\x00', &(0x7f0000000140)='\x00', &(0x7f0000000300)='#\x8a\x1c}#*\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:03 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x6, 0x840)
getdents64(r0, &(0x7f0000000080)=""/37, 0x25) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:03 executing program 1:
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040), 0x4)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x4100)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000100)=""/98, 0x62, 0x140, &(0x7f0000000180)={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c)

[ 2242.291698][T13112] FAULT_INJECTION: forcing a failure.
[ 2242.291698][T13112] name failslab, interval 1, probability 0, space 0, times 0
[ 2242.307358][T13112] CPU: 1 PID: 13112 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2242.317611][T13112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2242.327646][T13112] Call Trace:
[ 2242.330916][T13112]  dump_stack+0x1d8/0x241
[ 2242.335217][T13112]  ? panic+0x73e/0x73e
[ 2242.339256][T13112]  ? __kasan_kmalloc+0x1a5/0x1e0
[ 2242.344160][T13112]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2242.349933][T13112]  ? blk_mq_init_tags+0x74/0x290
[ 2242.354847][T13112]  ? blk_mq_alloc_rq_map+0x93/0x1a0
[ 2242.360013][T13112]  ? blk_mq_init_sched+0x1f2/0xaf0
[ 2242.365100][T13112]  ? __device_add_disk+0xf1/0x1200
[ 2242.370187][T13112]  ? loop_add+0x554/0x710
[ 2242.374484][T13112]  ? loop_control_ioctl+0x564/0x740
[ 2242.379650][T13112]  ? do_vfs_ioctl+0x744/0x1730
[ 2242.384381][T13112]  should_fail+0x709/0x870
[ 2242.388773][T13112]  ? setup_fault_attr+0x3d0/0x3d0
[ 2242.393776][T13112]  ? sbitmap_queue_init_node+0x15e/0xf70
[ 2242.399375][T13112]  should_failslab+0x5/0x20
[ 2242.403848][T13112]  __kmalloc+0x51/0x2b0
[ 2242.407985][T13112]  sbitmap_queue_init_node+0x15e/0xf70
[ 2242.413415][T13112]  ? blk_mq_init_tags+0x74/0x290
[ 2242.418323][T13112]  blk_mq_init_tags+0xef/0x290
[ 2242.423055][T13112]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2242.428049][T13112]  blk_mq_init_sched+0x1f2/0xaf0
[ 2242.432961][T13112]  elevator_init_mq+0x2cd/0x3f0
[ 2242.437785][T13112]  __device_add_disk+0xf1/0x1200
[ 2242.442695][T13112]  ? sprintf+0xd6/0x120
[ 2242.446820][T13112]  ? device_add_disk+0x30/0x30
[ 2242.451553][T13112]  ? vsprintf+0x30/0x30
[ 2242.455682][T13112]  ? device_initialize+0x1c7/0x3d0
[ 2242.460761][T13112]  ? __alloc_disk_node+0x326/0x380
[ 2242.465842][T13112]  loop_add+0x554/0x710
[ 2242.469967][T13112]  loop_control_ioctl+0x564/0x740
[ 2242.474959][T13112]  ? loop_remove+0xa0/0xa0
[ 2242.479343][T13112]  ? __lru_cache_add+0x1bf/0x210
[ 2242.484249][T13112]  ? memset+0x1f/0x40
[ 2242.488199][T13112]  ? fsnotify+0x1332/0x13f0
[ 2242.492669][T13112]  ? loop_remove+0xa0/0xa0
[ 2242.497057][T13112]  do_vfs_ioctl+0x744/0x1730
[ 2242.501618][T13112]  ? selinux_file_ioctl+0x723/0x970
[ 2242.506788][T13112]  ? ioctl_preallocate+0x250/0x250
[ 2242.511880][T13112]  ? __fget+0x40c/0x4a0
[ 2242.516007][T13112]  ? fget_many+0x20/0x20
[ 2242.520217][T13112]  ? check_preemption_disabled+0x154/0x330
[ 2242.525992][T13112]  ? debug_smp_processor_id+0x20/0x20
[ 2242.531335][T13112]  ? security_file_ioctl+0x9d/0xb0
[ 2242.536433][T13112]  __x64_sys_ioctl+0xd4/0x110
12:02:03 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000080), 0x80)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/dm_mod', 0x101002, 0xb3)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, 0x0, 0xfffffffffffffff1)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000040)=0xffffffff, 0x4)
mknodat$null(r1, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)

12:02:03 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 35)

12:02:03 executing program 1:
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040), 0x4) (async)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x4100)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000100)=""/98, 0x62, 0x140, &(0x7f0000000180)={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c)

12:02:03 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000040)={0x7ff, 0x1, [{0xe, 0x1}]})

[ 2242.541078][T13112]  do_syscall_64+0xcb/0x1c0
[ 2242.545561][T13112]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2242.554366][T13112] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:03 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000340)=[&(0x7f0000000240)='/dev/loop-control\x00', &(0x7f0000000080)='-@\xa3+\xa7\x00', &(0x7f0000000400)='\x00\x00\x00\x00t\xa3\xf9\nFCy\x11\xc0\x91\x97\x83\x86Nj\x9f\xfa\xef\x18\xa1\xabQ\xabE\xba\xd0\x17L\xd52Q\x83\xd9$\x8b\x93)\xc9\xcc\xb1X\xf5\xb3km_t\xed\x15\x10\x8ev\xb3\xef=\x94\x9eu\x80u@\x1c*L\x96\xac\xf4\xe2\xaa:Ww\x88]<\xe9\x91\xe4\xa0\xf4\xde=Q\xc2\xa2\xcd\xcb\xe7r\x87Z\xa2\xe4\x15f\x93\xf4\x94\r\"\x9a\t\x1e\a\x97\x9f\xd2C\xce\xad\xfa,\xe8&\x84\xdc\xbe=\x99\xaa\x8ad\x0e\x01+M\xd4\xd1>\x1a\xe1\xb5 *FR\xc5[\xbc\xe4\a\x89T;\xe9\x95\xe6=\xbb\x01\xe0\x8a\x96q\xc0\x14\x06(h\xa6yB\xc5s\xcdT!\x18\xed\xd6\x16\xef\x90\xa4\x10L\x94\xdc\x89j\xf8)\x0f\x15\x8b\xaf\xef\xd0\x18(=\xbf\xbb\v\xab\x03\xdc\xf4\xea\xba<6\xac\x11\xbc\x96\xc5\xe5\xd1\x81UoV\xa13\x824V>s\x95\x8eN\xb3\xc0\x8br]3<SO([\x1d&\x8c\xfc\xdf\xd7\x01\x17W\x19\"U\x8e\x93\x0e3\b\xac\x0fbl\'\x84m\x90\x80\xae\x18\xd6\xf1\xa8\xcd\xba\xf1_\x9e,\xea\x94g\xdc\xe7\xd9\xfd\xd9\xe2\xe4x\xb5\x95\xe5\xed\x0f\xa4\x84pc\tMA(\x93v\x92\xcf\xf7\x8d\xc0\xa01\xca\x19\xac.\xc4!L\xbd\"\xe5\x0f\xc7_\x1f\xbb\x18T\xd4\xb5s\x933J\x9aL\xbf\xce\x97Q\xc4U\b4\xa6\x16\x1fpB\xff\x8cg?\xf4\x976\xbfP\xba\xc5\xc5lH/\x97}\x93+\xb5F\xfdu\xf0h\xadbz\xc1\x8c#\xb7\xcb{E\x13\x95J\xf60?\xe5)\xf0qQ\x80\x86\x0e\x03\xfcjl\xbe\xc4[Z.\xc6\xdeDc\xc8cBt\xb30\xa6\t\f\x8c[\xc7\xab\xae7\xfc\xb1s\xf5R\xc8\xbf>\x10>\xfe0\xa8\x93\xb2\xd9\xc1\x98\xcb\x9f5\x80\x8a\xc7\xbb\xce\x8cIW \x11+\x8a\xe9\x16\xe5\xb7R\xdd\x98\xe4\x8e\x13\xdf\x9b\x1c\xfd7\x88\xbc\xa57G\x13O\x05\xabv\x85\xcc\'\x8e\xe4h\xa6\x7f\xb4\xec\xd1\xf3\x9bZ;\x1e\xeew\xb5\r\xf0BO\x11\x96)4kg\xa7\xb1\xd6Q\rHy\xa0C|\tX\xfa\xbf\x9aql\xf0\xaf\x95\xd6V2\x1f', &(0x7f0000000180)='-@\xa3+\xa7\x00', &(0x7f00000001c0)='%\'*+@$)\x00', &(0x7f0000000200)=':-):-\x00', &(0x7f0000000640)=')\x00V\xfcxu^L=&\x8c\xf8\xcd\xc0\xba\xd6\xac\\[\xddVR\x1e\x9f.\xf5\x01\x00\x94\xacM%\xa1\xf8c.\xeb h1j\xd4eV\xc2\xf7\xcc\xafs\t8?\x13\xf5A\xbbb\xf0o\xdb\x11\xd2\xe2x\xaf*Q\xab\x04fx\x99bi\xb1', &(0x7f00000000c0)='|\xc97m\x18\x06P\x02', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='}:!+\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x400)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x400800, 0x0)

12:02:03 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000080), 0x80)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/dm_mod', 0x101002, 0xb3)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, 0x0, 0xfffffffffffffff1)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000040)=0xffffffff, 0x4)
mknodat$null(r1, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000080), 0x80) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/dm_mod', 0x101002, 0xb3) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
connect$inet6(r3, 0x0, 0xfffffffffffffff1) (async)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000040)=0xffffffff, 0x4) (async)
mknodat$null(r1, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103) (async)

12:02:03 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x1c) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:03 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000040)={0x7ff, 0x1, [{0xe, 0x1}]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000040)={0x7ff, 0x1, [{0xe, 0x1}]}) (async)

12:02:03 executing program 1:
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000040), 0x4) (async, rerun: 32)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4) (rerun: 32)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x4100)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000100)=""/98, 0x62, 0x140, &(0x7f0000000180)={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c)

[ 2242.628581][T13135] FAULT_INJECTION: forcing a failure.
[ 2242.628581][T13135] name failslab, interval 1, probability 0, space 0, times 0
[ 2242.647500][T13135] CPU: 0 PID: 13135 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2242.657751][T13135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2242.667789][T13135] Call Trace:
[ 2242.671067][T13135]  dump_stack+0x1d8/0x241
[ 2242.675371][T13135]  ? panic+0x73e/0x73e
[ 2242.679410][T13135]  ? __kasan_kmalloc+0x1a5/0x1e0
[ 2242.685444][T13135]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2242.691243][T13135]  ? blk_mq_init_tags+0x74/0x290
[ 2242.696154][T13135]  ? blk_mq_alloc_rq_map+0x93/0x1a0
[ 2242.701327][T13135]  ? blk_mq_init_sched+0x1f2/0xaf0
[ 2242.706408][T13135]  ? __device_add_disk+0xf1/0x1200
[ 2242.711488][T13135]  ? loop_add+0x554/0x710
[ 2242.715785][T13135]  ? loop_control_ioctl+0x564/0x740
[ 2242.720951][T13135]  ? do_vfs_ioctl+0x744/0x1730
[ 2242.725683][T13135]  should_fail+0x709/0x870
[ 2242.730092][T13135]  ? setup_fault_attr+0x3d0/0x3d0
[ 2242.735087][T13135]  ? sbitmap_queue_init_node+0x15e/0xf70
[ 2242.740688][T13135]  should_failslab+0x5/0x20
[ 2242.745159][T13135]  __kmalloc+0x51/0x2b0
[ 2242.749284][T13135]  sbitmap_queue_init_node+0x15e/0xf70
[ 2242.754744][T13135]  ? blk_mq_init_tags+0x74/0x290
[ 2242.759655][T13135]  blk_mq_init_tags+0xef/0x290
[ 2242.764386][T13135]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2242.769383][T13135]  blk_mq_init_sched+0x1f2/0xaf0
[ 2242.774290][T13135]  elevator_init_mq+0x2cd/0x3f0
[ 2242.779111][T13135]  __device_add_disk+0xf1/0x1200
[ 2242.784018][T13135]  ? sprintf+0xd6/0x120
[ 2242.788173][T13135]  ? device_add_disk+0x30/0x30
[ 2242.792905][T13135]  ? vsprintf+0x30/0x30
[ 2242.797031][T13135]  ? device_initialize+0x1c7/0x3d0
[ 2242.802109][T13135]  ? __alloc_disk_node+0x326/0x380
[ 2242.807190][T13135]  loop_add+0x554/0x710
[ 2242.811317][T13135]  loop_control_ioctl+0x564/0x740
[ 2242.816312][T13135]  ? loop_remove+0xa0/0xa0
[ 2242.820701][T13135]  ? __lru_cache_add+0x1bf/0x210
[ 2242.825607][T13135]  ? memset+0x1f/0x40
[ 2242.829558][T13135]  ? fsnotify+0x1332/0x13f0
[ 2242.834033][T13135]  ? loop_remove+0xa0/0xa0
[ 2242.838416][T13135]  do_vfs_ioctl+0x744/0x1730
[ 2242.842975][T13135]  ? selinux_file_ioctl+0x723/0x970
[ 2242.848142][T13135]  ? ioctl_preallocate+0x250/0x250
[ 2242.853223][T13135]  ? __fget+0x40c/0x4a0
[ 2242.857353][T13135]  ? fget_many+0x20/0x20
[ 2242.861564][T13135]  ? check_preemption_disabled+0x154/0x330
[ 2242.867337][T13135]  ? debug_smp_processor_id+0x20/0x20
[ 2242.872699][T13135]  ? security_file_ioctl+0x9d/0xb0
12:02:04 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 36)

12:02:04 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000040)={0x7ff, 0x1, [{0xe, 0x1}]})

12:02:04 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000080), 0x80)
socket$inet6_udp(0xa, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/dm_mod', 0x101002, 0xb3) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, 0x0, 0xfffffffffffffff1) (async)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000040)=0xffffffff, 0x4) (async)
mknodat$null(r1, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)

[ 2242.877779][T13135]  __x64_sys_ioctl+0xd4/0x110
[ 2242.882424][T13135]  do_syscall_64+0xcb/0x1c0
[ 2242.886896][T13135]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2242.893180][T13135] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:04 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000340)=[&(0x7f0000000240)='/dev/loop-control\x00', &(0x7f0000000080)='-@\xa3+\xa7\x00', &(0x7f0000000400)='\x00\x00\x00\x00t\xa3\xf9\nFCy\x11\xc0\x91\x97\x83\x86Nj\x9f\xfa\xef\x18\xa1\xabQ\xabE\xba\xd0\x17L\xd52Q\x83\xd9$\x8b\x93)\xc9\xcc\xb1X\xf5\xb3km_t\xed\x15\x10\x8ev\xb3\xef=\x94\x9eu\x80u@\x1c*L\x96\xac\xf4\xe2\xaa:Ww\x88]<\xe9\x91\xe4\xa0\xf4\xde=Q\xc2\xa2\xcd\xcb\xe7r\x87Z\xa2\xe4\x15f\x93\xf4\x94\r\"\x9a\t\x1e\a\x97\x9f\xd2C\xce\xad\xfa,\xe8&\x84\xdc\xbe=\x99\xaa\x8ad\x0e\x01+M\xd4\xd1>\x1a\xe1\xb5 *FR\xc5[\xbc\xe4\a\x89T;\xe9\x95\xe6=\xbb\x01\xe0\x8a\x96q\xc0\x14\x06(h\xa6yB\xc5s\xcdT!\x18\xed\xd6\x16\xef\x90\xa4\x10L\x94\xdc\x89j\xf8)\x0f\x15\x8b\xaf\xef\xd0\x18(=\xbf\xbb\v\xab\x03\xdc\xf4\xea\xba<6\xac\x11\xbc\x96\xc5\xe5\xd1\x81UoV\xa13\x824V>s\x95\x8eN\xb3\xc0\x8br]3<SO([\x1d&\x8c\xfc\xdf\xd7\x01\x17W\x19\"U\x8e\x93\x0e3\b\xac\x0fbl\'\x84m\x90\x80\xae\x18\xd6\xf1\xa8\xcd\xba\xf1_\x9e,\xea\x94g\xdc\xe7\xd9\xfd\xd9\xe2\xe4x\xb5\x95\xe5\xed\x0f\xa4\x84pc\tMA(\x93v\x92\xcf\xf7\x8d\xc0\xa01\xca\x19\xac.\xc4!L\xbd\"\xe5\x0f\xc7_\x1f\xbb\x18T\xd4\xb5s\x933J\x9aL\xbf\xce\x97Q\xc4U\b4\xa6\x16\x1fpB\xff\x8cg?\xf4\x976\xbfP\xba\xc5\xc5lH/\x97}\x93+\xb5F\xfdu\xf0h\xadbz\xc1\x8c#\xb7\xcb{E\x13\x95J\xf60?\xe5)\xf0qQ\x80\x86\x0e\x03\xfcjl\xbe\xc4[Z.\xc6\xdeDc\xc8cBt\xb30\xa6\t\f\x8c[\xc7\xab\xae7\xfc\xb1s\xf5R\xc8\xbf>\x10>\xfe0\xa8\x93\xb2\xd9\xc1\x98\xcb\x9f5\x80\x8a\xc7\xbb\xce\x8cIW \x11+\x8a\xe9\x16\xe5\xb7R\xdd\x98\xe4\x8e\x13\xdf\x9b\x1c\xfd7\x88\xbc\xa57G\x13O\x05\xabv\x85\xcc\'\x8e\xe4h\xa6\x7f\xb4\xec\xd1\xf3\x9bZ;\x1e\xeew\xb5\r\xf0BO\x11\x96)4kg\xa7\xb1\xd6Q\rHy\xa0C|\tX\xfa\xbf\x9aql\xf0\xaf\x95\xd6V2\x1f', &(0x7f0000000180)='-@\xa3+\xa7\x00', &(0x7f00000001c0)='%\'*+@$)\x00', &(0x7f0000000200)=':-):-\x00', &(0x7f0000000640)=')\x00V\xfcxu^L=&\x8c\xf8\xcd\xc0\xba\xd6\xac\\[\xddVR\x1e\x9f.\xf5\x01\x00\x94\xacM%\xa1\xf8c.\xeb h1j\xd4eV\xc2\xf7\xcc\xafs\t8?\x13\xf5A\xbbb\xf0o\xdb\x11\xd2\xe2x\xaf*Q\xab\x04fx\x99bi\xb1', &(0x7f00000000c0)='|\xc97m\x18\x06P\x02', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='}:!+\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x400) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x400800, 0x0)

12:02:04 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x1c)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x1c) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:04 executing program 1:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x501001, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
mmap$usbfs(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x101)
syz_open_dev$usbfs(&(0x7f0000000080), 0x8000000000000001, 0x41)
write$P9_RFLUSH(r0, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7)

[ 2242.955993][T13163] FAULT_INJECTION: forcing a failure.
[ 2242.955993][T13163] name failslab, interval 1, probability 0, space 0, times 0
[ 2242.969584][T13163] CPU: 0 PID: 13163 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2242.979824][T13163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2242.989859][T13163] Call Trace:
[ 2242.993129][T13163]  dump_stack+0x1d8/0x241
[ 2242.997430][T13163]  ? panic+0x73e/0x73e
[ 2243.001466][T13163]  ? preempt_schedule+0xd9/0xe0
[ 2243.006284][T13163]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2243.012062][T13163]  should_fail+0x709/0x870
[ 2243.016457][T13163]  ? setup_fault_attr+0x3d0/0x3d0
[ 2243.021456][T13163]  ? pcpu_alloc+0xb62/0x1060
[ 2243.026015][T13163]  ? sbitmap_queue_init_node+0x69c/0xf70
[ 2243.031616][T13163]  should_failslab+0x5/0x20
[ 2243.036106][T13163]  kmem_cache_alloc_trace+0x28/0x240
[ 2243.041372][T13163]  sbitmap_queue_init_node+0x69c/0xf70
[ 2243.046829][T13163]  blk_mq_init_tags+0x153/0x290
[ 2243.051660][T13163]  blk_mq_alloc_rq_map+0x93/0x1a0
[ 2243.056662][T13163]  blk_mq_init_sched+0x1f2/0xaf0
[ 2243.061576][T13163]  elevator_init_mq+0x2cd/0x3f0
[ 2243.066400][T13163]  __device_add_disk+0xf1/0x1200
[ 2243.071306][T13163]  ? sprintf+0xd6/0x120
[ 2243.075446][T13163]  ? device_add_disk+0x30/0x30
[ 2243.080180][T13163]  ? vsprintf+0x30/0x30
[ 2243.084309][T13163]  ? device_initialize+0x1c7/0x3d0
[ 2243.089392][T13163]  ? __alloc_disk_node+0x326/0x380
[ 2243.094482][T13163]  loop_add+0x554/0x710
[ 2243.098612][T13163]  loop_control_ioctl+0x564/0x740
[ 2243.103618][T13163]  ? loop_remove+0xa0/0xa0
[ 2243.108012][T13163]  ? __lru_cache_add+0x1bf/0x210
[ 2243.112943][T13163]  ? memset+0x1f/0x40
[ 2243.116903][T13163]  ? fsnotify+0x1332/0x13f0
[ 2243.121401][T13163]  ? loop_remove+0xa0/0xa0
[ 2243.125787][T13163]  do_vfs_ioctl+0x744/0x1730
[ 2243.130453][T13163]  ? selinux_file_ioctl+0x723/0x970
[ 2243.135620][T13163]  ? ioctl_preallocate+0x250/0x250
[ 2243.140715][T13163]  ? __fget+0x40c/0x4a0
[ 2243.144842][T13163]  ? fget_many+0x20/0x20
[ 2243.149053][T13163]  ? check_preemption_disabled+0x154/0x330
12:02:04 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xb, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r2, 0x820, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20004040)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r4, 0x5521)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:04 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 37)

12:02:04 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000140)={0x8, {{0xa, 0x4e21, 0x7, @mcast1, 0x3f}}}, 0x88)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0xc080661a, &(0x7f0000000040)={@desc={0x1, 0x0, @auto="cf3f286b79ab3b1e"}})
connect$inet6(r3, 0x0, 0x0)
write$P9_RLOPEN(r3, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x8}, 0x1}}, 0x18)
write$P9_RREMOVE(r2, 0x0, 0xffffffffffffff45)

12:02:04 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RLINK(r0, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

[ 2243.154828][T13163]  ? debug_smp_processor_id+0x20/0x20
[ 2243.160175][T13163]  ? security_file_ioctl+0x9d/0xb0
[ 2243.165258][T13163]  __x64_sys_ioctl+0xd4/0x110
[ 2243.169906][T13163]  do_syscall_64+0xcb/0x1c0
[ 2243.174381][T13163]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2243.181540][T13163] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:04 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000340)=[&(0x7f0000000240)='/dev/loop-control\x00', &(0x7f0000000080)='-@\xa3+\xa7\x00', &(0x7f0000000400)='\x00\x00\x00\x00t\xa3\xf9\nFCy\x11\xc0\x91\x97\x83\x86Nj\x9f\xfa\xef\x18\xa1\xabQ\xabE\xba\xd0\x17L\xd52Q\x83\xd9$\x8b\x93)\xc9\xcc\xb1X\xf5\xb3km_t\xed\x15\x10\x8ev\xb3\xef=\x94\x9eu\x80u@\x1c*L\x96\xac\xf4\xe2\xaa:Ww\x88]<\xe9\x91\xe4\xa0\xf4\xde=Q\xc2\xa2\xcd\xcb\xe7r\x87Z\xa2\xe4\x15f\x93\xf4\x94\r\"\x9a\t\x1e\a\x97\x9f\xd2C\xce\xad\xfa,\xe8&\x84\xdc\xbe=\x99\xaa\x8ad\x0e\x01+M\xd4\xd1>\x1a\xe1\xb5 *FR\xc5[\xbc\xe4\a\x89T;\xe9\x95\xe6=\xbb\x01\xe0\x8a\x96q\xc0\x14\x06(h\xa6yB\xc5s\xcdT!\x18\xed\xd6\x16\xef\x90\xa4\x10L\x94\xdc\x89j\xf8)\x0f\x15\x8b\xaf\xef\xd0\x18(=\xbf\xbb\v\xab\x03\xdc\xf4\xea\xba<6\xac\x11\xbc\x96\xc5\xe5\xd1\x81UoV\xa13\x824V>s\x95\x8eN\xb3\xc0\x8br]3<SO([\x1d&\x8c\xfc\xdf\xd7\x01\x17W\x19\"U\x8e\x93\x0e3\b\xac\x0fbl\'\x84m\x90\x80\xae\x18\xd6\xf1\xa8\xcd\xba\xf1_\x9e,\xea\x94g\xdc\xe7\xd9\xfd\xd9\xe2\xe4x\xb5\x95\xe5\xed\x0f\xa4\x84pc\tMA(\x93v\x92\xcf\xf7\x8d\xc0\xa01\xca\x19\xac.\xc4!L\xbd\"\xe5\x0f\xc7_\x1f\xbb\x18T\xd4\xb5s\x933J\x9aL\xbf\xce\x97Q\xc4U\b4\xa6\x16\x1fpB\xff\x8cg?\xf4\x976\xbfP\xba\xc5\xc5lH/\x97}\x93+\xb5F\xfdu\xf0h\xadbz\xc1\x8c#\xb7\xcb{E\x13\x95J\xf60?\xe5)\xf0qQ\x80\x86\x0e\x03\xfcjl\xbe\xc4[Z.\xc6\xdeDc\xc8cBt\xb30\xa6\t\f\x8c[\xc7\xab\xae7\xfc\xb1s\xf5R\xc8\xbf>\x10>\xfe0\xa8\x93\xb2\xd9\xc1\x98\xcb\x9f5\x80\x8a\xc7\xbb\xce\x8cIW \x11+\x8a\xe9\x16\xe5\xb7R\xdd\x98\xe4\x8e\x13\xdf\x9b\x1c\xfd7\x88\xbc\xa57G\x13O\x05\xabv\x85\xcc\'\x8e\xe4h\xa6\x7f\xb4\xec\xd1\xf3\x9bZ;\x1e\xeew\xb5\r\xf0BO\x11\x96)4kg\xa7\xb1\xd6Q\rHy\xa0C|\tX\xfa\xbf\x9aql\xf0\xaf\x95\xd6V2\x1f', &(0x7f0000000180)='-@\xa3+\xa7\x00', &(0x7f00000001c0)='%\'*+@$)\x00', &(0x7f0000000200)=':-):-\x00', &(0x7f0000000640)=')\x00V\xfcxu^L=&\x8c\xf8\xcd\xc0\xba\xd6\xac\\[\xddVR\x1e\x9f.\xf5\x01\x00\x94\xacM%\xa1\xf8c.\xeb h1j\xd4eV\xc2\xf7\xcc\xafs\t8?\x13\xf5A\xbbb\xf0o\xdb\x11\xd2\xe2x\xaf*Q\xab\x04fx\x99bi\xb1', &(0x7f00000000c0)='|\xc97m\x18\x06P\x02', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='}:!+\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x400)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x400800, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000340)=[&(0x7f0000000240)='/dev/loop-control\x00', &(0x7f0000000080)='-@\xa3+\xa7\x00', &(0x7f0000000400)='\x00\x00\x00\x00t\xa3\xf9\nFCy\x11\xc0\x91\x97\x83\x86Nj\x9f\xfa\xef\x18\xa1\xabQ\xabE\xba\xd0\x17L\xd52Q\x83\xd9$\x8b\x93)\xc9\xcc\xb1X\xf5\xb3km_t\xed\x15\x10\x8ev\xb3\xef=\x94\x9eu\x80u@\x1c*L\x96\xac\xf4\xe2\xaa:Ww\x88]<\xe9\x91\xe4\xa0\xf4\xde=Q\xc2\xa2\xcd\xcb\xe7r\x87Z\xa2\xe4\x15f\x93\xf4\x94\r\"\x9a\t\x1e\a\x97\x9f\xd2C\xce\xad\xfa,\xe8&\x84\xdc\xbe=\x99\xaa\x8ad\x0e\x01+M\xd4\xd1>\x1a\xe1\xb5 *FR\xc5[\xbc\xe4\a\x89T;\xe9\x95\xe6=\xbb\x01\xe0\x8a\x96q\xc0\x14\x06(h\xa6yB\xc5s\xcdT!\x18\xed\xd6\x16\xef\x90\xa4\x10L\x94\xdc\x89j\xf8)\x0f\x15\x8b\xaf\xef\xd0\x18(=\xbf\xbb\v\xab\x03\xdc\xf4\xea\xba<6\xac\x11\xbc\x96\xc5\xe5\xd1\x81UoV\xa13\x824V>s\x95\x8eN\xb3\xc0\x8br]3<SO([\x1d&\x8c\xfc\xdf\xd7\x01\x17W\x19\"U\x8e\x93\x0e3\b\xac\x0fbl\'\x84m\x90\x80\xae\x18\xd6\xf1\xa8\xcd\xba\xf1_\x9e,\xea\x94g\xdc\xe7\xd9\xfd\xd9\xe2\xe4x\xb5\x95\xe5\xed\x0f\xa4\x84pc\tMA(\x93v\x92\xcf\xf7\x8d\xc0\xa01\xca\x19\xac.\xc4!L\xbd\"\xe5\x0f\xc7_\x1f\xbb\x18T\xd4\xb5s\x933J\x9aL\xbf\xce\x97Q\xc4U\b4\xa6\x16\x1fpB\xff\x8cg?\xf4\x976\xbfP\xba\xc5\xc5lH/\x97}\x93+\xb5F\xfdu\xf0h\xadbz\xc1\x8c#\xb7\xcb{E\x13\x95J\xf60?\xe5)\xf0qQ\x80\x86\x0e\x03\xfcjl\xbe\xc4[Z.\xc6\xdeDc\xc8cBt\xb30\xa6\t\f\x8c[\xc7\xab\xae7\xfc\xb1s\xf5R\xc8\xbf>\x10>\xfe0\xa8\x93\xb2\xd9\xc1\x98\xcb\x9f5\x80\x8a\xc7\xbb\xce\x8cIW \x11+\x8a\xe9\x16\xe5\xb7R\xdd\x98\xe4\x8e\x13\xdf\x9b\x1c\xfd7\x88\xbc\xa57G\x13O\x05\xabv\x85\xcc\'\x8e\xe4h\xa6\x7f\xb4\xec\xd1\xf3\x9bZ;\x1e\xeew\xb5\r\xf0BO\x11\x96)4kg\xa7\xb1\xd6Q\rHy\xa0C|\tX\xfa\xbf\x9aql\xf0\xaf\x95\xd6V2\x1f', &(0x7f0000000180)='-@\xa3+\xa7\x00', &(0x7f00000001c0)='%\'*+@$)\x00', &(0x7f0000000200)=':-):-\x00', &(0x7f0000000640)=')\x00V\xfcxu^L=&\x8c\xf8\xcd\xc0\xba\xd6\xac\\[\xddVR\x1e\x9f.\xf5\x01\x00\x94\xacM%\xa1\xf8c.\xeb h1j\xd4eV\xc2\xf7\xcc\xafs\t8?\x13\xf5A\xbbb\xf0o\xdb\x11\xd2\xe2x\xaf*Q\xab\x04fx\x99bi\xb1', &(0x7f00000000c0)='|\xc97m\x18\x06P\x02', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='}:!+\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x400) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x400800, 0x0) (async)

12:02:04 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xb, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r2, 0x820, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r4, 0x5521) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (rerun: 64)

12:02:04 executing program 1:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x501001, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
mmap$usbfs(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x101) (async)
syz_open_dev$usbfs(&(0x7f0000000080), 0x8000000000000001, 0x41)
write$P9_RFLUSH(r0, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7)

12:02:04 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$P9_RLINK(r0, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RLINK(r0, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)

12:02:04 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000140)={0x8, {{0xa, 0x4e21, 0x7, @mcast1, 0x3f}}}, 0x88)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0xc080661a, &(0x7f0000000040)={@desc={0x1, 0x0, @auto="cf3f286b79ab3b1e"}}) (async)
connect$inet6(r3, 0x0, 0x0) (async)
write$P9_RLOPEN(r3, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x8}, 0x1}}, 0x18)
write$P9_RREMOVE(r2, 0x0, 0xffffffffffffff45)

12:02:04 executing program 1:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x501001, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
mmap$usbfs(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x101) (async)
syz_open_dev$usbfs(&(0x7f0000000080), 0x8000000000000001, 0x41) (async)
write$P9_RFLUSH(r0, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7)

[ 2243.262624][T13197] FAULT_INJECTION: forcing a failure.
[ 2243.262624][T13197] name failslab, interval 1, probability 0, space 0, times 0
[ 2243.278016][T13197] CPU: 0 PID: 13197 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2243.288264][T13197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2243.298297][T13197] Call Trace:
[ 2243.301597][T13197]  dump_stack+0x1d8/0x241
[ 2243.305900][T13197]  ? panic+0x73e/0x73e
[ 2243.309936][T13197]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2243.315712][T13197]  should_fail+0x709/0x870
[ 2243.320101][T13197]  ? sbitmap_queue_init_node+0x69c/0xf70
[ 2243.325703][T13197]  ? setup_fault_attr+0x3d0/0x3d0
[ 2243.330703][T13197]  ? sbitmap_queue_init_node+0xb3d/0xf70
[ 2243.336312][T13197]  ? blk_mq_alloc_rq_map+0xb3/0x1a0
[ 2243.341486][T13197]  should_failslab+0x5/0x20
[ 2243.345970][T13197]  __kmalloc+0x51/0x2b0
[ 2243.350099][T13197]  blk_mq_alloc_rq_map+0xb3/0x1a0
[ 2243.355212][T13197]  blk_mq_init_sched+0x1f2/0xaf0
[ 2243.360123][T13197]  elevator_init_mq+0x2cd/0x3f0
[ 2243.364947][T13197]  __device_add_disk+0xf1/0x1200
[ 2243.369854][T13197]  ? sprintf+0xd6/0x120
[ 2243.374176][T13197]  ? device_add_disk+0x30/0x30
[ 2243.378909][T13197]  ? vsprintf+0x30/0x30
[ 2243.383036][T13197]  ? device_initialize+0x1c7/0x3d0
[ 2243.388119][T13197]  ? __alloc_disk_node+0x326/0x380
[ 2243.393199][T13197]  loop_add+0x554/0x710
[ 2243.397326][T13197]  loop_control_ioctl+0x564/0x740
[ 2243.402321][T13197]  ? loop_remove+0xa0/0xa0
[ 2243.406709][T13197]  ? __lru_cache_add+0x1bf/0x210
[ 2243.411637][T13197]  ? memset+0x1f/0x40
[ 2243.415591][T13197]  ? fsnotify+0x1332/0x13f0
[ 2243.420069][T13197]  ? loop_remove+0xa0/0xa0
[ 2243.424461][T13197]  do_vfs_ioctl+0x744/0x1730
[ 2243.429023][T13197]  ? selinux_file_ioctl+0x723/0x970
[ 2243.434189][T13197]  ? ioctl_preallocate+0x250/0x250
[ 2243.439280][T13197]  ? __fget+0x40c/0x4a0
[ 2243.443411][T13197]  ? fget_many+0x20/0x20
[ 2243.447623][T13197]  ? check_preemption_disabled+0x154/0x330
[ 2243.453582][T13197]  ? debug_smp_processor_id+0x20/0x20
12:02:04 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 38)

[ 2243.458942][T13197]  ? security_file_ioctl+0x9d/0xb0
[ 2243.464024][T13197]  __x64_sys_ioctl+0xd4/0x110
[ 2243.468680][T13197]  do_syscall_64+0xcb/0x1c0
[ 2243.473153][T13197]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2243.480168][T13197] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:04 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:04 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xb, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r2, 0x820, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20004040)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r4, 0x5521)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xb, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r2, 0x820, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20004040) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r4, 0x5521) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:04 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
write$P9_RLINK(r0, &(0x7f0000000040)={0x7, 0x47, 0x1}, 0x7)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:04 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000140)={0x8, {{0xa, 0x4e21, 0x7, @mcast1, 0x3f}}}, 0x88) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0xc080661a, &(0x7f0000000040)={@desc={0x1, 0x0, @auto="cf3f286b79ab3b1e"}}) (async)
connect$inet6(r3, 0x0, 0x0) (async)
write$P9_RLOPEN(r3, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x8}, 0x1}}, 0x18)
write$P9_RREMOVE(r2, 0x0, 0xffffffffffffff45)

[ 2243.530009][T13216] FAULT_INJECTION: forcing a failure.
[ 2243.530009][T13216] name failslab, interval 1, probability 0, space 0, times 0
[ 2243.546374][T13216] CPU: 1 PID: 13216 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2243.556617][T13216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2243.566652][T13216] Call Trace:
[ 2243.569919][T13216]  dump_stack+0x1d8/0x241
[ 2243.574217][T13216]  ? panic+0x73e/0x73e
12:02:04 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000180), 0x2, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f00000001c0)={0x262, 0x1, [{0x9}]})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2243.578259][T13216]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2243.584039][T13216]  should_fail+0x709/0x870
[ 2243.588430][T13216]  ? setup_fault_attr+0x3d0/0x3d0
[ 2243.593422][T13216]  ? blk_mq_alloc_rq_map+0xe9/0x1a0
[ 2243.598606][T13216]  should_failslab+0x5/0x20
[ 2243.598621][T13216]  __kmalloc+0x51/0x2b0
[ 2243.607240][T13216]  ? blk_mq_alloc_rq_map+0xb3/0x1a0
[ 2243.612431][T13216]  blk_mq_alloc_rq_map+0xe9/0x1a0
[ 2243.617443][T13216]  blk_mq_init_sched+0x1f2/0xaf0
[ 2243.622356][T13216]  elevator_init_mq+0x2cd/0x3f0
[ 2243.627173][T13216]  __device_add_disk+0xf1/0x1200
[ 2243.632079][T13216]  ? sprintf+0xd6/0x120
[ 2243.636200][T13216]  ? device_add_disk+0x30/0x30
[ 2243.640931][T13216]  ? vsprintf+0x30/0x30
[ 2243.645053][T13216]  ? device_initialize+0x1c7/0x3d0
[ 2243.650131][T13216]  ? __alloc_disk_node+0x326/0x380
[ 2243.655210][T13216]  loop_add+0x554/0x710
[ 2243.659335][T13216]  loop_control_ioctl+0x564/0x740
[ 2243.664327][T13216]  ? loop_remove+0xa0/0xa0
[ 2243.668719][T13216]  ? __lru_cache_add+0x1bf/0x210
[ 2243.673627][T13216]  ? memset+0x1f/0x40
[ 2243.677578][T13216]  ? fsnotify+0x1332/0x13f0
[ 2243.682050][T13216]  ? loop_remove+0xa0/0xa0
[ 2243.686441][T13216]  do_vfs_ioctl+0x744/0x1730
[ 2243.691009][T13216]  ? selinux_file_ioctl+0x723/0x970
[ 2243.696181][T13216]  ? ioctl_preallocate+0x250/0x250
[ 2243.701260][T13216]  ? __fget+0x40c/0x4a0
[ 2243.705384][T13216]  ? fget_many+0x20/0x20
[ 2243.709595][T13216]  ? check_preemption_disabled+0x154/0x330
[ 2243.715368][T13216]  ? debug_smp_processor_id+0x20/0x20
[ 2243.720708][T13216]  ? security_file_ioctl+0x9d/0xb0
[ 2243.725786][T13216]  __x64_sys_ioctl+0xd4/0x110
12:02:05 executing program 1:
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000140)={0xf, 0x1f, 0x1, 0x340e}, 0xf)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000040))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/slab', 0x4440, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x7)
getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f0000000180)=""/4096, &(0x7f0000001180)=0x1000)
syz_open_dev$loop(&(0x7f0000000100), 0xbb, 0x100)

12:02:05 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))

12:02:05 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 39)

[ 2243.730434][T13216]  do_syscall_64+0xcb/0x1c0
[ 2243.734907][T13216]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2243.744004][T13216] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:05 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:05 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000180), 0x2, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f00000001c0)={0x262, 0x1, [{0x9}]})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
openat$cgroup_subtree(r3, &(0x7f0000000180), 0x2, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f00000001c0)={0x262, 0x1, [{0x9}]}) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:05 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))

[ 2243.852975][T13252] FAULT_INJECTION: forcing a failure.
[ 2243.852975][T13252] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2243.866396][T13252] CPU: 0 PID: 13252 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2243.876616][T13252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2243.886653][T13252] Call Trace:
[ 2243.889939][T13252]  dump_stack+0x1d8/0x241
[ 2243.894250][T13252]  ? panic+0x73e/0x73e
12:02:05 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000180), 0x2, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f00000001c0)={0x262, 0x1, [{0x9}]})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
openat$cgroup_subtree(r3, &(0x7f0000000180), 0x2, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x8008551d, &(0x7f00000001c0)={0x262, 0x1, [{0x9}]}) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

[ 2243.898296][T13252]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2243.904068][T13252]  ? sbitmap_queue_init_node+0x69c/0xf70
[ 2243.909682][T13252]  should_fail+0x709/0x870
[ 2243.914086][T13252]  ? elevator_init_mq+0x2cd/0x3f0
[ 2243.919107][T13252]  ? setup_fault_attr+0x3d0/0x3d0
[ 2243.924122][T13252]  ? elevator_init_mq+0x2cd/0x3f0
[ 2243.929119][T13252]  ? __device_add_disk+0xf1/0x1200
[ 2243.934208][T13252]  ? loop_add+0x554/0x710
[ 2243.938517][T13252]  ? loop_control_ioctl+0x564/0x740
[ 2243.943690][T13252]  ? do_vfs_ioctl+0x744/0x1730
[ 2243.948424][T13252]  ? do_syscall_64+0xcb/0x1c0
12:02:05 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f00000001c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
getrusage(0xffffffffffffffff, &(0x7f0000000240))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000200))
connect$inet6(r3, 0x0, 0x0)
openat$cgroup_int(r3, &(0x7f0000000180)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0)

[ 2243.953068][T13252]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2243.959107][T13252]  __alloc_pages_nodemask+0x1b6/0x860
[ 2243.964449][T13252]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 2243.969966][T13252]  ? find_next_bit+0xe5/0x110
[ 2243.974617][T13252]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[ 2243.980146][T13252]  blk_mq_alloc_rqs+0x252/0x6d0
[ 2243.984993][T13252]  blk_mq_init_sched+0x256/0xaf0
[ 2243.989920][T13252]  elevator_init_mq+0x2cd/0x3f0
[ 2243.994771][T13252]  __device_add_disk+0xf1/0x1200
[ 2243.999701][T13252]  ? sprintf+0xd6/0x120
[ 2244.003839][T13252]  ? device_add_disk+0x30/0x30
[ 2244.008572][T13252]  ? vsprintf+0x30/0x30
[ 2244.012706][T13252]  ? device_initialize+0x1c7/0x3d0
[ 2244.017786][T13252]  ? __alloc_disk_node+0x326/0x380
[ 2244.022867][T13252]  loop_add+0x554/0x710
[ 2244.026994][T13252]  loop_control_ioctl+0x564/0x740
[ 2244.031988][T13252]  ? loop_remove+0xa0/0xa0
[ 2244.036373][T13252]  ? __lru_cache_add+0x1bf/0x210
[ 2244.041294][T13252]  ? memset+0x1f/0x40
[ 2244.045246][T13252]  ? fsnotify+0x1332/0x13f0
[ 2244.049723][T13252]  ? loop_remove+0xa0/0xa0
[ 2244.054111][T13252]  do_vfs_ioctl+0x744/0x1730
[ 2244.058692][T13252]  ? selinux_file_ioctl+0x723/0x970
[ 2244.063861][T13252]  ? ioctl_preallocate+0x250/0x250
[ 2244.068943][T13252]  ? __fget+0x40c/0x4a0
[ 2244.073076][T13252]  ? fget_many+0x20/0x20
[ 2244.077303][T13252]  ? check_preemption_disabled+0x154/0x330
[ 2244.083086][T13252]  ? debug_smp_processor_id+0x20/0x20
[ 2244.088431][T13252]  ? security_file_ioctl+0x9d/0xb0
[ 2244.093515][T13252]  __x64_sys_ioctl+0xd4/0x110
[ 2244.098163][T13252]  do_syscall_64+0xcb/0x1c0
12:02:05 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:05 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 40)

[ 2244.102639][T13252]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:05 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:02:05 executing program 1:
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000140)={0xf, 0x1f, 0x1, 0x340e}, 0xf) (async)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000040)) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/slab', 0x4440, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0x7)
getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f0000000180)=""/4096, &(0x7f0000001180)=0x1000)
syz_open_dev$loop(&(0x7f0000000100), 0xbb, 0x100)

12:02:05 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f00000001c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
getrusage(0xffffffffffffffff, &(0x7f0000000240)) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000200)) (async, rerun: 64)
connect$inet6(r3, 0x0, 0x0) (rerun: 64)
openat$cgroup_int(r3, &(0x7f0000000180)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0)

12:02:05 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

[ 2244.172498][T13290] FAULT_INJECTION: forcing a failure.
[ 2244.172498][T13290] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2244.191022][T13290] CPU: 1 PID: 13290 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2244.201283][T13290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2244.211316][T13290] Call Trace:
[ 2244.214586][T13290]  dump_stack+0x1d8/0x241
[ 2244.218887][T13290]  ? panic+0x73e/0x73e
[ 2244.222929][T13290]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2244.228706][T13290]  ? sbitmap_queue_init_node+0x69c/0xf70
[ 2244.234308][T13290]  should_fail+0x709/0x870
[ 2244.238752][T13290]  ? elevator_init_mq+0x2cd/0x3f0
[ 2244.243762][T13290]  ? setup_fault_attr+0x3d0/0x3d0
[ 2244.248770][T13290]  ? elevator_init_mq+0x2cd/0x3f0
[ 2244.253765][T13290]  ? __device_add_disk+0xf1/0x1200
[ 2244.258845][T13290]  ? loop_add+0x554/0x710
[ 2244.263142][T13290]  ? loop_control_ioctl+0x564/0x740
[ 2244.268311][T13290]  ? do_vfs_ioctl+0x744/0x1730
[ 2244.273043][T13290]  ? do_syscall_64+0xcb/0x1c0
[ 2244.277695][T13290]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2244.283754][T13290]  __alloc_pages_nodemask+0x1b6/0x860
[ 2244.289096][T13290]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 2244.294609][T13290]  ? find_next_bit+0xe5/0x110
[ 2244.299257][T13290]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[ 2244.304771][T13290]  blk_mq_alloc_rqs+0x252/0x6d0
[ 2244.309592][T13290]  blk_mq_init_sched+0x256/0xaf0
[ 2244.314499][T13290]  elevator_init_mq+0x2cd/0x3f0
[ 2244.319321][T13290]  __device_add_disk+0xf1/0x1200
[ 2244.324233][T13290]  ? sprintf+0xd6/0x120
[ 2244.328367][T13290]  ? device_add_disk+0x30/0x30
[ 2244.333100][T13290]  ? vsprintf+0x30/0x30
[ 2244.337245][T13290]  ? device_initialize+0x1c7/0x3d0
[ 2244.342339][T13290]  ? __alloc_disk_node+0x326/0x380
[ 2244.347421][T13290]  loop_add+0x554/0x710
[ 2244.351557][T13290]  loop_control_ioctl+0x564/0x740
[ 2244.356556][T13290]  ? loop_remove+0xa0/0xa0
[ 2244.360941][T13290]  ? __lru_cache_add+0x1bf/0x210
[ 2244.365847][T13290]  ? memset+0x1f/0x40
[ 2244.369800][T13290]  ? fsnotify+0x1332/0x13f0
[ 2244.374270][T13290]  ? loop_remove+0xa0/0xa0
[ 2244.378657][T13290]  do_vfs_ioctl+0x744/0x1730
[ 2244.383228][T13290]  ? selinux_file_ioctl+0x723/0x970
[ 2244.388398][T13290]  ? ioctl_preallocate+0x250/0x250
[ 2244.393479][T13290]  ? __fget+0x40c/0x4a0
[ 2244.397605][T13290]  ? fget_many+0x20/0x20
[ 2244.401817][T13290]  ? check_preemption_disabled+0x154/0x330
[ 2244.407602][T13290]  ? debug_smp_processor_id+0x20/0x20
[ 2244.412943][T13290]  ? security_file_ioctl+0x9d/0xb0
[ 2244.418022][T13290]  __x64_sys_ioctl+0xd4/0x110
12:02:05 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040)) (async)

12:02:05 executing program 1:
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000140)={0xf, 0x1f, 0x1, 0x340e}, 0xf) (async)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000040)) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/slab', 0x4440, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x7)
getsockopt$netlink(r0, 0x10e, 0x8, &(0x7f0000000180)=""/4096, &(0x7f0000001180)=0x1000) (async)
syz_open_dev$loop(&(0x7f0000000100), 0xbb, 0x100)

12:02:05 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

12:02:05 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 41)

12:02:05 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffff9c, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @aes128, 0x4, @auto="aeeb4298cefbc658"})
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:05 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f00000001c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
getrusage(0xffffffffffffffff, &(0x7f0000000240))
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async, rerun: 32)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async, rerun: 32)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000200)) (async)
connect$inet6(r3, 0x0, 0x0) (async)
openat$cgroup_int(r3, &(0x7f0000000180)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0)

12:02:05 executing program 5:
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
write$P9_RLINK(r0, &(0x7f0000000180)={0x7, 0x47, 0x1}, 0x7)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x8000000000000000, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000040), 0x2, 0x400100)
ioctl$LOOP_CLR_FD(r2, 0x4c01)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x29, 0x9, 0x4, 0x2c, "4280887bd1d8b7d67599b6a2b69697e019d45c59a06ef7ce74c1d0cfe1a3eaf836f2fa4010bc239894895bc05ac85fef1f659d8541d8743b386075b68c46ea5f", "0e39ebcd8ef2dbd25141227573cff1bdb2c28735acc9fe46cc3f577f1e5c50e1", [0x25, 0x6]})

[ 2244.422670][T13290]  do_syscall_64+0xcb/0x1c0
[ 2244.427149][T13290]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:05 executing program 5:
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
write$P9_RLINK(r0, &(0x7f0000000180)={0x7, 0x47, 0x1}, 0x7) (async)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x8000000000000000, 0x0) (async, rerun: 64)
r2 = syz_open_dev$loop(&(0x7f0000000040), 0x2, 0x400100) (rerun: 64)
ioctl$LOOP_CLR_FD(r2, 0x4c01) (async)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x29, 0x9, 0x4, 0x2c, "4280887bd1d8b7d67599b6a2b69697e019d45c59a06ef7ce74c1d0cfe1a3eaf836f2fa4010bc239894895bc05ac85fef1f659d8541d8743b386075b68c46ea5f", "0e39ebcd8ef2dbd25141227573cff1bdb2c28735acc9fe46cc3f577f1e5c50e1", [0x25, 0x6]})

12:02:05 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffff9c, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @aes128, 0x4, @auto="aeeb4298cefbc658"})
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x8000000000000000, 0x300)

12:02:05 executing program 4:
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x1b, 0x1}, 0x7)
socket$igmp6(0xa, 0x3, 0x2)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x1, 0x3, 0x1c, 0x3d, "8f08ce4002a7c41d1f591d5f0999455fc57cc58c284a9615b6710426ad5c218cfeb9cb4db43267c68585dec36e041e31f7e8b72181520acb40d759ba9b155e62", "eef5f0861a35160b2d2d56b1281fe3fb7f953fabd5aa04937e5708ca867d1df9", [0xfffffffffffff000, 0x9]})
write$P9_RREMOVE(r0, 0x0, 0x0)

[ 2244.482614][T13327] FAULT_INJECTION: forcing a failure.
[ 2244.482614][T13327] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2244.496610][T13327] CPU: 0 PID: 13327 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2244.506848][T13327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2244.516883][T13327] Call Trace:
[ 2244.520154][T13327]  dump_stack+0x1d8/0x241
[ 2244.524460][T13327]  ? panic+0x73e/0x73e
[ 2244.528501][T13327]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2244.534277][T13327]  ? preempt_count_add+0x8d/0x180
[ 2244.539275][T13327]  should_fail+0x709/0x870
[ 2244.543691][T13327]  ? setup_fault_attr+0x3d0/0x3d0
[ 2244.548715][T13327]  __alloc_pages_nodemask+0x1b6/0x860
[ 2244.554059][T13327]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 2244.559573][T13327]  ? find_next_bit+0xe5/0x110
[ 2244.564223][T13327]  ? memset+0x1f/0x40
[ 2244.568185][T13327]  blk_mq_alloc_rqs+0x252/0x6d0
[ 2244.573012][T13327]  blk_mq_init_sched+0x256/0xaf0
[ 2244.577931][T13327]  elevator_init_mq+0x2cd/0x3f0
[ 2244.582758][T13327]  __device_add_disk+0xf1/0x1200
[ 2244.587667][T13327]  ? sprintf+0xd6/0x120
[ 2244.591796][T13327]  ? device_add_disk+0x30/0x30
[ 2244.596552][T13327]  ? vsprintf+0x30/0x30
[ 2244.600680][T13327]  ? device_initialize+0x1c7/0x3d0
[ 2244.605762][T13327]  ? __alloc_disk_node+0x326/0x380
[ 2244.610845][T13327]  loop_add+0x554/0x710
[ 2244.614972][T13327]  loop_control_ioctl+0x564/0x740
[ 2244.619986][T13327]  ? loop_remove+0xa0/0xa0
[ 2244.624374][T13327]  ? __lru_cache_add+0x1bf/0x210
[ 2244.629285][T13327]  ? memset+0x1f/0x40
[ 2244.633236][T13327]  ? fsnotify+0x1332/0x13f0
[ 2244.637715][T13327]  ? loop_remove+0xa0/0xa0
[ 2244.642109][T13327]  do_vfs_ioctl+0x744/0x1730
[ 2244.646672][T13327]  ? selinux_file_ioctl+0x723/0x970
[ 2244.651845][T13327]  ? ioctl_preallocate+0x250/0x250
[ 2244.656939][T13327]  ? __fget+0x40c/0x4a0
[ 2244.661064][T13327]  ? fget_many+0x20/0x20
[ 2244.665279][T13327]  ? check_preemption_disabled+0x154/0x330
[ 2244.671094][T13327]  ? debug_smp_processor_id+0x20/0x20
[ 2244.676450][T13327]  ? security_file_ioctl+0x9d/0xb0
12:02:06 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 42)

12:02:06 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2, 0x4}, 0x20)

[ 2244.681531][T13327]  __x64_sys_ioctl+0xd4/0x110
[ 2244.686177][T13327]  do_syscall_64+0xcb/0x1c0
[ 2244.690651][T13327]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:06 executing program 4:
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x1b, 0x1}, 0x7)
socket$igmp6(0xa, 0x3, 0x2)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x1, 0x3, 0x1c, 0x3d, "8f08ce4002a7c41d1f591d5f0999455fc57cc58c284a9615b6710426ad5c218cfeb9cb4db43267c68585dec36e041e31f7e8b72181520acb40d759ba9b155e62", "eef5f0861a35160b2d2d56b1281fe3fb7f953fabd5aa04937e5708ca867d1df9", [0xfffffffffffff000, 0x9]})
write$P9_RREMOVE(r0, 0x0, 0x0)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x1b, 0x1}, 0x7) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
pipe2$watch_queue(&(0x7f0000000000), 0x80) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x1, 0x3, 0x1c, 0x3d, "8f08ce4002a7c41d1f591d5f0999455fc57cc58c284a9615b6710426ad5c218cfeb9cb4db43267c68585dec36e041e31f7e8b72181520acb40d759ba9b155e62", "eef5f0861a35160b2d2d56b1281fe3fb7f953fabd5aa04937e5708ca867d1df9", [0xfffffffffffff000, 0x9]}) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

12:02:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x8000000000000000, 0x300)

[ 2244.733480][T13344] FAULT_INJECTION: forcing a failure.
[ 2244.733480][T13344] name failslab, interval 1, probability 0, space 0, times 0
[ 2244.747218][T13344] CPU: 0 PID: 13344 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2244.757491][T13344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2244.767525][T13344] Call Trace:
[ 2244.770796][T13344]  dump_stack+0x1d8/0x241
[ 2244.775106][T13344]  ? panic+0x73e/0x73e
[ 2244.779169][T13344]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2244.784944][T13344]  should_fail+0x709/0x870
[ 2244.789330][T13344]  ? setup_fault_attr+0x3d0/0x3d0
[ 2244.794324][T13344]  ? dd_init_queue+0x69/0x330
[ 2244.798970][T13344]  should_failslab+0x5/0x20
[ 2244.803442][T13344]  kmem_cache_alloc_trace+0x28/0x240
[ 2244.808697][T13344]  dd_init_queue+0x69/0x330
[ 2244.813191][T13344]  blk_mq_init_sched+0x45c/0xaf0
[ 2244.818112][T13344]  elevator_init_mq+0x2cd/0x3f0
[ 2244.823023][T13344]  __device_add_disk+0xf1/0x1200
[ 2244.827937][T13344]  ? sprintf+0xd6/0x120
[ 2244.832063][T13344]  ? device_add_disk+0x30/0x30
[ 2244.836794][T13344]  ? vsprintf+0x30/0x30
[ 2244.840928][T13344]  ? device_initialize+0x1c7/0x3d0
[ 2244.846028][T13344]  ? __alloc_disk_node+0x326/0x380
[ 2244.851109][T13344]  loop_add+0x554/0x710
[ 2244.855234][T13344]  loop_control_ioctl+0x564/0x740
[ 2244.860227][T13344]  ? loop_remove+0xa0/0xa0
[ 2244.864617][T13344]  ? __lru_cache_add+0x1bf/0x210
[ 2244.869528][T13344]  ? memset+0x1f/0x40
[ 2244.873481][T13344]  ? fsnotify+0x1332/0x13f0
[ 2244.877954][T13344]  ? loop_remove+0xa0/0xa0
[ 2244.882341][T13344]  do_vfs_ioctl+0x744/0x1730
[ 2244.886906][T13344]  ? selinux_file_ioctl+0x723/0x970
[ 2244.892073][T13344]  ? ioctl_preallocate+0x250/0x250
[ 2244.897216][T13344]  ? __fget+0x40c/0x4a0
[ 2244.901371][T13344]  ? fget_many+0x20/0x20
[ 2244.905583][T13344]  ? check_preemption_disabled+0x154/0x330
[ 2244.911357][T13344]  ? debug_smp_processor_id+0x20/0x20
[ 2244.916698][T13344]  ? security_file_ioctl+0x9d/0xb0
[ 2244.921782][T13344]  __x64_sys_ioctl+0xd4/0x110
[ 2244.926428][T13344]  do_syscall_64+0xcb/0x1c0
12:02:06 executing program 5:
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
write$P9_RLINK(r0, &(0x7f0000000180)={0x7, 0x47, 0x1}, 0x7) (async)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x8000000000000000, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000040), 0x2, 0x400100)
ioctl$LOOP_CLR_FD(r2, 0x4c01) (async)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x29, 0x9, 0x4, 0x2c, "4280887bd1d8b7d67599b6a2b69697e019d45c59a06ef7ce74c1d0cfe1a3eaf836f2fa4010bc239894895bc05ac85fef1f659d8541d8743b386075b68c46ea5f", "0e39ebcd8ef2dbd25141227573cff1bdb2c28735acc9fe46cc3f577f1e5c50e1", [0x25, 0x6]})

12:02:06 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 43)

12:02:06 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffff9c, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @aes128, 0x4, @auto="aeeb4298cefbc658"}) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x8000000000000000, 0x300)

[ 2244.931250][T13344]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2244.940000][T13344] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:06 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="000065ffff0400000009bc08003950323030302e75"], 0x15)
unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)

12:02:06 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2, 0x4}, 0x20)

12:02:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x500, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0xabf45a4)

12:02:06 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:06 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="000065ffff0400000009bc08003950323030302e75"], 0x15) (async)
unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)

12:02:06 executing program 4:
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x1b, 0x1}, 0x7)
socket$igmp6(0xa, 0x3, 0x2)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x1, 0x3, 0x1c, 0x3d, "8f08ce4002a7c41d1f591d5f0999455fc57cc58c284a9615b6710426ad5c218cfeb9cb4db43267c68585dec36e041e31f7e8b72181520acb40d759ba9b155e62", "eef5f0861a35160b2d2d56b1281fe3fb7f953fabd5aa04937e5708ca867d1df9", [0xfffffffffffff000, 0x9]})
write$P9_RREMOVE(r0, 0x0, 0x0)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x1b, 0x1}, 0x7) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
pipe2$watch_queue(&(0x7f0000000000), 0x80) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x1, 0x3, 0x1c, 0x3d, "8f08ce4002a7c41d1f591d5f0999455fc57cc58c284a9615b6710426ad5c218cfeb9cb4db43267c68585dec36e041e31f7e8b72181520acb40d759ba9b155e62", "eef5f0861a35160b2d2d56b1281fe3fb7f953fabd5aa04937e5708ca867d1df9", [0xfffffffffffff000, 0x9]}) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

[ 2245.007684][T13373] FAULT_INJECTION: forcing a failure.
[ 2245.007684][T13373] name failslab, interval 1, probability 0, space 0, times 0
[ 2245.020962][T13373] CPU: 0 PID: 13373 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2245.031234][T13373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2245.041278][T13373] Call Trace:
[ 2245.044549][T13373]  dump_stack+0x1d8/0x241
[ 2245.048855][T13373]  ? panic+0x73e/0x73e
[ 2245.052897][T13373]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2245.058674][T13373]  ? __alloc_pages_nodemask+0x372/0x860
[ 2245.064189][T13373]  should_fail+0x709/0x870
[ 2245.068755][T13373]  ? setup_fault_attr+0x3d0/0x3d0
[ 2245.073751][T13373]  ? find_next_bit+0xe5/0x110
[ 2245.078396][T13373]  ? memset+0x1f/0x40
[ 2245.082350][T13373]  ? lo_complete_rq+0x2a0/0x2a0
[ 2245.087171][T13373]  ? loop_init_request+0x31/0xa0
[ 2245.092078][T13373]  ? elevator_alloc+0x4b/0xc0
[ 2245.096724][T13373]  should_failslab+0x5/0x20
[ 2245.101200][T13373]  kmem_cache_alloc_trace+0x28/0x240
[ 2245.106458][T13373]  elevator_alloc+0x4b/0xc0
[ 2245.110933][T13373]  dd_init_queue+0x1f/0x330
[ 2245.115408][T13373]  blk_mq_init_sched+0x45c/0xaf0
[ 2245.120322][T13373]  elevator_init_mq+0x2cd/0x3f0
[ 2245.125207][T13373]  __device_add_disk+0xf1/0x1200
[ 2245.130127][T13373]  ? sprintf+0xd6/0x120
[ 2245.134262][T13373]  ? device_add_disk+0x30/0x30
[ 2245.138998][T13373]  ? vsprintf+0x30/0x30
[ 2245.143126][T13373]  ? device_initialize+0x1c7/0x3d0
[ 2245.148268][T13373]  ? __alloc_disk_node+0x326/0x380
[ 2245.153352][T13373]  loop_add+0x554/0x710
[ 2245.157477][T13373]  loop_control_ioctl+0x564/0x740
[ 2245.162477][T13373]  ? loop_remove+0xa0/0xa0
[ 2245.167402][T13373]  ? __lru_cache_add+0x1bf/0x210
[ 2245.172314][T13373]  ? memset+0x1f/0x40
[ 2245.176266][T13373]  ? fsnotify+0x1332/0x13f0
[ 2245.180737][T13373]  ? loop_remove+0xa0/0xa0
[ 2245.185123][T13373]  do_vfs_ioctl+0x744/0x1730
[ 2245.189710][T13373]  ? selinux_file_ioctl+0x723/0x970
[ 2245.194877][T13373]  ? ioctl_preallocate+0x250/0x250
[ 2245.199957][T13373]  ? __fget+0x40c/0x4a0
[ 2245.204084][T13373]  ? fget_many+0x20/0x20
12:02:06 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 44)

12:02:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x500, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0xabf45a4)

[ 2245.208297][T13373]  ? check_preemption_disabled+0x154/0x330
[ 2245.214091][T13373]  ? debug_smp_processor_id+0x20/0x20
[ 2245.219453][T13373]  ? security_file_ioctl+0x9d/0xb0
[ 2245.224575][T13373]  __x64_sys_ioctl+0xd4/0x110
[ 2245.229236][T13373]  do_syscall_64+0xcb/0x1c0
[ 2245.233798][T13373]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2245.240073][T13373] "mq-deadline" elevator initialization failed, falling back to "none"
12:02:06 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:06 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6=r2, 0x4}, 0x20)

12:02:06 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0xa25, 0x680a81)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x7, 0x2, {{0x3, '!@*'}, 0x81}}, 0x10)
recvfrom$inet6(r1, &(0x7f0000000000)=""/173, 0xad, 0x2040, &(0x7f00000000c0)={0xa, 0x4e21, 0x43c2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x9}, 0x1c)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:06 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="000065ffff0400000009bc08003950323030302e75"], 0x15)
unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="000065ffff0400000009bc08003950323030302e75"], 0x15) (async)
unlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0) (async)

12:02:06 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:06 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$cgroup_pressure(r1, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:02:06 executing program 5:
getdents(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x8000, 0x1)
fchownat(r2, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x2)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x6)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))
r5 = openat$incfs(r2, &(0x7f0000000240)='.pending_reads\x00', 0x100, 0x2)
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f0000000280)={0x3})
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/rcupdate', 0x4c883, 0x101)
write$P9_RWRITE(r6, &(0x7f0000000180)={0xb, 0x77, 0x2, 0x8}, 0xb)
fchownat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0xffffffffffffffff, 0x400)

[ 2245.318894][T13399] FAULT_INJECTION: forcing a failure.
[ 2245.318894][T13399] name failslab, interval 1, probability 0, space 0, times 0
[ 2245.335931][T13399] CPU: 0 PID: 13399 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2245.346181][T13399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2245.356224][T13399] Call Trace:
[ 2245.359494][T13399]  dump_stack+0x1d8/0x241
[ 2245.363795][T13399]  ? panic+0x73e/0x73e
[ 2245.367838][T13399]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2245.373625][T13399]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2245.379673][T13399]  should_fail+0x709/0x870
[ 2245.384060][T13399]  ? setup_fault_attr+0x3d0/0x3d0
[ 2245.389056][T13399]  ? device_create_vargs+0x7d/0x210
[ 2245.394247][T13399]  should_failslab+0x5/0x20
[ 2245.398729][T13399]  kmem_cache_alloc_trace+0x28/0x240
[ 2245.403987][T13399]  device_create_vargs+0x7d/0x210
[ 2245.408984][T13399]  device_create+0xea/0x130
[ 2245.413463][T13399]  ? device_create_vargs+0x210/0x210
[ 2245.418749][T13399]  bdi_register_va+0x89/0x5e0
[ 2245.423404][T13399]  bdi_register+0xd1/0x120
[ 2245.427793][T13399]  ? __device_add_disk+0x539/0x1200
[ 2245.432975][T13399]  ? bdi_register_va+0x5e0/0x5e0
[ 2245.437888][T13399]  ? percpu_ref_resurrect+0x113/0x190
[ 2245.443257][T13399]  bdi_register_owner+0x56/0xf0
[ 2245.448103][T13399]  __device_add_disk+0x5b8/0x1200
[ 2245.453106][T13399]  ? device_add_disk+0x30/0x30
[ 2245.457840][T13399]  ? vsprintf+0x30/0x30
[ 2245.461973][T13399]  ? device_initialize+0x1c7/0x3d0
[ 2245.467054][T13399]  ? __alloc_disk_node+0x326/0x380
[ 2245.472137][T13399]  loop_add+0x554/0x710
[ 2245.476270][T13399]  loop_control_ioctl+0x564/0x740
[ 2245.481277][T13399]  ? loop_remove+0xa0/0xa0
[ 2245.485674][T13399]  ? __lru_cache_add+0x1bf/0x210
[ 2245.490585][T13399]  ? memset+0x1f/0x40
[ 2245.494539][T13399]  ? fsnotify+0x1332/0x13f0
[ 2245.499012][T13399]  ? loop_remove+0xa0/0xa0
[ 2245.503396][T13399]  do_vfs_ioctl+0x744/0x1730
[ 2245.507958][T13399]  ? selinux_file_ioctl+0x723/0x970
[ 2245.513135][T13399]  ? ioctl_preallocate+0x250/0x250
12:02:06 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2) (async, rerun: 64)
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0xa25, 0x680a81) (rerun: 64)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x7, 0x2, {{0x3, '!@*'}, 0x81}}, 0x10)
recvfrom$inet6(r1, &(0x7f0000000000)=""/173, 0xad, 0x2040, &(0x7f00000000c0)={0xa, 0x4e21, 0x43c2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x9}, 0x1c) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x500, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0xabf45a4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x500, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0xabf45a4) (async)

[ 2245.518313][T13399]  ? __fget+0x40c/0x4a0
[ 2245.522439][T13399]  ? fget_many+0x20/0x20
[ 2245.526652][T13399]  ? check_preemption_disabled+0x154/0x330
[ 2245.532428][T13399]  ? debug_smp_processor_id+0x20/0x20
[ 2245.537768][T13399]  ? security_file_ioctl+0x9d/0xb0
[ 2245.542848][T13399]  __x64_sys_ioctl+0xd4/0x110
[ 2245.547492][T13399]  do_syscall_64+0xcb/0x1c0
[ 2245.551967][T13399]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2245.558287][T13399] ------------[ cut here ]------------
[ 2245.563761][T13399] WARNING: CPU: 1 PID: 13399 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2245.572846][T13399] Modules linked in:
[ 2245.576722][T13399] CPU: 1 PID: 13399 Comm: syz-executor.2 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2245.586916][T13399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2245.596948][T13399] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2245.602718][T13399] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2245.622289][T13399] RSP: 0018:ffff8881ccbd7a00 EFLAGS: 00010246
[ 2245.628319][T13399] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2245.636260][T13399] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2245.644195][T13399] RBP: ffff8881ccbd7b40 R08: ffffffff821f8e93 R09: fffffbfff0bac467
[ 2245.652137][T13399] R10: fffffbfff0bac467 R11: 1ffffffff0bac466 R12: ffff8881e8482000
[ 2245.660084][T13399] R13: dffffc0000000000 R14: ffff8881e8482070 R15: 1ffff1103d09049d
[ 2245.668024][T13399] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2245.676920][T13399] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2245.683467][T13399] CR2: 00007fdebbe0c718 CR3: 00000001ed753000 CR4: 00000000003406e0
[ 2245.691409][T13399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2245.699350][T13399] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2245.707289][T13399] Call Trace:
[ 2245.710549][T13399]  ? device_add_disk+0x30/0x30
[ 2245.715280][T13399]  ? vsprintf+0x30/0x30
[ 2245.719404][T13399]  ? device_initialize+0x1c7/0x3d0
[ 2245.724484][T13399]  ? __alloc_disk_node+0x326/0x380
[ 2245.729562][T13399]  loop_add+0x554/0x710
[ 2245.733689][T13399]  loop_control_ioctl+0x564/0x740
[ 2245.738680][T13399]  ? loop_remove+0xa0/0xa0
[ 2245.743076][T13399]  ? __lru_cache_add+0x1bf/0x210
[ 2245.747980][T13399]  ? memset+0x1f/0x40
[ 2245.751927][T13399]  ? fsnotify+0x1332/0x13f0
[ 2245.756398][T13399]  ? loop_remove+0xa0/0xa0
[ 2245.760793][T13399]  do_vfs_ioctl+0x744/0x1730
[ 2245.765351][T13399]  ? selinux_file_ioctl+0x723/0x970
12:02:07 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 45)

12:02:07 executing program 5:
getdents(0xffffffffffffffff, &(0x7f00000001c0), 0x0) (async)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x8000, 0x1)
fchownat(r2, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) (async, rerun: 64)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x2) (async, rerun: 32)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0) (rerun: 32)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x6) (async, rerun: 32)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) (async, rerun: 32)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040)) (async)
r5 = openat$incfs(r2, &(0x7f0000000240)='.pending_reads\x00', 0x100, 0x2)
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f0000000280)={0x3})
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/rcupdate', 0x4c883, 0x101)
write$P9_RWRITE(r6, &(0x7f0000000180)={0xb, 0x77, 0x2, 0x8}, 0xb)
fchownat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0xffffffffffffffff, 0x400)

[ 2245.770520][T13399]  ? ioctl_preallocate+0x250/0x250
[ 2245.775605][T13399]  ? __fget+0x40c/0x4a0
[ 2245.779727][T13399]  ? fget_many+0x20/0x20
[ 2245.783936][T13399]  ? check_preemption_disabled+0x154/0x330
[ 2245.789711][T13399]  ? debug_smp_processor_id+0x20/0x20
[ 2245.795049][T13399]  ? security_file_ioctl+0x9d/0xb0
[ 2245.800128][T13399]  __x64_sys_ioctl+0xd4/0x110
[ 2245.804772][T13399]  do_syscall_64+0xcb/0x1c0
[ 2245.809245][T13399]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2245.815113][T13399] ---[ end trace 9fb896c1b706f6ff ]---
12:02:07 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 32)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:07 executing program 5:
getdents(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x8000, 0x1)
fchownat(r2, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x2)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x6)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040))
r5 = openat$incfs(r2, &(0x7f0000000240)='.pending_reads\x00', 0x100, 0x2)
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f0000000280)={0x3})
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/rcupdate', 0x4c883, 0x101)
write$P9_RWRITE(r6, &(0x7f0000000180)={0xb, 0x77, 0x2, 0x8}, 0xb)
fchownat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0xffffffffffffffff, 0x400)
getdents(0xffffffffffffffff, &(0x7f00000001c0), 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x8000, 0x1) (async)
fchownat(r2, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x2) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x6) (async)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) (async)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000040)) (async)
openat$incfs(r2, &(0x7f0000000240)='.pending_reads\x00', 0x100, 0x2) (async)
ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f0000000280)={0x3}) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/rcupdate', 0x4c883, 0x101) (async)
write$P9_RWRITE(r6, &(0x7f0000000180)={0xb, 0x77, 0x2, 0x8}, 0xb) (async)
fchownat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0, 0xffffffffffffffff, 0x400) (async)

12:02:07 executing program 1:
ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000040)={0xd11c, 0x15, [{0x6}, {0x6, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0xe, 0x1}, {0xf, 0x1}, {0xf, 0x1}, {0xb, 0x1}, {0xa}, {0x6e}, {0x8, 0x1}, {0x1}, {0xb}, {0xe}, {0xd}, {0xd, 0x1}, {0xf, 0x1}, {0x1}, {0x5, 0x1}, {0x3, 0x1}, {0xe, 0x1}]})
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:07 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'filter\x00', 0x0, [0x82, 0x182ba3e2, 0x79, 0x1, 0x81a]}, &(0x7f0000000200)=0x54)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='.\xed\x01\x01\x00\x00\x00\x00\x00\x00\x81w2\xde\xb2L1\xe2\x98\xe18\x8d\x954E\x05\xe0\x89\x94\xea\xaa\x14\x86\xe8\xe6\n\x87&\xeb|o\x999'], &(0x7f0000000140)=[&(0x7f0000000280)='\xb2\xb7\x0eo\xef\xfb\x84\xa3\x1f\n5\xec\xe9\xaa\x14\xae\x9dg=\b\xa9\xfc\xa7\xf6\bAHr\xcfEw\x99\x87\xa7\x00\xed\x90\x00\x05v\bB\x94_\xbaw\xd7\xdbv5\rG\xfc\xfd\x05\x83\xd9\xc3\xf5\x8ey=\xa8|\x1c\xbf\xed$\xf0\x9e\x9f:\xf0>\xd2\x97=\xd8P\xe5+Z\xa3\x94\x9c'], 0x800)
write$P9_RRENAMEAT(r1, &(0x7f0000000240)={0x7, 0x4b, 0x1}, 0x7)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:07 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0xa25, 0x680a81)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x7, 0x2, {{0x3, '!@*'}, 0x81}}, 0x10) (async, rerun: 64)
recvfrom$inet6(r1, &(0x7f0000000000)=""/173, 0xad, 0x2040, &(0x7f00000000c0)={0xa, 0x4e21, 0x43c2, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x9}, 0x1c) (async, rerun: 64)
write$P9_RREMOVE(r0, 0x0, 0x0)

[ 2245.874807][T13435] FAULT_INJECTION: forcing a failure.
[ 2245.874807][T13435] name failslab, interval 1, probability 0, space 0, times 0
[ 2245.896348][T13435] CPU: 1 PID: 13435 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2245.907990][T13435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2245.918026][T13435] Call Trace:
[ 2245.921298][T13435]  dump_stack+0x1d8/0x241
[ 2245.925598][T13435]  ? panic+0x73e/0x73e
[ 2245.929639][T13435]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2245.935414][T13435]  should_fail+0x709/0x870
[ 2245.939797][T13435]  ? setup_fault_attr+0x3d0/0x3d0
[ 2245.944791][T13435]  ? device_add+0xb6/0xbc0
[ 2245.949179][T13435]  should_failslab+0x5/0x20
[ 2245.953648][T13435]  kmem_cache_alloc_trace+0x28/0x240
[ 2245.958902][T13435]  device_add+0xb6/0xbc0
[ 2245.963110][T13435]  device_create_vargs+0x1b8/0x210
[ 2245.968189][T13435]  device_create+0xea/0x130
[ 2245.972679][T13435]  ? device_create_vargs+0x210/0x210
[ 2245.977934][T13435]  bdi_register_va+0x89/0x5e0
[ 2245.982577][T13435]  bdi_register+0xd1/0x120
[ 2245.986962][T13435]  ? __device_add_disk+0x539/0x1200
[ 2245.992125][T13435]  ? bdi_register_va+0x5e0/0x5e0
[ 2245.997030][T13435]  ? percpu_ref_resurrect+0x113/0x190
[ 2246.002388][T13435]  bdi_register_owner+0x56/0xf0
[ 2246.007214][T13435]  __device_add_disk+0x5b8/0x1200
[ 2246.012210][T13435]  ? device_add_disk+0x30/0x30
[ 2246.016942][T13435]  ? vsprintf+0x30/0x30
[ 2246.021066][T13435]  ? device_initialize+0x1c7/0x3d0
[ 2246.026144][T13435]  ? __alloc_disk_node+0x326/0x380
[ 2246.031222][T13435]  loop_add+0x554/0x710
[ 2246.035348][T13435]  loop_control_ioctl+0x564/0x740
[ 2246.040342][T13435]  ? loop_remove+0xa0/0xa0
[ 2246.044725][T13435]  ? __lru_cache_add+0x1bf/0x210
[ 2246.049631][T13435]  ? memset+0x1f/0x40
[ 2246.053580][T13435]  ? fsnotify+0x1332/0x13f0
[ 2246.058049][T13435]  ? loop_remove+0xa0/0xa0
[ 2246.062433][T13435]  do_vfs_ioctl+0x744/0x1730
[ 2246.067001][T13435]  ? selinux_file_ioctl+0x723/0x970
[ 2246.072285][T13435]  ? ioctl_preallocate+0x250/0x250
[ 2246.077376][T13435]  ? __fget+0x40c/0x4a0
[ 2246.081509][T13435]  ? fget_many+0x20/0x20
[ 2246.085720][T13435]  ? check_preemption_disabled+0x154/0x330
[ 2246.091493][T13435]  ? debug_smp_processor_id+0x20/0x20
[ 2246.096832][T13435]  ? security_file_ioctl+0x9d/0xb0
[ 2246.101908][T13435]  __x64_sys_ioctl+0xd4/0x110
[ 2246.106551][T13435]  do_syscall_64+0xcb/0x1c0
[ 2246.111024][T13435]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2246.118993][T13435] ------------[ cut here ]------------
[ 2246.124468][T13435] WARNING: CPU: 1 PID: 13435 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2246.133536][T13435] Modules linked in:
[ 2246.137406][T13435] CPU: 1 PID: 13435 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2246.148990][T13435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2246.159025][T13435] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2246.164796][T13435] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2246.184376][T13435] RSP: 0018:ffff8881ccedfa00 EFLAGS: 00010246
[ 2246.190415][T13435] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2246.198362][T13435] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2246.206304][T13435] RBP: ffff8881ccedfb40 R08: ffffffff821f8e93 R09: 0000000000000003
[ 2246.214243][T13435] R10: ffffed10399dbe55 R11: 1ffff110399dbe54 R12: ffff8881f0555000
[ 2246.222188][T13435] R13: dffffc0000000000 R14: ffff8881f0555070 R15: 1ffff1103e0aaa9d
[ 2246.230138][T13435] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2246.239184][T13435] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2246.245738][T13435] CR2: 0000555555a14728 CR3: 00000001ebaa5000 CR4: 00000000003406e0
[ 2246.253684][T13435] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2246.261651][T13435] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2246.269589][T13435] Call Trace:
[ 2246.272855][T13435]  ? device_add_disk+0x30/0x30
[ 2246.277587][T13435]  ? vsprintf+0x30/0x30
[ 2246.281713][T13435]  ? device_initialize+0x1c7/0x3d0
[ 2246.286795][T13435]  ? __alloc_disk_node+0x326/0x380
[ 2246.291872][T13435]  loop_add+0x554/0x710
[ 2246.295996][T13435]  loop_control_ioctl+0x564/0x740
[ 2246.300990][T13435]  ? loop_remove+0xa0/0xa0
[ 2246.305377][T13435]  ? __lru_cache_add+0x1bf/0x210
[ 2246.310291][T13435]  ? memset+0x1f/0x40
[ 2246.314240][T13435]  ? fsnotify+0x1332/0x13f0
[ 2246.318711][T13435]  ? loop_remove+0xa0/0xa0
[ 2246.323092][T13435]  do_vfs_ioctl+0x744/0x1730
[ 2246.327651][T13435]  ? selinux_file_ioctl+0x723/0x970
[ 2246.332815][T13435]  ? ioctl_preallocate+0x250/0x250
[ 2246.337893][T13435]  ? __fget+0x40c/0x4a0
[ 2246.342017][T13435]  ? fget_many+0x20/0x20
[ 2246.346252][T13435]  ? check_preemption_disabled+0x154/0x330
[ 2246.352025][T13435]  ? debug_smp_processor_id+0x20/0x20
[ 2246.357371][T13435]  ? security_file_ioctl+0x9d/0xb0
[ 2246.362604][T13435]  __x64_sys_ioctl+0xd4/0x110
[ 2246.367275][T13435]  do_syscall_64+0xcb/0x1c0
12:02:07 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 46)

[ 2246.371748][T13435]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2246.377616][T13435] ---[ end trace 9fb896c1b706f700 ]---
12:02:07 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 64)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:07 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0)

12:02:07 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x22140, 0x0)
connect$inet6(r0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000080))
clock_gettime(0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000180)={<r4=>0x0, <r5=>0x0})
futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r2, r3/1000+60000}, {r4, r5/1000+60000}})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:07 executing program 1:
ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000040)={0xd11c, 0x15, [{0x6}, {0x6, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0xe, 0x1}, {0xf, 0x1}, {0xf, 0x1}, {0xb, 0x1}, {0xa}, {0x6e}, {0x8, 0x1}, {0x1}, {0xb}, {0xe}, {0xd}, {0xd, 0x1}, {0xf, 0x1}, {0x1}, {0x5, 0x1}, {0x3, 0x1}, {0xe, 0x1}]}) (async)
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:07 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0)

12:02:07 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'filter\x00', 0x0, [0x82, 0x182ba3e2, 0x79, 0x1, 0x81a]}, &(0x7f0000000200)=0x54)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='.\xed\x01\x01\x00\x00\x00\x00\x00\x00\x81w2\xde\xb2L1\xe2\x98\xe18\x8d\x954E\x05\xe0\x89\x94\xea\xaa\x14\x86\xe8\xe6\n\x87&\xeb|o\x999'], &(0x7f0000000140)=[&(0x7f0000000280)='\xb2\xb7\x0eo\xef\xfb\x84\xa3\x1f\n5\xec\xe9\xaa\x14\xae\x9dg=\b\xa9\xfc\xa7\xf6\bAHr\xcfEw\x99\x87\xa7\x00\xed\x90\x00\x05v\bB\x94_\xbaw\xd7\xdbv5\rG\xfc\xfd\x05\x83\xd9\xc3\xf5\x8ey=\xa8|\x1c\xbf\xed$\xf0\x9e\x9f:\xf0>\xd2\x97=\xd8P\xe5+Z\xa3\x94\x9c'], 0x800)
write$P9_RRENAMEAT(r1, &(0x7f0000000240)={0x7, 0x4b, 0x1}, 0x7)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'filter\x00', 0x0, [0x82, 0x182ba3e2, 0x79, 0x1, 0x81a]}, &(0x7f0000000200)=0x54) (async)
pipe2$watch_queue(&(0x7f0000000000), 0x80) (async)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='.\xed\x01\x01\x00\x00\x00\x00\x00\x00\x81w2\xde\xb2L1\xe2\x98\xe18\x8d\x954E\x05\xe0\x89\x94\xea\xaa\x14\x86\xe8\xe6\n\x87&\xeb|o\x999'], &(0x7f0000000140)=[&(0x7f0000000280)='\xb2\xb7\x0eo\xef\xfb\x84\xa3\x1f\n5\xec\xe9\xaa\x14\xae\x9dg=\b\xa9\xfc\xa7\xf6\bAHr\xcfEw\x99\x87\xa7\x00\xed\x90\x00\x05v\bB\x94_\xbaw\xd7\xdbv5\rG\xfc\xfd\x05\x83\xd9\xc3\xf5\x8ey=\xa8|\x1c\xbf\xed$\xf0\x9e\x9f:\xf0>\xd2\x97=\xd8P\xe5+Z\xa3\x94\x9c'], 0x800) (async)
write$P9_RRENAMEAT(r1, &(0x7f0000000240)={0x7, 0x4b, 0x1}, 0x7) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:02:07 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x22140, 0x0)
connect$inet6(r0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000080))
clock_gettime(0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000180)={<r4=>0x0, <r5=>0x0})
futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r2, r3/1000+60000}, {r4, r5/1000+60000}})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x22140, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
clock_gettime(0x0, &(0x7f0000000080)) (async)
clock_gettime(0x0, &(0x7f0000000140)) (async)
clock_gettime(0x0, &(0x7f0000000180)) (async)
futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r2, r3/1000+60000}, {r4, r5/1000+60000}}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

[ 2246.468591][T13474] FAULT_INJECTION: forcing a failure.
[ 2246.468591][T13474] name failslab, interval 1, probability 0, space 0, times 0
[ 2246.485802][T13474] CPU: 0 PID: 13474 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2246.497628][T13474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2246.507696][T13474] Call Trace:
[ 2246.510969][T13474]  dump_stack+0x1d8/0x241
[ 2246.515285][T13474]  ? panic+0x73e/0x73e
[ 2246.519323][T13474]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2246.525095][T13474]  should_fail+0x709/0x870
[ 2246.529486][T13474]  ? setup_fault_attr+0x3d0/0x3d0
[ 2246.534481][T13474]  ? device_add+0xb6/0xbc0
[ 2246.538867][T13474]  should_failslab+0x5/0x20
[ 2246.543336][T13474]  kmem_cache_alloc_trace+0x28/0x240
[ 2246.548591][T13474]  device_add+0xb6/0xbc0
[ 2246.552800][T13474]  device_create_vargs+0x1b8/0x210
[ 2246.557878][T13474]  device_create+0xea/0x130
[ 2246.562349][T13474]  ? device_create_vargs+0x210/0x210
[ 2246.567602][T13474]  bdi_register_va+0x89/0x5e0
[ 2246.572245][T13474]  bdi_register+0xd1/0x120
[ 2246.576629][T13474]  ? __device_add_disk+0x539/0x1200
[ 2246.581794][T13474]  ? bdi_register_va+0x5e0/0x5e0
[ 2246.586698][T13474]  ? percpu_ref_resurrect+0x113/0x190
[ 2246.592039][T13474]  bdi_register_owner+0x56/0xf0
[ 2246.596855][T13474]  __device_add_disk+0x5b8/0x1200
[ 2246.601857][T13474]  ? device_add_disk+0x30/0x30
[ 2246.606589][T13474]  ? vsprintf+0x30/0x30
[ 2246.610709][T13474]  ? device_initialize+0x1c7/0x3d0
[ 2246.615786][T13474]  ? __alloc_disk_node+0x326/0x380
[ 2246.620866][T13474]  loop_add+0x554/0x710
[ 2246.624991][T13474]  loop_control_ioctl+0x564/0x740
[ 2246.629981][T13474]  ? loop_remove+0xa0/0xa0
[ 2246.634364][T13474]  ? __lru_cache_add+0x1bf/0x210
[ 2246.639268][T13474]  ? memset+0x1f/0x40
[ 2246.643260][T13474]  ? fsnotify+0x1332/0x13f0
[ 2246.647729][T13474]  ? loop_remove+0xa0/0xa0
[ 2246.652111][T13474]  do_vfs_ioctl+0x744/0x1730
[ 2246.656669][T13474]  ? selinux_file_ioctl+0x723/0x970
[ 2246.661832][T13474]  ? ioctl_preallocate+0x250/0x250
12:02:08 executing program 1:
ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000040)={0xd11c, 0x15, [{0x6}, {0x6, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0xe, 0x1}, {0xf, 0x1}, {0xf, 0x1}, {0xb, 0x1}, {0xa}, {0x6e}, {0x8, 0x1}, {0x1}, {0xb}, {0xe}, {0xd}, {0xd, 0x1}, {0xf, 0x1}, {0x1}, {0x5, 0x1}, {0x3, 0x1}, {0xe, 0x1}]})
getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:08 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @desc3}})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2246.666913][T13474]  ? __fget+0x40c/0x4a0
[ 2246.671035][T13474]  ? fget_many+0x20/0x20
[ 2246.675242][T13474]  ? check_preemption_disabled+0x154/0x330
[ 2246.681014][T13474]  ? debug_smp_processor_id+0x20/0x20
[ 2246.686353][T13474]  ? security_file_ioctl+0x9d/0xb0
[ 2246.691428][T13474]  __x64_sys_ioctl+0xd4/0x110
[ 2246.696070][T13474]  do_syscall_64+0xcb/0x1c0
[ 2246.700544][T13474]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2246.706752][T13474] ------------[ cut here ]------------
[ 2246.712219][T13474] WARNING: CPU: 1 PID: 13474 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2246.721299][T13474] Modules linked in:
[ 2246.725176][T13474] CPU: 1 PID: 13474 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2246.736765][T13474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2246.746805][T13474] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2246.752586][T13474] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2246.772161][T13474] RSP: 0018:ffff8881e1907a00 EFLAGS: 00010246
[ 2246.778200][T13474] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2246.786144][T13474] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2246.794085][T13474] RBP: ffff8881e1907b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2246.802035][T13474] R10: ffffffff84800000 R11: 1ffff1103c320e00 R12: ffff8881e43ef000
[ 2246.809983][T13474] R13: dffffc0000000000 R14: ffff8881e43ef070 R15: 1ffff1103c87de9d
[ 2246.817925][T13474] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2246.826822][T13474] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2246.833385][T13474] CR2: 00007f49e8993000 CR3: 00000001e983c000 CR4: 00000000003406e0
[ 2246.841329][T13474] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2246.849271][T13474] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2246.857215][T13474] Call Trace:
[ 2246.860512][T13474]  ? device_add_disk+0x30/0x30
[ 2246.865250][T13474]  ? vsprintf+0x30/0x30
[ 2246.869374][T13474]  ? device_initialize+0x1c7/0x3d0
[ 2246.874457][T13474]  ? __alloc_disk_node+0x326/0x380
[ 2246.879540][T13474]  loop_add+0x554/0x710
[ 2246.883665][T13474]  loop_control_ioctl+0x564/0x740
[ 2246.888662][T13474]  ? loop_remove+0xa0/0xa0
[ 2246.893048][T13474]  ? __lru_cache_add+0x1bf/0x210
[ 2246.897957][T13474]  ? memset+0x1f/0x40
[ 2246.901909][T13474]  ? fsnotify+0x1332/0x13f0
[ 2246.906385][T13474]  ? loop_remove+0xa0/0xa0
[ 2246.910777][T13474]  do_vfs_ioctl+0x744/0x1730
[ 2246.915337][T13474]  ? selinux_file_ioctl+0x723/0x970
12:02:08 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 47)

12:02:08 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) (async)

12:02:08 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x22140, 0x0)
connect$inet6(r0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000080))
clock_gettime(0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000180)={<r4=>0x0, <r5=>0x0})
futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r2, r3/1000+60000}, {r4, r5/1000+60000}})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x22140, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
clock_gettime(0x0, &(0x7f0000000080)) (async)
clock_gettime(0x0, &(0x7f0000000140)) (async)
clock_gettime(0x0, &(0x7f0000000180)) (async)
futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r2, r3/1000+60000}, {r4, r5/1000+60000}}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)

[ 2246.920509][T13474]  ? ioctl_preallocate+0x250/0x250
[ 2246.925597][T13474]  ? __fget+0x40c/0x4a0
[ 2246.929721][T13474]  ? fget_many+0x20/0x20
[ 2246.933936][T13474]  ? check_preemption_disabled+0x154/0x330
[ 2246.939709][T13474]  ? debug_smp_processor_id+0x20/0x20
[ 2246.945049][T13474]  ? security_file_ioctl+0x9d/0xb0
[ 2246.950127][T13474]  __x64_sys_ioctl+0xd4/0x110
[ 2246.954774][T13474]  do_syscall_64+0xcb/0x1c0
[ 2246.959250][T13474]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2246.965107][T13474] ---[ end trace 9fb896c1b706f701 ]---
12:02:08 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4c0c0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000009c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00012abd7000fcdbdf252d0000000a000100ff0300000000000008002c00ff07000006000600020000000c000500000000000000000005002b0003000000826b8fbc6e5c99ae9c375e989b0e355abf087fa477a11c7111ebda840620b6bb45c98c9336623728e2d39f821527f7adc939520de2c9f2b9c1160b5965500ace8e5c496fc04977fd6fa6c04a7c5372f31536b43def8cbd04c66f2e0a02d6d6066e12815cbe6e472edd2d19657f91f06fe1c435a8890ac508db7daf551042db127c6fb69c6d31bded91ae010f9e73133111c8b513f0bcc6787118a24f3e8417c0623f26ef2dc9733e324274276c69ee69b98fe9bb89d0ae89b47f59f6414949ec316d386b1e70dd967dfb73b85dc66fca8bd36079b4f07650b029f318304082"], 0x44}, 0x1, 0x0, 0x0, 0x20000810}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:08 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @desc3}}) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:08 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x20700)
ioctl$VHOST_VDPA_SET_GROUP_ASID(0xffffffffffffffff, 0x4008af7c, &(0x7f0000000040)={0x2, 0x122b})

12:02:08 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'filter\x00', 0x0, [0x82, 0x182ba3e2, 0x79, 0x1, 0x81a]}, &(0x7f0000000200)=0x54)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='.\xed\x01\x01\x00\x00\x00\x00\x00\x00\x81w2\xde\xb2L1\xe2\x98\xe18\x8d\x954E\x05\xe0\x89\x94\xea\xaa\x14\x86\xe8\xe6\n\x87&\xeb|o\x999'], &(0x7f0000000140)=[&(0x7f0000000280)='\xb2\xb7\x0eo\xef\xfb\x84\xa3\x1f\n5\xec\xe9\xaa\x14\xae\x9dg=\b\xa9\xfc\xa7\xf6\bAHr\xcfEw\x99\x87\xa7\x00\xed\x90\x00\x05v\bB\x94_\xbaw\xd7\xdbv5\rG\xfc\xfd\x05\x83\xd9\xc3\xf5\x8ey=\xa8|\x1c\xbf\xed$\xf0\x9e\x9f:\xf0>\xd2\x97=\xd8P\xe5+Z\xa3\x94\x9c'], 0x800) (async)
write$P9_RRENAMEAT(r1, &(0x7f0000000240)={0x7, 0x4b, 0x1}, 0x7) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:08 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4c0c0) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r0) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000009c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x14, r3, 0x1}, 0x14}}, 0x0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00012abd7000fcdbdf252d0000000a000100ff0300000000000008002c00ff07000006000600020000000c000500000000000000000005002b0003000000826b8fbc6e5c99ae9c375e989b0e355abf087fa477a11c7111ebda840620b6bb45c98c9336623728e2d39f821527f7adc939520de2c9f2b9c1160b5965500ace8e5c496fc04977fd6fa6c04a7c5372f31536b43def8cbd04c66f2e0a02d6d6066e12815cbe6e472edd2d19657f91f06fe1c435a8890ac508db7daf551042db127c6fb69c6d31bded91ae010f9e73133111c8b513f0bcc6787118a24f3e8417c0623f26ef2dc9733e324274276c69ee69b98fe9bb89d0ae89b47f59f6414949ec316d386b1e70dd967dfb73b85dc66fca8bd36079b4f07650b029f318304082"], 0x44}, 0x1, 0x0, 0x0, 0x20000810}, 0x0) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:08 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x20700) (async)
ioctl$VHOST_VDPA_SET_GROUP_ASID(0xffffffffffffffff, 0x4008af7c, &(0x7f0000000040)={0x2, 0x122b})

[ 2247.050112][T13522] FAULT_INJECTION: forcing a failure.
[ 2247.050112][T13522] name failslab, interval 1, probability 0, space 0, times 0
[ 2247.065325][T13522] CPU: 1 PID: 13522 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2247.076955][T13522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2247.086989][T13522] Call Trace:
[ 2247.090256][T13522]  dump_stack+0x1d8/0x241
[ 2247.094563][T13522]  ? panic+0x73e/0x73e
[ 2247.098601][T13522]  ? unwind_next_frame+0x149e/0x1ed0
[ 2247.103852][T13522]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2247.109625][T13522]  should_fail+0x709/0x870
[ 2247.114011][T13522]  ? setup_fault_attr+0x3d0/0x3d0
[ 2247.119008][T13522]  ? deref_stack_reg+0x1f0/0x1f0
[ 2247.123913][T13522]  ? __unwind_start+0x72f/0x8e0
[ 2247.128735][T13522]  ? __kernfs_new_node+0x99/0x6d0
[ 2247.133725][T13522]  should_failslab+0x5/0x20
[ 2247.138199][T13522]  __kmalloc_track_caller+0x4f/0x280
[ 2247.143450][T13522]  ? stack_trace_save+0x200/0x200
[ 2247.148440][T13522]  kstrdup_const+0x51/0x90
[ 2247.152914][T13522]  __kernfs_new_node+0x99/0x6d0
[ 2247.157749][T13522]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.163794][T13522]  ? kernfs_new_node+0x160/0x160
[ 2247.168704][T13522]  ? stack_trace_save+0x132/0x200
[ 2247.173788][T13522]  ? stack_trace_snprint+0x170/0x170
[ 2247.179043][T13522]  ? stack_trace_save+0x132/0x200
[ 2247.184036][T13522]  kernfs_create_dir_ns+0x90/0x220
[ 2247.189121][T13522]  sysfs_create_dir_ns+0x181/0x390
[ 2247.194499][T13522]  ? sysfs_warn_dup+0xa0/0xa0
[ 2247.199168][T13522]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.205209][T13522]  kobject_add_internal+0x6ba/0xcb0
[ 2247.210378][T13522]  kobject_add+0x14c/0x210
[ 2247.214766][T13522]  ? _raw_spin_lock+0xa3/0x1b0
[ 2247.219524][T13522]  ? kobject_init+0x1d0/0x1d0
[ 2247.224174][T13522]  ? mutex_unlock+0x19/0x40
[ 2247.228650][T13522]  ? get_device_parent+0x2bd/0x420
[ 2247.233733][T13522]  device_add+0x3fc/0xbc0
[ 2247.238039][T13522]  device_create_vargs+0x1b8/0x210
[ 2247.243122][T13522]  device_create+0xea/0x130
[ 2247.247597][T13522]  ? device_create_vargs+0x210/0x210
[ 2247.252856][T13522]  bdi_register_va+0x89/0x5e0
[ 2247.257506][T13522]  bdi_register+0xd1/0x120
[ 2247.261897][T13522]  ? __device_add_disk+0x539/0x1200
[ 2247.267069][T13522]  ? bdi_register_va+0x5e0/0x5e0
[ 2247.271977][T13522]  ? percpu_ref_resurrect+0x113/0x190
[ 2247.277319][T13522]  bdi_register_owner+0x56/0xf0
[ 2247.283096][T13522]  __device_add_disk+0x5b8/0x1200
[ 2247.288099][T13522]  ? device_add_disk+0x30/0x30
[ 2247.292839][T13522]  ? vsprintf+0x30/0x30
[ 2247.297033][T13522]  ? device_initialize+0x1c7/0x3d0
[ 2247.302206][T13522]  ? __alloc_disk_node+0x326/0x380
[ 2247.307289][T13522]  loop_add+0x554/0x710
[ 2247.311417][T13522]  loop_control_ioctl+0x564/0x740
[ 2247.316410][T13522]  ? loop_remove+0xa0/0xa0
[ 2247.320798][T13522]  ? __lru_cache_add+0x1bf/0x210
[ 2247.325704][T13522]  ? memset+0x1f/0x40
[ 2247.329653][T13522]  ? fsnotify+0x1332/0x13f0
[ 2247.334129][T13522]  ? loop_remove+0xa0/0xa0
[ 2247.338518][T13522]  do_vfs_ioctl+0x744/0x1730
[ 2247.343079][T13522]  ? selinux_file_ioctl+0x723/0x970
12:02:08 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0xffffffffffffff8a)

[ 2247.348246][T13522]  ? ioctl_preallocate+0x250/0x250
[ 2247.353329][T13522]  ? __fget+0x40c/0x4a0
[ 2247.357457][T13522]  ? fget_many+0x20/0x20
[ 2247.361670][T13522]  ? check_preemption_disabled+0x154/0x330
[ 2247.367450][T13522]  ? debug_smp_processor_id+0x20/0x20
[ 2247.372793][T13522]  ? security_file_ioctl+0x9d/0xb0
[ 2247.377876][T13522]  __x64_sys_ioctl+0xd4/0x110
[ 2247.382526][T13522]  do_syscall_64+0xcb/0x1c0
[ 2247.387008][T13522]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.394885][T13522] kobject_add_internal failed for 7:0 (error: -12 parent: bdi)
[ 2247.402715][T13522] ------------[ cut here ]------------
[ 2247.408162][T13522] WARNING: CPU: 1 PID: 13522 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2247.417230][T13522] Modules linked in:
[ 2247.421101][T13522] CPU: 1 PID: 13522 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2247.432690][T13522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2247.442726][T13522] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2247.448504][T13522] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2247.468080][T13522] RSP: 0018:ffff8881e4c47a00 EFLAGS: 00010246
[ 2247.474116][T13522] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2247.482059][T13522] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2247.489999][T13522] RBP: ffff8881e4c47b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2247.497943][T13522] R10: ffffffff84800000 R11: 1ffff1103c988e00 R12: ffff8881cfef4000
[ 2247.505883][T13522] R13: dffffc0000000000 R14: ffff8881cfef4070 R15: 1ffff11039fde89d
[ 2247.513838][T13522] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2247.522737][T13522] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2247.529294][T13522] CR2: 00007ffd5b88fbf8 CR3: 00000001ceb37000 CR4: 00000000003406e0
[ 2247.537236][T13522] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2247.545177][T13522] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2247.553119][T13522] Call Trace:
[ 2247.556385][T13522]  ? device_add_disk+0x30/0x30
[ 2247.561119][T13522]  ? vsprintf+0x30/0x30
[ 2247.565275][T13522]  ? device_initialize+0x1c7/0x3d0
[ 2247.570358][T13522]  ? __alloc_disk_node+0x326/0x380
[ 2247.575438][T13522]  loop_add+0x554/0x710
[ 2247.579566][T13522]  loop_control_ioctl+0x564/0x740
[ 2247.584560][T13522]  ? loop_remove+0xa0/0xa0
[ 2247.588946][T13522]  ? __lru_cache_add+0x1bf/0x210
[ 2247.593875][T13522]  ? memset+0x1f/0x40
[ 2247.597825][T13522]  ? fsnotify+0x1332/0x13f0
[ 2247.602298][T13522]  ? loop_remove+0xa0/0xa0
[ 2247.606683][T13522]  do_vfs_ioctl+0x744/0x1730
[ 2247.611243][T13522]  ? selinux_file_ioctl+0x723/0x970
[ 2247.616410][T13522]  ? ioctl_preallocate+0x250/0x250
[ 2247.621491][T13522]  ? __fget+0x40c/0x4a0
[ 2247.625615][T13522]  ? fget_many+0x20/0x20
[ 2247.629825][T13522]  ? check_preemption_disabled+0x154/0x330
[ 2247.635605][T13522]  ? debug_smp_processor_id+0x20/0x20
[ 2247.640949][T13522]  ? security_file_ioctl+0x9d/0xb0
[ 2247.646037][T13522]  __x64_sys_ioctl+0xd4/0x110
12:02:08 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 48)

[ 2247.650692][T13522]  do_syscall_64+0xcb/0x1c0
[ 2247.655167][T13522]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.661033][T13522] ---[ end trace 9fb896c1b706f702 ]---
12:02:09 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000180)={@desc={0x1, 0x0, @desc3}}) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:09 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\xea'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000280)=@mangle={'mangle\x00', 0x1f, 0x6, 0x738, 0x340, 0x340, 0x0, 0x0, 0x528, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000200), {[{{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0x7, 0x7], 0x2, 0x30, 0x4, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, @private1, @dev={0xfe, 0x80, '\x00', 0x22}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @mcast2, @loopback, @empty, @private0, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0], 0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@local, 0x21, 0x38, 0xdb}}}, {{@ipv6={@remote, @remote, [0xffffffff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth1_vlan\x00', 'ip6gre0\x00', {}, {0xff}, 0x0, 0x3f, 0x1, 0x41}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x22}, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xa, 0xf, 0x49b0}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x12, 0x24, 0x800}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x4, 0x4, 0x2}, {0x0, 0x4, 0x2}}}}, {{@ipv6={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffffff, 0xff000000, 0xff], [0x0, 0xff000000, 0xffffffff, 0xff], 'syzkaller1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x2f, 0x81, 0x4, 0x10}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@eui64={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@remote, 0x20, 0x18, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x798)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000180)=0x1e)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
pipe2$watch_queue(&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x80)
unlinkat(r1, &(0x7f0000000a40)='./file0\x00', 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2)

12:02:09 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4c0c0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r0) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000009c0), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x14, r3, 0x1}, 0x14}}, 0x0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00012abd7000fcdbdf252d0000000a000100ff0300000000000008002c00ff07000006000600020000000c000500000000000000000005002b0003000000826b8fbc6e5c99ae9c375e989b0e355abf087fa477a11c7111ebda840620b6bb45c98c9336623728e2d39f821527f7adc939520de2c9f2b9c1160b5965500ace8e5c496fc04977fd6fa6c04a7c5372f31536b43def8cbd04c66f2e0a02d6d6066e12815cbe6e472edd2d19657f91f06fe1c435a8890ac508db7daf551042db127c6fb69c6d31bded91ae010f9e73133111c8b513f0bcc6787118a24f3e8417c0623f26ef2dc9733e324274276c69ee69b98fe9bb89d0ae89b47f59f6414949ec316d386b1e70dd967dfb73b85dc66fca8bd36079b4f07650b029f318304082"], 0x44}, 0x1, 0x0, 0x0, 0x20000810}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:09 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0xffffffffffffff8a)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RREMOVE(r1, 0x0, 0xffffffffffffff8a) (async)

12:02:09 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x20700) (async)
ioctl$VHOST_VDPA_SET_GROUP_ASID(0xffffffffffffffff, 0x4008af7c, &(0x7f0000000040)={0x2, 0x122b})

[ 2247.734620][T13554] FAULT_INJECTION: forcing a failure.
[ 2247.734620][T13554] name failslab, interval 1, probability 0, space 0, times 0
[ 2247.747270][T13554] CPU: 1 PID: 13554 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2247.758878][T13554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2247.768920][T13554] Call Trace:
[ 2247.772222][T13554]  dump_stack+0x1d8/0x241
[ 2247.776525][T13554]  ? panic+0x73e/0x73e
[ 2247.780563][T13554]  ? arch_stack_walk+0x114/0x140
[ 2247.785476][T13554]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2247.791258][T13554]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.797298][T13554]  should_fail+0x709/0x870
[ 2247.801697][T13554]  ? setup_fault_attr+0x3d0/0x3d0
[ 2247.806700][T13554]  ? radix_tree_node_alloc+0x18c/0x370
[ 2247.812131][T13554]  should_failslab+0x5/0x20
[ 2247.816616][T13554]  kmem_cache_alloc+0x24/0x210
[ 2247.821354][T13554]  radix_tree_node_alloc+0x18c/0x370
[ 2247.826613][T13554]  ? sysfs_create_dir_ns+0x181/0x390
[ 2247.831865][T13554]  ? kobject_add_internal+0x6ba/0xcb0
[ 2247.837205][T13554]  ? kobject_add+0x14c/0x210
[ 2247.841786][T13554]  ? device_add+0x3fc/0xbc0
[ 2247.846259][T13554]  idr_get_free+0x299/0x840
[ 2247.850736][T13554]  idr_alloc_cyclic+0x1f3/0x5e0
[ 2247.855569][T13554]  ? idr_alloc+0x2f0/0x2f0
[ 2247.859972][T13554]  ? _raw_spin_lock+0xa3/0x1b0
[ 2247.864713][T13554]  ? __kernfs_new_node+0xdb/0x6d0
[ 2247.869708][T13554]  __kernfs_new_node+0x122/0x6d0
[ 2247.874618][T13554]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.880654][T13554]  ? kernfs_new_node+0x160/0x160
[ 2247.885576][T13554]  ? stack_trace_save+0x132/0x200
[ 2247.890580][T13554]  ? stack_trace_snprint+0x170/0x170
[ 2247.895840][T13554]  ? stack_trace_save+0x132/0x200
[ 2247.900836][T13554]  kernfs_create_dir_ns+0x90/0x220
[ 2247.906049][T13554]  sysfs_create_dir_ns+0x181/0x390
[ 2247.911140][T13554]  ? sysfs_warn_dup+0xa0/0xa0
[ 2247.915794][T13554]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2247.921834][T13554]  kobject_add_internal+0x6ba/0xcb0
[ 2247.927003][T13554]  kobject_add+0x14c/0x210
[ 2247.931397][T13554]  ? _raw_spin_lock+0xa3/0x1b0
[ 2247.936135][T13554]  ? kobject_init+0x1d0/0x1d0
[ 2247.940783][T13554]  ? mutex_unlock+0x19/0x40
[ 2247.945255][T13554]  ? get_device_parent+0x2bd/0x420
[ 2247.950337][T13554]  device_add+0x3fc/0xbc0
[ 2247.954636][T13554]  device_create_vargs+0x1b8/0x210
[ 2247.959717][T13554]  device_create+0xea/0x130
[ 2247.964206][T13554]  ? device_create_vargs+0x210/0x210
[ 2247.969469][T13554]  bdi_register_va+0x89/0x5e0
[ 2247.974123][T13554]  bdi_register+0xd1/0x120
[ 2247.978515][T13554]  ? __device_add_disk+0x539/0x1200
[ 2247.983682][T13554]  ? bdi_register_va+0x5e0/0x5e0
[ 2247.988592][T13554]  ? percpu_ref_resurrect+0x113/0x190
[ 2247.993944][T13554]  bdi_register_owner+0x56/0xf0
[ 2247.998772][T13554]  __device_add_disk+0x5b8/0x1200
[ 2248.003781][T13554]  ? device_add_disk+0x30/0x30
[ 2248.008522][T13554]  ? vsprintf+0x30/0x30
[ 2248.012677][T13554]  ? device_initialize+0x1c7/0x3d0
[ 2248.017760][T13554]  ? __alloc_disk_node+0x326/0x380
[ 2248.022842][T13554]  loop_add+0x554/0x710
[ 2248.026997][T13554]  loop_control_ioctl+0x564/0x740
[ 2248.032006][T13554]  ? loop_remove+0xa0/0xa0
[ 2248.036412][T13554]  ? __lru_cache_add+0x1bf/0x210
[ 2248.041331][T13554]  ? memset+0x1f/0x40
[ 2248.045291][T13554]  ? fsnotify+0x1332/0x13f0
[ 2248.049767][T13554]  ? loop_remove+0xa0/0xa0
[ 2248.054154][T13554]  do_vfs_ioctl+0x744/0x1730
[ 2248.058719][T13554]  ? selinux_file_ioctl+0x723/0x970
[ 2248.063893][T13554]  ? ioctl_preallocate+0x250/0x250
[ 2248.069012][T13554]  ? __fget+0x40c/0x4a0
[ 2248.073139][T13554]  ? fget_many+0x20/0x20
[ 2248.077360][T13554]  ? check_preemption_disabled+0x154/0x330
12:02:09 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 49)

[ 2248.083146][T13554]  ? debug_smp_processor_id+0x20/0x20
[ 2248.088486][T13554]  ? security_file_ioctl+0x9d/0xb0
[ 2248.093566][T13554]  __x64_sys_ioctl+0xd4/0x110
[ 2248.098315][T13554]  do_syscall_64+0xcb/0x1c0
[ 2248.102794][T13554]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:09 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\xea'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000280)=@mangle={'mangle\x00', 0x1f, 0x6, 0x738, 0x340, 0x340, 0x0, 0x0, 0x528, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000200), {[{{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0x7, 0x7], 0x2, 0x30, 0x4, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, @private1, @dev={0xfe, 0x80, '\x00', 0x22}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @mcast2, @loopback, @empty, @private0, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0], 0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@local, 0x21, 0x38, 0xdb}}}, {{@ipv6={@remote, @remote, [0xffffffff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth1_vlan\x00', 'ip6gre0\x00', {}, {0xff}, 0x0, 0x3f, 0x1, 0x41}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x22}, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xa, 0xf, 0x49b0}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x12, 0x24, 0x800}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x4, 0x4, 0x2}, {0x0, 0x4, 0x2}}}}, {{@ipv6={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffffff, 0xff000000, 0xff], [0x0, 0xff000000, 0xffffffff, 0xff], 'syzkaller1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x2f, 0x81, 0x4, 0x10}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@eui64={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@remote, 0x20, 0x18, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x798)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000180)=0x1e)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
pipe2$watch_queue(&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x80)
unlinkat(r1, &(0x7f0000000a40)='./file0\x00', 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\xea'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000280)=@mangle={'mangle\x00', 0x1f, 0x6, 0x738, 0x340, 0x340, 0x0, 0x0, 0x528, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000200), {[{{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0x7, 0x7], 0x2, 0x30, 0x4, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, @private1, @dev={0xfe, 0x80, '\x00', 0x22}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @mcast2, @loopback, @empty, @private0, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0], 0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@local, 0x21, 0x38, 0xdb}}}, {{@ipv6={@remote, @remote, [0xffffffff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth1_vlan\x00', 'ip6gre0\x00', {}, {0xff}, 0x0, 0x3f, 0x1, 0x41}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x22}, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xa, 0xf, 0x49b0}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x12, 0x24, 0x800}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x4, 0x4, 0x2}, {0x0, 0x4, 0x2}}}}, {{@ipv6={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffffff, 0xff000000, 0xff], [0x0, 0xff000000, 0xffffffff, 0xff], 'syzkaller1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x2f, 0x81, 0x4, 0x10}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@eui64={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@remote, 0x20, 0x18, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x798) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000180)=0x1e) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
pipe2$watch_queue(&(0x7f00000001c0), 0x80) (async)
unlinkat(r1, &(0x7f0000000a40)='./file0\x00', 0x0) (async)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) (async)

12:02:09 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e23, 0x1ca, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r2, 0x1f, 0x0, 0xbf, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:09 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x40000, 0x400000)

12:02:09 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0xffffffffffffff8a)

12:02:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000040), 0xfffffffffffffffe, 0x300)

12:02:09 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x40000, 0x400000)

[ 2248.162658][T13580] FAULT_INJECTION: forcing a failure.
[ 2248.162658][T13580] name failslab, interval 1, probability 0, space 0, times 0
[ 2248.175932][T13580] CPU: 1 PID: 13580 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2248.187556][T13580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2248.197592][T13580] Call Trace:
[ 2248.200861][T13580]  dump_stack+0x1d8/0x241
[ 2248.205163][T13580]  ? panic+0x73e/0x73e
[ 2248.209199][T13580]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2248.214973][T13580]  ? idr_alloc+0x2f0/0x2f0
[ 2248.219509][T13580]  should_fail+0x709/0x870
[ 2248.223908][T13580]  ? setup_fault_attr+0x3d0/0x3d0
[ 2248.228906][T13580]  ? mutex_lock+0xa6/0x110
[ 2248.233293][T13580]  ? mutex_trylock+0xa0/0xa0
[ 2248.237855][T13580]  ? __kernfs_new_node+0xdb/0x6d0
[ 2248.242910][T13580]  should_failslab+0x5/0x20
[ 2248.247389][T13580]  kmem_cache_alloc+0x24/0x210
[ 2248.252127][T13580]  __kernfs_new_node+0xdb/0x6d0
[ 2248.256945][T13580]  ? kernfs_activate+0x3fc/0x420
[ 2248.261852][T13580]  ? mutex_unlock+0x19/0x40
[ 2248.266324][T13580]  ? kernfs_new_node+0x160/0x160
[ 2248.271230][T13580]  ? kernfs_create_dir_ns+0x1df/0x220
[ 2248.276580][T13580]  ? sysfs_create_dir_ns+0x181/0x390
[ 2248.281830][T13580]  ? sysfs_create_dir_ns+0x1c7/0x390
[ 2248.287084][T13580]  kernfs_new_node+0x95/0x160
[ 2248.291735][T13580]  __kernfs_create_file+0x45/0x260
[ 2248.296815][T13580]  sysfs_add_file_mode_ns+0x292/0x340
[ 2248.302240][T13580]  sysfs_create_file_ns+0x191/0x2a0
[ 2248.307407][T13580]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 2248.313003][T13580]  ? dev_fwnode+0x4c/0x80
[ 2248.317304][T13580]  ? device_create_file+0xe8/0x1b0
[ 2248.322385][T13580]  device_add+0x4c3/0xbc0
[ 2248.326709][T13580]  device_create_vargs+0x1b8/0x210
[ 2248.331788][T13580]  device_create+0xea/0x130
[ 2248.336282][T13580]  ? device_create_vargs+0x210/0x210
[ 2248.341537][T13580]  bdi_register_va+0x89/0x5e0
[ 2248.346187][T13580]  bdi_register+0xd1/0x120
[ 2248.350575][T13580]  ? __device_add_disk+0x539/0x1200
[ 2248.355739][T13580]  ? bdi_register_va+0x5e0/0x5e0
[ 2248.360647][T13580]  ? percpu_ref_resurrect+0x113/0x190
[ 2248.365987][T13580]  bdi_register_owner+0x56/0xf0
[ 2248.370807][T13580]  __device_add_disk+0x5b8/0x1200
[ 2248.375799][T13580]  ? device_add_disk+0x30/0x30
[ 2248.380531][T13580]  ? vsprintf+0x30/0x30
[ 2248.384682][T13580]  ? device_initialize+0x1c7/0x3d0
[ 2248.389763][T13580]  ? __alloc_disk_node+0x326/0x380
[ 2248.394843][T13580]  loop_add+0x554/0x710
[ 2248.398968][T13580]  loop_control_ioctl+0x564/0x740
[ 2248.403960][T13580]  ? loop_remove+0xa0/0xa0
[ 2248.408346][T13580]  ? __lru_cache_add+0x1bf/0x210
[ 2248.413251][T13580]  ? memset+0x1f/0x40
[ 2248.417205][T13580]  ? fsnotify+0x1332/0x13f0
[ 2248.421683][T13580]  ? loop_remove+0xa0/0xa0
[ 2248.426066][T13580]  do_vfs_ioctl+0x744/0x1730
[ 2248.430627][T13580]  ? selinux_file_ioctl+0x723/0x970
[ 2248.435793][T13580]  ? ioctl_preallocate+0x250/0x250
[ 2248.440877][T13580]  ? __fget+0x40c/0x4a0
[ 2248.445001][T13580]  ? fget_many+0x20/0x20
[ 2248.449220][T13580]  ? check_preemption_disabled+0x154/0x330
[ 2248.454997][T13580]  ? debug_smp_processor_id+0x20/0x20
[ 2248.460342][T13580]  ? security_file_ioctl+0x9d/0xb0
[ 2248.465420][T13580]  __x64_sys_ioctl+0xd4/0x110
[ 2248.470066][T13580]  do_syscall_64+0xcb/0x1c0
[ 2248.474539][T13580]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2248.481453][T13580] ------------[ cut here ]------------
[ 2248.486930][T13580] WARNING: CPU: 1 PID: 13580 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2248.496012][T13580] Modules linked in:
[ 2248.499883][T13580] CPU: 1 PID: 13580 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2248.511472][T13580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2248.521505][T13580] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2248.527312][T13580] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2248.546888][T13580] RSP: 0018:ffff8881e4c47a00 EFLAGS: 00010246
[ 2248.552925][T13580] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2248.560873][T13580] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2248.568814][T13580] RBP: ffff8881e4c47b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2248.576761][T13580] R10: ffffffff84800000 R11: 1ffff1103c988e00 R12: ffff8881e1812000
[ 2248.584731][T13580] R13: dffffc0000000000 R14: ffff8881e1812070 R15: 1ffff1103c30249d
[ 2248.592675][T13580] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2248.601574][T13580] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2248.608324][T13580] CR2: 00007fdebbe0c718 CR3: 00000001e8739000 CR4: 00000000003406e0
[ 2248.616272][T13580] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2248.624215][T13580] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2248.632163][T13580] Call Trace:
[ 2248.635433][T13580]  ? device_add_disk+0x30/0x30
[ 2248.640163][T13580]  ? vsprintf+0x30/0x30
[ 2248.644288][T13580]  ? device_initialize+0x1c7/0x3d0
[ 2248.649369][T13580]  ? __alloc_disk_node+0x326/0x380
[ 2248.654457][T13580]  loop_add+0x554/0x710
[ 2248.658584][T13580]  loop_control_ioctl+0x564/0x740
[ 2248.663580][T13580]  ? loop_remove+0xa0/0xa0
[ 2248.667975][T13580]  ? __lru_cache_add+0x1bf/0x210
[ 2248.672901][T13580]  ? memset+0x1f/0x40
[ 2248.676853][T13580]  ? fsnotify+0x1332/0x13f0
[ 2248.681324][T13580]  ? loop_remove+0xa0/0xa0
[ 2248.685708][T13580]  do_vfs_ioctl+0x744/0x1730
[ 2248.690299][T13580]  ? selinux_file_ioctl+0x723/0x970
[ 2248.695471][T13580]  ? ioctl_preallocate+0x250/0x250
[ 2248.700552][T13580]  ? __fget+0x40c/0x4a0
[ 2248.704682][T13580]  ? fget_many+0x20/0x20
[ 2248.708910][T13580]  ? check_preemption_disabled+0x154/0x330
12:02:10 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\xea'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000280)=@mangle={'mangle\x00', 0x1f, 0x6, 0x738, 0x340, 0x340, 0x0, 0x0, 0x528, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000200), {[{{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0x7, 0x7], 0x2, 0x30, 0x4, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, @private1, @dev={0xfe, 0x80, '\x00', 0x22}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @mcast2, @loopback, @empty, @private0, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0], 0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@local, 0x21, 0x38, 0xdb}}}, {{@ipv6={@remote, @remote, [0xffffffff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth1_vlan\x00', 'ip6gre0\x00', {}, {0xff}, 0x0, 0x3f, 0x1, 0x41}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x22}, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xa, 0xf, 0x49b0}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x12, 0x24, 0x800}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x4, 0x4, 0x2}, {0x0, 0x4, 0x2}}}}, {{@ipv6={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffffff, 0xff000000, 0xff], [0x0, 0xff000000, 0xffffffff, 0xff], 'syzkaller1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x2f, 0x81, 0x4, 0x10}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@eui64={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@remote, 0x20, 0x18, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x798)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000180)=0x1e)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
pipe2$watch_queue(&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x80)
unlinkat(r1, &(0x7f0000000a40)='./file0\x00', 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\xea'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000280)=@mangle={'mangle\x00', 0x1f, 0x6, 0x738, 0x340, 0x340, 0x0, 0x0, 0x528, 0x668, 0x668, 0x668, 0x668, 0x668, 0x6, &(0x7f0000000200), {[{{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0x7, 0x7], 0x2, 0x30, 0x4, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, @private1, @dev={0xfe, 0x80, '\x00', 0x22}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @mcast2, @loopback, @empty, @private0, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0], 0x8}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@local, 0x21, 0x38, 0xdb}}}, {{@ipv6={@remote, @remote, [0xffffffff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth1_vlan\x00', 'ip6gre0\x00', {}, {0xff}, 0x0, 0x3f, 0x1, 0x41}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x22}, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xa, 0xf, 0x49b0}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @remote}, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x12, 0x24, 0x800}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x4, 0x4, 0x2}, {0x0, 0x4, 0x2}}}}, {{@ipv6={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xffffffff, 0xff000000, 0xff], [0x0, 0xff000000, 0xffffffff, 0xff], 'syzkaller1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x2f, 0x81, 0x4, 0x10}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@eui64={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@remote, 0x20, 0x18, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x798) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000180)=0x1e) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
pipe2$watch_queue(&(0x7f00000001c0), 0x80) (async)
unlinkat(r1, &(0x7f0000000a40)='./file0\x00', 0x0) (async)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) (async)

12:02:10 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 50)

12:02:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000040), 0xfffffffffffffffe, 0x300)

12:02:10 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000000)=0xff, 0x4)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x0)

[ 2248.714684][T13580]  ? debug_smp_processor_id+0x20/0x20
[ 2248.720024][T13580]  ? security_file_ioctl+0x9d/0xb0
[ 2248.725105][T13580]  __x64_sys_ioctl+0xd4/0x110
[ 2248.729752][T13580]  do_syscall_64+0xcb/0x1c0
[ 2248.734226][T13580]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2248.740088][T13580] ---[ end trace 9fb896c1b706f703 ]---
12:02:10 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e23, 0x1ca, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r2, 0x1f, 0x0, 0xbf, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e23, 0x1ca, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r2, 0x1f, 0x0, 0xbf, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:10 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x40000, 0x400000)
syz_open_dev$loop(&(0x7f0000000000), 0x40000, 0x400000) (async)

12:02:10 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0)
socket$inet6(0xa, 0xa66cd32db1ea3f15, 0x6)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000004c0)={0x0, {}, 0x0, {}, 0x96, 0x9, 0x12, 0x18, "2ea0714f640eaed176a02c6ef38a576d846a2c156d49cca73d4c8bd75fc24ca504df56b18fe84de308c52547f6f9b5dfaa0248aa8a28e98e2aee76db626a6b61", "0b1cb3e43aa5d550b843e45c76bd922ce222201f670c4f4b31d20df4f39cab28", [0x7ff, 0x734]})
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x9, 0x3, 0x2c8, 0xe8, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x3, &(0x7f0000000140), {[{{@ipv6={@local, @loopback, [0xffffff00, 0xffffffff, 0xffffff00, 0xffffff00], [0xff, 0xffffffff, 0xff000000, 0xff], 'veth0_virt_wifi\x00', 'veth0_macvtap\x00', {0xff}, {}, 0x2, 0x4, 0x4, 0x30}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f6d766ae0bca7c2a997a9733d1b3be23d2a25164536a9558762c749c5cfb"}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @loopback, [0x0, 0x0, 0x0, 0xff], [0xff, 0xff, 0xffffff], 'veth1\x00', 'lo\x00', {0xff}, {0xff}, 0x88, 0xff, 0x0, 0x20}, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0xe0, 0x6, {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328)

12:02:10 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000000)=0xff, 0x4)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000000)=0xff, 0x4) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RREMOVE(r1, 0x0, 0x0) (async)

12:02:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000040), 0xfffffffffffffffe, 0x300)

12:02:10 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e23, 0x1ca, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r2, 0x1f, 0x0, 0xbf, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e23, 0x1ca, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r2, 0x1f, 0x0, 0xbf, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

[ 2248.860059][T13612] FAULT_INJECTION: forcing a failure.
[ 2248.860059][T13612] name failslab, interval 1, probability 0, space 0, times 0
[ 2248.875871][T13612] CPU: 1 PID: 13612 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2248.887511][T13612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2248.897582][T13612] Call Trace:
[ 2248.900854][T13612]  dump_stack+0x1d8/0x241
[ 2248.905161][T13612]  ? panic+0x73e/0x73e
12:02:10 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
accept$inet6(r3, 0x0, &(0x7f0000000180))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2248.909207][T13612]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2248.914994][T13612]  ? _raw_spin_lock+0xa3/0x1b0
[ 2248.919739][T13612]  should_fail+0x709/0x870
[ 2248.924144][T13612]  ? security_kernfs_init_security+0x9a/0xb0
[ 2248.930101][T13612]  ? setup_fault_attr+0x3d0/0x3d0
[ 2248.935101][T13612]  ? mutex_lock+0xa6/0x110
[ 2248.939501][T13612]  ? mutex_trylock+0xa0/0xa0
[ 2248.944090][T13612]  ? __kernfs_new_node+0xdb/0x6d0
[ 2248.949102][T13612]  should_failslab+0x5/0x20
[ 2248.953583][T13612]  kmem_cache_alloc+0x24/0x210
[ 2248.958318][T13612]  __kernfs_new_node+0xdb/0x6d0
[ 2248.963137][T13612]  ? kernfs_activate+0x3fc/0x420
[ 2248.968067][T13612]  ? mutex_unlock+0x19/0x40
[ 2248.972543][T13612]  ? kernfs_new_node+0x160/0x160
[ 2248.977457][T13612]  ? __kernfs_create_file+0x1f1/0x260
[ 2248.982808][T13612]  ? sysfs_add_file_mode_ns+0x292/0x340
[ 2248.988321][T13612]  kernfs_new_node+0x95/0x160
[ 2248.992966][T13612]  kernfs_create_link+0x9c/0x1f0
[ 2248.997887][T13612]  sysfs_do_create_link_sd+0x85/0x100
[ 2249.003263][T13612]  device_add_class_symlinks+0xd6/0x2a0
[ 2249.008790][T13612]  device_add+0x4e4/0xbc0
[ 2249.013095][T13612]  device_create_vargs+0x1b8/0x210
[ 2249.018180][T13612]  device_create+0xea/0x130
[ 2249.022654][T13612]  ? device_create_vargs+0x210/0x210
[ 2249.027915][T13612]  bdi_register_va+0x89/0x5e0
[ 2249.032564][T13612]  bdi_register+0xd1/0x120
[ 2249.036951][T13612]  ? __device_add_disk+0x539/0x1200
[ 2249.042121][T13612]  ? bdi_register_va+0x5e0/0x5e0
[ 2249.047030][T13612]  ? percpu_ref_resurrect+0x113/0x190
[ 2249.052379][T13612]  bdi_register_owner+0x56/0xf0
[ 2249.057209][T13612]  __device_add_disk+0x5b8/0x1200
[ 2249.062207][T13612]  ? device_add_disk+0x30/0x30
[ 2249.066939][T13612]  ? vsprintf+0x30/0x30
[ 2249.071074][T13612]  ? device_initialize+0x1c7/0x3d0
[ 2249.076159][T13612]  ? __alloc_disk_node+0x326/0x380
[ 2249.081241][T13612]  loop_add+0x554/0x710
[ 2249.085376][T13612]  loop_control_ioctl+0x564/0x740
[ 2249.090376][T13612]  ? loop_remove+0xa0/0xa0
[ 2249.094771][T13612]  ? __lru_cache_add+0x1bf/0x210
[ 2249.099679][T13612]  ? memset+0x1f/0x40
[ 2249.103632][T13612]  ? fsnotify+0x1332/0x13f0
[ 2249.108107][T13612]  ? loop_remove+0xa0/0xa0
[ 2249.112495][T13612]  do_vfs_ioctl+0x744/0x1730
[ 2249.117059][T13612]  ? selinux_file_ioctl+0x723/0x970
[ 2249.122232][T13612]  ? ioctl_preallocate+0x250/0x250
[ 2249.127314][T13612]  ? __fget+0x40c/0x4a0
[ 2249.131448][T13612]  ? fget_many+0x20/0x20
[ 2249.135666][T13612]  ? check_preemption_disabled+0x154/0x330
[ 2249.141445][T13612]  ? debug_smp_processor_id+0x20/0x20
[ 2249.146793][T13612]  ? security_file_ioctl+0x9d/0xb0
[ 2249.151873][T13612]  __x64_sys_ioctl+0xd4/0x110
[ 2249.156523][T13612]  do_syscall_64+0xcb/0x1c0
12:02:10 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x4e)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2249.161002][T13612]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2249.170669][T13612] ------------[ cut here ]------------
[ 2249.176354][T13612] WARNING: CPU: 1 PID: 13612 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2249.185429][T13612] Modules linked in:
[ 2249.189306][T13612] CPU: 1 PID: 13612 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2249.200901][T13612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2249.210943][T13612] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2249.216719][T13612] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2249.236297][T13612] RSP: 0018:ffff8881ec1d7a00 EFLAGS: 00010246
[ 2249.242364][T13612] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2249.250319][T13612] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2249.258264][T13612] RBP: ffff8881ec1d7b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2249.266211][T13612] R10: ffffffff84800000 R11: 1ffff1103d83ae00 R12: ffff8881ec008000
[ 2249.274161][T13612] R13: dffffc0000000000 R14: ffff8881ec008070 R15: 1ffff1103d80109d
[ 2249.282104][T13612] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2249.291023][T13612] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2249.297576][T13612] CR2: 00007ffe4f5e9bf8 CR3: 00000001eaa69000 CR4: 00000000003406e0
[ 2249.305522][T13612] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2249.313463][T13612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2249.321403][T13612] Call Trace:
[ 2249.324670][T13612]  ? device_add_disk+0x30/0x30
[ 2249.329406][T13612]  ? vsprintf+0x30/0x30
[ 2249.333534][T13612]  ? device_initialize+0x1c7/0x3d0
[ 2249.338706][T13612]  ? __alloc_disk_node+0x326/0x380
[ 2249.343787][T13612]  loop_add+0x554/0x710
[ 2249.347915][T13612]  loop_control_ioctl+0x564/0x740
[ 2249.352911][T13612]  ? loop_remove+0xa0/0xa0
[ 2249.357329][T13612]  ? __lru_cache_add+0x1bf/0x210
[ 2249.362244][T13612]  ? memset+0x1f/0x40
[ 2249.366196][T13612]  ? fsnotify+0x1332/0x13f0
[ 2249.370673][T13612]  ? loop_remove+0xa0/0xa0
[ 2249.375080][T13612]  do_vfs_ioctl+0x744/0x1730
[ 2249.379644][T13612]  ? selinux_file_ioctl+0x723/0x970
[ 2249.384810][T13612]  ? ioctl_preallocate+0x250/0x250
[ 2249.389890][T13612]  ? __fget+0x40c/0x4a0
[ 2249.394016][T13612]  ? fget_many+0x20/0x20
[ 2249.398227][T13612]  ? check_preemption_disabled+0x154/0x330
[ 2249.404002][T13612]  ? debug_smp_processor_id+0x20/0x20
12:02:10 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 51)

12:02:10 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
renameat(r0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='.\x00')
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$USBDEVFS_CONNECTINFO(r1, 0x40085511, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:10 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
setsockopt$MRT6_TABLE(r0, 0x29, 0xcf, &(0x7f0000000000)=0xff, 0x4) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RREMOVE(r1, 0x0, 0x0)

12:02:10 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
accept$inet6(r3, 0x0, &(0x7f0000000180))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
accept$inet6(r3, 0x0, &(0x7f0000000180)) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:10 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0) (async)
socket$inet6(0xa, 0xa66cd32db1ea3f15, 0x6) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040)) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000004c0)={0x0, {}, 0x0, {}, 0x96, 0x9, 0x12, 0x18, "2ea0714f640eaed176a02c6ef38a576d846a2c156d49cca73d4c8bd75fc24ca504df56b18fe84de308c52547f6f9b5dfaa0248aa8a28e98e2aee76db626a6b61", "0b1cb3e43aa5d550b843e45c76bd922ce222201f670c4f4b31d20df4f39cab28", [0x7ff, 0x734]}) (async)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x9, 0x3, 0x2c8, 0xe8, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x3, &(0x7f0000000140), {[{{@ipv6={@local, @loopback, [0xffffff00, 0xffffffff, 0xffffff00, 0xffffff00], [0xff, 0xffffffff, 0xff000000, 0xff], 'veth0_virt_wifi\x00', 'veth0_macvtap\x00', {0xff}, {}, 0x2, 0x4, 0x4, 0x30}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f6d766ae0bca7c2a997a9733d1b3be23d2a25164536a9558762c749c5cfb"}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @loopback, [0x0, 0x0, 0x0, 0xff], [0xff, 0xff, 0xffffff], 'veth1\x00', 'lo\x00', {0xff}, {0xff}, 0x88, 0xff, 0x0, 0x20}, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0xe0, 0x6, {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328)

[ 2249.409351][T13612]  ? security_file_ioctl+0x9d/0xb0
[ 2249.414434][T13612]  __x64_sys_ioctl+0xd4/0x110
[ 2249.419088][T13612]  do_syscall_64+0xcb/0x1c0
[ 2249.423566][T13612]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2249.429424][T13612] ---[ end trace 9fb896c1b706f704 ]---
12:02:10 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
renameat(r0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='.\x00')
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$USBDEVFS_CONNECTINFO(r1, 0x40085511, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:10 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x1f)

[ 2249.475151][T13667] FAULT_INJECTION: forcing a failure.
[ 2249.475151][T13667] name failslab, interval 1, probability 0, space 0, times 0
[ 2249.487943][T13667] CPU: 0 PID: 13667 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2249.499559][T13667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2249.509617][T13667] Call Trace:
[ 2249.512919][T13667]  dump_stack+0x1d8/0x241
[ 2249.517218][T13667]  ? panic+0x73e/0x73e
[ 2249.521258][T13667]  ? idr_get_free+0x6a3/0x840
[ 2249.525905][T13667]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2249.531681][T13667]  ? mutex_unlock+0x19/0x40
[ 2249.536162][T13667]  ? kernfs_xattr_get+0x81/0x90
[ 2249.540986][T13667]  should_fail+0x709/0x870
[ 2249.545389][T13667]  ? setup_fault_attr+0x3d0/0x3d0
[ 2249.550397][T13667]  ? idr_alloc+0x2f0/0x2f0
[ 2249.554786][T13667]  ? __kernfs_new_node+0x99/0x6d0
[ 2249.559783][T13667]  should_failslab+0x5/0x20
[ 2249.564258][T13667]  __kmalloc_track_caller+0x4f/0x280
[ 2249.569522][T13667]  kstrdup_const+0x51/0x90
[ 2249.573911][T13667]  __kernfs_new_node+0x99/0x6d0
[ 2249.578731][T13667]  ? mutex_lock+0xa6/0x110
[ 2249.583117][T13667]  ? kernfs_new_node+0x160/0x160
[ 2249.588032][T13667]  kernfs_new_node+0x95/0x160
[ 2249.592686][T13667]  kernfs_create_link+0x9c/0x1f0
[ 2249.597610][T13667]  sysfs_do_create_link_sd+0x85/0x100
[ 2249.602954][T13667]  device_add_class_symlinks+0x211/0x2a0
[ 2249.608556][T13667]  device_add+0x4e4/0xbc0
[ 2249.612857][T13667]  device_create_vargs+0x1b8/0x210
[ 2249.617937][T13667]  device_create+0xea/0x130
[ 2249.622411][T13667]  ? device_create_vargs+0x210/0x210
[ 2249.627669][T13667]  bdi_register_va+0x89/0x5e0
[ 2249.632318][T13667]  bdi_register+0xd1/0x120
[ 2249.636706][T13667]  ? __device_add_disk+0x539/0x1200
[ 2249.641899][T13667]  ? bdi_register_va+0x5e0/0x5e0
[ 2249.646809][T13667]  ? percpu_ref_resurrect+0x113/0x190
[ 2249.652156][T13667]  bdi_register_owner+0x56/0xf0
[ 2249.656995][T13667]  __device_add_disk+0x5b8/0x1200
[ 2249.661994][T13667]  ? device_add_disk+0x30/0x30
[ 2249.666746][T13667]  ? vsprintf+0x30/0x30
[ 2249.670874][T13667]  ? device_initialize+0x1c7/0x3d0
[ 2249.675955][T13667]  ? __alloc_disk_node+0x326/0x380
[ 2249.681035][T13667]  loop_add+0x554/0x710
[ 2249.685159][T13667]  loop_control_ioctl+0x564/0x740
[ 2249.690155][T13667]  ? loop_remove+0xa0/0xa0
[ 2249.694546][T13667]  ? __lru_cache_add+0x1bf/0x210
[ 2249.699452][T13667]  ? memset+0x1f/0x40
[ 2249.703402][T13667]  ? fsnotify+0x1332/0x13f0
[ 2249.707872][T13667]  ? loop_remove+0xa0/0xa0
[ 2249.712272][T13667]  do_vfs_ioctl+0x744/0x1730
[ 2249.716844][T13667]  ? selinux_file_ioctl+0x723/0x970
12:02:11 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 32)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async, rerun: 64)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r3, 0x0, 0x0) (async)
accept$inet6(r3, 0x0, &(0x7f0000000180))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2249.722014][T13667]  ? ioctl_preallocate+0x250/0x250
[ 2249.727093][T13667]  ? __fget+0x40c/0x4a0
[ 2249.731219][T13667]  ? fget_many+0x20/0x20
[ 2249.735436][T13667]  ? check_preemption_disabled+0x154/0x330
[ 2249.741211][T13667]  ? debug_smp_processor_id+0x20/0x20
[ 2249.746552][T13667]  ? security_file_ioctl+0x9d/0xb0
[ 2249.751634][T13667]  __x64_sys_ioctl+0xd4/0x110
[ 2249.756286][T13667]  do_syscall_64+0xcb/0x1c0
[ 2249.760764][T13667]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2249.772510][T13667] ------------[ cut here ]------------
[ 2249.778008][T13667] WARNING: CPU: 0 PID: 13667 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2249.787091][T13667] Modules linked in:
[ 2249.790963][T13667] CPU: 0 PID: 13667 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2249.802556][T13667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2249.812602][T13667] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2249.818383][T13667] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2249.837961][T13667] RSP: 0018:ffff8881de757a00 EFLAGS: 00010246
[ 2249.844004][T13667] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2249.851947][T13667] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2249.859890][T13667] RBP: ffff8881de757b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2249.867834][T13667] R10: ffffffff84800000 R11: 1ffff1103bceae00 R12: ffff8881e0564000
[ 2249.875776][T13667] R13: dffffc0000000000 R14: ffff8881e0564070 R15: 1ffff1103c0ac89d
[ 2249.883721][T13667] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2249.892618][T13667] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2249.899171][T13667] CR2: 00007ffde2aae8d8 CR3: 00000001e1d16000 CR4: 00000000003406f0
[ 2249.907117][T13667] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2249.915170][T13667] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2249.923112][T13667] Call Trace:
[ 2249.926383][T13667]  ? device_add_disk+0x30/0x30
[ 2249.931117][T13667]  ? vsprintf+0x30/0x30
[ 2249.935244][T13667]  ? device_initialize+0x1c7/0x3d0
[ 2249.940328][T13667]  ? __alloc_disk_node+0x326/0x380
[ 2249.945412][T13667]  loop_add+0x554/0x710
[ 2249.949541][T13667]  loop_control_ioctl+0x564/0x740
[ 2249.954546][T13667]  ? loop_remove+0xa0/0xa0
[ 2249.958939][T13667]  ? __lru_cache_add+0x1bf/0x210
[ 2249.963859][T13667]  ? memset+0x1f/0x40
[ 2249.967812][T13667]  ? fsnotify+0x1332/0x13f0
[ 2249.972293][T13667]  ? loop_remove+0xa0/0xa0
[ 2249.976679][T13667]  do_vfs_ioctl+0x744/0x1730
[ 2249.981240][T13667]  ? selinux_file_ioctl+0x723/0x970
[ 2249.986433][T13667]  ? ioctl_preallocate+0x250/0x250
[ 2249.991526][T13667]  ? __fget+0x40c/0x4a0
[ 2249.995661][T13667]  ? fget_many+0x20/0x20
[ 2249.999874][T13667]  ? check_preemption_disabled+0x154/0x330
[ 2250.005652][T13667]  ? debug_smp_processor_id+0x20/0x20
[ 2250.011001][T13667]  ? security_file_ioctl+0x9d/0xb0
[ 2250.016081][T13667]  __x64_sys_ioctl+0xd4/0x110
[ 2250.020741][T13667]  do_syscall_64+0xcb/0x1c0
12:02:11 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 52)

12:02:11 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, 0x0, 0x4e)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x4e) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:02:11 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0)
socket$inet6(0xa, 0xa66cd32db1ea3f15, 0x6)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040)) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000004c0)={0x0, {}, 0x0, {}, 0x96, 0x9, 0x12, 0x18, "2ea0714f640eaed176a02c6ef38a576d846a2c156d49cca73d4c8bd75fc24ca504df56b18fe84de308c52547f6f9b5dfaa0248aa8a28e98e2aee76db626a6b61", "0b1cb3e43aa5d550b843e45c76bd922ce222201f670c4f4b31d20df4f39cab28", [0x7ff, 0x734]}) (async, rerun: 64)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x9, 0x3, 0x2c8, 0xe8, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x3, &(0x7f0000000140), {[{{@ipv6={@local, @loopback, [0xffffff00, 0xffffffff, 0xffffff00, 0xffffff00], [0xff, 0xffffffff, 0xff000000, 0xff], 'veth0_virt_wifi\x00', 'veth0_macvtap\x00', {0xff}, {}, 0x2, 0x4, 0x4, 0x30}, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "f6d766ae0bca7c2a997a9733d1b3be23d2a25164536a9558762c749c5cfb"}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @loopback, [0x0, 0x0, 0x0, 0xff], [0xff, 0xff, 0xffffff], 'veth1\x00', 'lo\x00', {0xff}, {0xff}, 0x88, 0xff, 0x0, 0x20}, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0xe0, 0x6, {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328) (rerun: 64)

[ 2250.025225][T13667]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2250.031089][T13667] ---[ end trace 9fb896c1b706f705 ]---
12:02:11 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000001c0)={0xf, 0x1f, 0x2}, 0xf)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x4080, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r3, 0x0, 0xdb)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000340)="5b7fa3a64c6a9cd4780c1ec158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp, 0x4}, 0x20)
r4 = openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x183800, 0x0)
futimesat(r4, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {0x77359400}})
mknodat$null(r4, &(0x7f0000000300)='./file0\x00', 0x4000, 0x103)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x9, 0x40, 0x399, 0xb1, r5, 0x9, '\x00', 0x0, r3, 0x5, 0x5, 0x2}, 0x48)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x743040, 0x0)
write$P9_RSTATFS(r6, &(0x7f0000000400)={0x43, 0x9, 0x2, {0xbd, 0x7, 0x1, 0xc23, 0x400, 0x5, 0x3ff, 0x1c000000, 0x5}}, 0x43)
ioctl$USBDEVFS_FORBID_SUSPEND(r2, 0x5521)
openat$cgroup_freezer_state(r2, &(0x7f0000000180), 0x2, 0x0)
accept$inet6(r6, &(0x7f0000000480)={0xa, 0x0, 0x0, @local}, &(0x7f00000004c0)=0x1c)

12:02:11 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x1f)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x1f) (async)

12:02:11 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000001c0)={0xf, 0x1f, 0x2}, 0xf)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x4080, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r3, 0x0, 0xdb)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000340)="5b7fa3a64c6a9cd4780c1ec158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp, 0x4}, 0x20)
r4 = openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x183800, 0x0)
futimesat(r4, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {0x77359400}})
mknodat$null(r4, &(0x7f0000000300)='./file0\x00', 0x4000, 0x103)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x9, 0x40, 0x399, 0xb1, r5, 0x9, '\x00', 0x0, r3, 0x5, 0x5, 0x2}, 0x48)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x743040, 0x0)
write$P9_RSTATFS(r6, &(0x7f0000000400)={0x43, 0x9, 0x2, {0xbd, 0x7, 0x1, 0xc23, 0x400, 0x5, 0x3ff, 0x1c000000, 0x5}}, 0x43)
ioctl$USBDEVFS_FORBID_SUSPEND(r2, 0x5521)
openat$cgroup_freezer_state(r2, &(0x7f0000000180), 0x2, 0x0)
accept$inet6(r6, &(0x7f0000000480)={0xa, 0x0, 0x0, @local}, &(0x7f00000004c0)=0x1c)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000001c0)={0xf, 0x1f, 0x2}, 0xf) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x4080, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
connect$inet6(r3, 0x0, 0xdb) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000340)="5b7fa3a64c6a9cd4780c1ec158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp, 0x4}, 0x20) (async)
openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x183800, 0x0) (async)
futimesat(r4, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {0x77359400}}) (async)
mknodat$null(r4, &(0x7f0000000300)='./file0\x00', 0x4000, 0x103) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r5, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x9, 0x40, 0x399, 0xb1, r5, 0x9, '\x00', 0x0, r3, 0x5, 0x5, 0x2}, 0x48) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x743040, 0x0) (async)
write$P9_RSTATFS(r6, &(0x7f0000000400)={0x43, 0x9, 0x2, {0xbd, 0x7, 0x1, 0xc23, 0x400, 0x5, 0x3ff, 0x1c000000, 0x5}}, 0x43) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r2, 0x5521) (async)
openat$cgroup_freezer_state(r2, &(0x7f0000000180), 0x2, 0x0) (async)
accept$inet6(r6, &(0x7f0000000480)={0xa, 0x0, 0x0, @local}, &(0x7f00000004c0)=0x1c) (async)

12:02:11 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x1f)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x1f) (async)

12:02:11 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
renameat(r0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='.\x00')
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$USBDEVFS_CONNECTINFO(r1, 0x40085511, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
renameat(r0, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='.\x00') (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$USBDEVFS_CONNECTINFO(r1, 0x40085511, &(0x7f0000000040)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)

12:02:11 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000001c0)={0xf, 0x1f, 0x2}, 0xf)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x4080, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r3, 0x0, 0xdb)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000340)="5b7fa3a64c6a9cd4780c1ec158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp, 0x4}, 0x20)
r4 = openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x183800, 0x0)
futimesat(r4, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {0x77359400}})
mknodat$null(r4, &(0x7f0000000300)='./file0\x00', 0x4000, 0x103)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x9, 0x40, 0x399, 0xb1, r5, 0x9, '\x00', 0x0, r3, 0x5, 0x5, 0x2}, 0x48)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x743040, 0x0)
write$P9_RSTATFS(r6, &(0x7f0000000400)={0x43, 0x9, 0x2, {0xbd, 0x7, 0x1, 0xc23, 0x400, 0x5, 0x3ff, 0x1c000000, 0x5}}, 0x43)
ioctl$USBDEVFS_FORBID_SUSPEND(r2, 0x5521)
openat$cgroup_freezer_state(r2, &(0x7f0000000180), 0x2, 0x0)
accept$inet6(r6, &(0x7f0000000480)={0xa, 0x0, 0x0, @local}, &(0x7f00000004c0)=0x1c)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000001c0)={0xf, 0x1f, 0x2}, 0xf) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x4080, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
connect$inet6(r3, 0x0, 0xdb) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000340)="5b7fa3a64c6a9cd4780c1ec158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp, 0x4}, 0x20) (async)
openat$incfs(0xffffffffffffffff, &(0x7f0000000200)='.pending_reads\x00', 0x183800, 0x0) (async)
futimesat(r4, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {0x77359400}}) (async)
mknodat$null(r4, &(0x7f0000000300)='./file0\x00', 0x4000, 0x103) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r5, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x17, 0x9, 0x40, 0x399, 0xb1, r5, 0x9, '\x00', 0x0, r3, 0x5, 0x5, 0x2}, 0x48) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x743040, 0x0) (async)
write$P9_RSTATFS(r6, &(0x7f0000000400)={0x43, 0x9, 0x2, {0xbd, 0x7, 0x1, 0xc23, 0x400, 0x5, 0x3ff, 0x1c000000, 0x5}}, 0x43) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r2, 0x5521) (async)
openat$cgroup_freezer_state(r2, &(0x7f0000000180), 0x2, 0x0) (async)
accept$inet6(r6, &(0x7f0000000480)={0xa, 0x0, 0x0, @local}, &(0x7f00000004c0)=0x1c) (async)

12:02:11 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x48000)

[ 2250.121974][T13733] FAULT_INJECTION: forcing a failure.
[ 2250.121974][T13733] name failslab, interval 1, probability 0, space 0, times 0
[ 2250.136160][T13733] CPU: 0 PID: 13733 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2250.147805][T13733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2250.157852][T13733] Call Trace:
[ 2250.161146][T13733]  dump_stack+0x1d8/0x241
[ 2250.165486][T13733]  ? panic+0x73e/0x73e
12:02:11 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="a70000007d0200000091000300530000000000000000000000000000000000000040000800001f000000010075672f62696e6465722f7374617473001f002f7379732f6b65726e656c2f64656275672f62696e6465722f7374617473001f002f737973c105470455294664656275672f62696e6465722f7374617473000100290100cd0000000000000000000000ae49de4486dab6dc369a0900000016ac141b00"/172, @ANYRES32=0xee00, @ANYRES32=0xee01, @ANYRES32=0xee00], 0xa7)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RREADDIR(r1, &(0x7f0000000200)={0x103, 0x29, 0x2, {0x6f6, [{{0x40, 0x4, 0x6}, 0x8, 0x2, 0x7, './file0'}, {{0x2, 0x3, 0x4}, 0xb67b, 0x0, 0x7, './file0'}, {{0x1, 0x0, 0x3}, 0x8, 0x0, 0x7, './file0'}, {{0x40, 0x2, 0x2}, 0x8000, 0x9d, 0x7, './file0'}, {{0x40, 0x0, 0x2}, 0x1000, 0x22, 0x7, './file0'}, {{0x10, 0x2, 0x7}, 0x1, 0xc8, 0x7, './file0'}, {{0x1, 0x4, 0x8}, 0x0, 0x4f, 0x7, './file0'}, {{0x0, 0x2, 0x5}, 0x1, 0x6, 0x7, './file0'}]}}, 0x103)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@security={'security\x00', 0xe, 0x4, 0x3f8, 0xffffffff, 0x258, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000340), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x7, 0x0, [0x2, 0x8, 0x8001, 0xb2, 0x6, 0x1000, 0x9e, 0x1, 0x7, 0x5, 0x1, 0x40, 0x3f, 0x0, 0x7], 0x7}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x1, 0x3, 0x4}, {0x0, 0x2, 0x2}}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x24}, [0xff, 0xffffffff, 0xffffffff, 0x7c37b3791c458719], [0xffffffff, 0x0, 0x0, 0xffffffff], 'lo\x00', 'wg0\x00', {0xff}, {0xff}, 0x2, 0x45, 0x2}, 0x0, 0x108, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0xff, 0xc0, 0x9, 0x7, 0xd9, 0x9ae, 0x401}}, @common=@ah={{0x30}, {[0x4d6, 0x4d3], 0x8, 0x3, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x2, 0x1}, {0x1, 0x3}, {0x2, 0x0, 0x1}, 0xfff, 0x1000}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
write$P9_RATTACH(r2, &(0x7f0000000800)={0x14, 0x69, 0x1, {0x20, 0x0, 0x4}}, 0x14)
getpeername$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c)

12:02:11 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x110, 0xffffffffffffffff, 0x1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2250.169551][T13733]  ? idr_get_free+0x6a3/0x840
[ 2250.174230][T13733]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2250.180033][T13733]  ? mutex_unlock+0x19/0x40
[ 2250.184543][T13733]  ? kernfs_xattr_get+0x81/0x90
[ 2250.189391][T13733]  should_fail+0x709/0x870
[ 2250.193816][T13733]  ? setup_fault_attr+0x3d0/0x3d0
[ 2250.198841][T13733]  ? idr_alloc+0x2f0/0x2f0
[ 2250.203459][T13733]  ? __kernfs_new_node+0x99/0x6d0
[ 2250.208474][T13733]  should_failslab+0x5/0x20
[ 2250.212958][T13733]  __kmalloc_track_caller+0x4f/0x280
[ 2250.218218][T13733]  kstrdup_const+0x51/0x90
[ 2250.222609][T13733]  __kernfs_new_node+0x99/0x6d0
[ 2250.227441][T13733]  ? mutex_lock+0xa6/0x110
[ 2250.231832][T13733]  ? kernfs_new_node+0x160/0x160
[ 2250.236749][T13733]  kernfs_new_node+0x95/0x160
[ 2250.241417][T13733]  kernfs_create_link+0x9c/0x1f0
[ 2250.246324][T13733]  sysfs_do_create_link_sd+0x85/0x100
[ 2250.251757][T13733]  device_add_class_symlinks+0x211/0x2a0
[ 2250.257889][T13733]  device_add+0x4e4/0xbc0
[ 2250.262207][T13733]  device_create_vargs+0x1b8/0x210
[ 2250.267290][T13733]  device_create+0xea/0x130
[ 2250.271766][T13733]  ? device_create_vargs+0x210/0x210
[ 2250.277021][T13733]  bdi_register_va+0x89/0x5e0
[ 2250.281668][T13733]  bdi_register+0xd1/0x120
[ 2250.286054][T13733]  ? __device_add_disk+0x539/0x1200
[ 2250.291236][T13733]  ? bdi_register_va+0x5e0/0x5e0
[ 2250.296164][T13733]  ? percpu_ref_resurrect+0x113/0x190
[ 2250.301512][T13733]  bdi_register_owner+0x56/0xf0
[ 2250.306337][T13733]  __device_add_disk+0x5b8/0x1200
[ 2250.311346][T13733]  ? device_add_disk+0x30/0x30
[ 2250.316103][T13733]  ? vsprintf+0x30/0x30
[ 2250.320241][T13733]  ? device_initialize+0x1c7/0x3d0
[ 2250.325321][T13733]  ? __alloc_disk_node+0x326/0x380
[ 2250.330412][T13733]  loop_add+0x554/0x710
[ 2250.334538][T13733]  loop_control_ioctl+0x564/0x740
[ 2250.339538][T13733]  ? loop_remove+0xa0/0xa0
[ 2250.343936][T13733]  ? __lru_cache_add+0x1bf/0x210
[ 2250.348874][T13733]  ? memset+0x1f/0x40
[ 2250.352847][T13733]  ? fsnotify+0x1332/0x13f0
[ 2250.357321][T13733]  ? loop_remove+0xa0/0xa0
[ 2250.361744][T13733]  do_vfs_ioctl+0x744/0x1730
[ 2250.366305][T13733]  ? selinux_file_ioctl+0x723/0x970
[ 2250.371475][T13733]  ? ioctl_preallocate+0x250/0x250
[ 2250.376555][T13733]  ? __fget+0x40c/0x4a0
[ 2250.380704][T13733]  ? fget_many+0x20/0x20
[ 2250.384920][T13733]  ? check_preemption_disabled+0x154/0x330
[ 2250.390714][T13733]  ? debug_smp_processor_id+0x20/0x20
[ 2250.396074][T13733]  ? security_file_ioctl+0x9d/0xb0
[ 2250.401164][T13733]  __x64_sys_ioctl+0xd4/0x110
[ 2250.405823][T13733]  do_syscall_64+0xcb/0x1c0
[ 2250.410316][T13733]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2250.418618][T13733] ------------[ cut here ]------------
[ 2250.424107][T13733] WARNING: CPU: 0 PID: 13733 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2250.433186][T13733] Modules linked in:
[ 2250.437088][T13733] CPU: 0 PID: 13733 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2250.448853][T13733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2250.458887][T13733] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2250.464675][T13733] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2250.484342][T13733] RSP: 0018:ffff8881e1487a00 EFLAGS: 00010246
[ 2250.490407][T13733] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2250.498348][T13733] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2250.506291][T13733] RBP: ffff8881e1487b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2250.514236][T13733] R10: ffffffff84800000 R11: 1ffff1103c290e00 R12: ffff8881e9eec000
[ 2250.522177][T13733] R13: dffffc0000000000 R14: ffff8881e9eec070 R15: 1ffff1103d3dd89d
[ 2250.530121][T13733] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2250.539017][T13733] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2250.545568][T13733] CR2: 00007f5fe0795ff8 CR3: 00000001edc5f000 CR4: 00000000003406f0
[ 2250.553510][T13733] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2250.561451][T13733] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2250.569393][T13733] Call Trace:
[ 2250.572662][T13733]  ? device_add_disk+0x30/0x30
[ 2250.577399][T13733]  ? vsprintf+0x30/0x30
[ 2250.581540][T13733]  ? device_initialize+0x1c7/0x3d0
[ 2250.586620][T13733]  ? __alloc_disk_node+0x326/0x380
[ 2250.591704][T13733]  loop_add+0x554/0x710
[ 2250.595832][T13733]  loop_control_ioctl+0x564/0x740
[ 2250.600838][T13733]  ? loop_remove+0xa0/0xa0
[ 2250.605230][T13733]  ? __lru_cache_add+0x1bf/0x210
[ 2250.610144][T13733]  ? memset+0x1f/0x40
[ 2250.614101][T13733]  ? fsnotify+0x1332/0x13f0
[ 2250.618572][T13733]  ? loop_remove+0xa0/0xa0
[ 2250.622955][T13733]  do_vfs_ioctl+0x744/0x1730
[ 2250.627514][T13733]  ? selinux_file_ioctl+0x723/0x970
[ 2250.632680][T13733]  ? ioctl_preallocate+0x250/0x250
[ 2250.637796][T13733]  ? __fget+0x40c/0x4a0
[ 2250.641921][T13733]  ? fget_many+0x20/0x20
[ 2250.646130][T13733]  ? check_preemption_disabled+0x154/0x330
[ 2250.651903][T13733]  ? debug_smp_processor_id+0x20/0x20
[ 2250.657243][T13733]  ? security_file_ioctl+0x9d/0xb0
[ 2250.662322][T13733]  __x64_sys_ioctl+0xd4/0x110
[ 2250.666968][T13733]  do_syscall_64+0xcb/0x1c0
12:02:12 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 53)

12:02:12 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x4e)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x0)

12:02:12 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x48000)
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x48000) (async)

12:02:12 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="a70000007d0200000091000300530000000000000000000000000000000000000040000800001f000000010075672f62696e6465722f7374617473001f002f7379732f6b65726e656c2f64656275672f62696e6465722f7374617473001f002f737973c105470455294664656275672f62696e6465722f7374617473000100290100cd0000000000000000000000ae49de4486dab6dc369a0900000016ac141b00"/172, @ANYRES32=0xee00, @ANYRES32=0xee01, @ANYRES32=0xee00], 0xa7)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RREADDIR(r1, &(0x7f0000000200)={0x103, 0x29, 0x2, {0x6f6, [{{0x40, 0x4, 0x6}, 0x8, 0x2, 0x7, './file0'}, {{0x2, 0x3, 0x4}, 0xb67b, 0x0, 0x7, './file0'}, {{0x1, 0x0, 0x3}, 0x8, 0x0, 0x7, './file0'}, {{0x40, 0x2, 0x2}, 0x8000, 0x9d, 0x7, './file0'}, {{0x40, 0x0, 0x2}, 0x1000, 0x22, 0x7, './file0'}, {{0x10, 0x2, 0x7}, 0x1, 0xc8, 0x7, './file0'}, {{0x1, 0x4, 0x8}, 0x0, 0x4f, 0x7, './file0'}, {{0x0, 0x2, 0x5}, 0x1, 0x6, 0x7, './file0'}]}}, 0x103)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@security={'security\x00', 0xe, 0x4, 0x3f8, 0xffffffff, 0x258, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000340), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x7, 0x0, [0x2, 0x8, 0x8001, 0xb2, 0x6, 0x1000, 0x9e, 0x1, 0x7, 0x5, 0x1, 0x40, 0x3f, 0x0, 0x7], 0x7}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x1, 0x3, 0x4}, {0x0, 0x2, 0x2}}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x24}, [0xff, 0xffffffff, 0xffffffff, 0x7c37b3791c458719], [0xffffffff, 0x0, 0x0, 0xffffffff], 'lo\x00', 'wg0\x00', {0xff}, {0xff}, 0x2, 0x45, 0x2}, 0x0, 0x108, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0xff, 0xc0, 0x9, 0x7, 0xd9, 0x9ae, 0x401}}, @common=@ah={{0x30}, {[0x4d6, 0x4d3], 0x8, 0x3, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x2, 0x1}, {0x1, 0x3}, {0x2, 0x0, 0x1}, 0xfff, 0x1000}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
write$P9_RATTACH(r2, &(0x7f0000000800)={0x14, 0x69, 0x1, {0x20, 0x0, 0x4}}, 0x14)
getpeername$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
write$P9_RSTATu(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="a70000007d0200000091000300530000000000000000000000000000000000000040000800001f000000010075672f62696e6465722f7374617473001f002f7379732f6b65726e656c2f64656275672f62696e6465722f7374617473001f002f737973c105470455294664656275672f62696e6465722f7374617473000100290100cd0000000000000000000000ae49de4486dab6dc369a0900000016ac141b00"/172, @ANYRES32=0xee00, @ANYRES32=0xee01, @ANYRES32=0xee00], 0xa7) (async)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7) (async)
write$P9_RREADDIR(r1, &(0x7f0000000200)={0x103, 0x29, 0x2, {0x6f6, [{{0x40, 0x4, 0x6}, 0x8, 0x2, 0x7, './file0'}, {{0x2, 0x3, 0x4}, 0xb67b, 0x0, 0x7, './file0'}, {{0x1, 0x0, 0x3}, 0x8, 0x0, 0x7, './file0'}, {{0x40, 0x2, 0x2}, 0x8000, 0x9d, 0x7, './file0'}, {{0x40, 0x0, 0x2}, 0x1000, 0x22, 0x7, './file0'}, {{0x10, 0x2, 0x7}, 0x1, 0xc8, 0x7, './file0'}, {{0x1, 0x4, 0x8}, 0x0, 0x4f, 0x7, './file0'}, {{0x0, 0x2, 0x5}, 0x1, 0x6, 0x7, './file0'}]}}, 0x103) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@security={'security\x00', 0xe, 0x4, 0x3f8, 0xffffffff, 0x258, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000340), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x7, 0x0, [0x2, 0x8, 0x8001, 0xb2, 0x6, 0x1000, 0x9e, 0x1, 0x7, 0x5, 0x1, 0x40, 0x3f, 0x0, 0x7], 0x7}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x1, 0x3, 0x4}, {0x0, 0x2, 0x2}}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x24}, [0xff, 0xffffffff, 0xffffffff, 0x7c37b3791c458719], [0xffffffff, 0x0, 0x0, 0xffffffff], 'lo\x00', 'wg0\x00', {0xff}, {0xff}, 0x2, 0x45, 0x2}, 0x0, 0x108, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0xff, 0xc0, 0x9, 0x7, 0xd9, 0x9ae, 0x401}}, @common=@ah={{0x30}, {[0x4d6, 0x4d3], 0x8, 0x3, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x2, 0x1}, {0x1, 0x3}, {0x2, 0x0, 0x1}, 0xfff, 0x1000}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458) (async)
write$P9_RATTACH(r2, &(0x7f0000000800)={0x14, 0x69, 0x1, {0x20, 0x0, 0x4}}, 0x14) (async)
getpeername$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c) (async)

12:02:12 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x110, 0xffffffffffffffff, 0x1) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x0)

12:02:12 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffffc, 0x48000)

[ 2250.671441][T13733]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2250.677305][T13733] ---[ end trace 9fb896c1b706f706 ]---
12:02:12 executing program 3:
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000000)=0xb, 0x4)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000180)=0x80000000)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:12 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r0, 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="a70000007d0200000091000300530000000000000000000000000000000000000040000800001f000000010075672f62696e6465722f7374617473001f002f7379732f6b65726e656c2f64656275672f62696e6465722f7374617473001f002f737973c105470455294664656275672f62696e6465722f7374617473000100290100cd0000000000000000000000ae49de4486dab6dc369a0900000016ac141b00"/172, @ANYRES32=0xee00, @ANYRES32=0xee01, @ANYRES32=0xee00], 0xa7)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7)
write$P9_RREADDIR(r1, &(0x7f0000000200)={0x103, 0x29, 0x2, {0x6f6, [{{0x40, 0x4, 0x6}, 0x8, 0x2, 0x7, './file0'}, {{0x2, 0x3, 0x4}, 0xb67b, 0x0, 0x7, './file0'}, {{0x1, 0x0, 0x3}, 0x8, 0x0, 0x7, './file0'}, {{0x40, 0x2, 0x2}, 0x8000, 0x9d, 0x7, './file0'}, {{0x40, 0x0, 0x2}, 0x1000, 0x22, 0x7, './file0'}, {{0x10, 0x2, 0x7}, 0x1, 0xc8, 0x7, './file0'}, {{0x1, 0x4, 0x8}, 0x0, 0x4f, 0x7, './file0'}, {{0x0, 0x2, 0x5}, 0x1, 0x6, 0x7, './file0'}]}}, 0x103)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@security={'security\x00', 0xe, 0x4, 0x3f8, 0xffffffff, 0x258, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000340), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x7, 0x0, [0x2, 0x8, 0x8001, 0xb2, 0x6, 0x1000, 0x9e, 0x1, 0x7, 0x5, 0x1, 0x40, 0x3f, 0x0, 0x7], 0x7}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x1, 0x3, 0x4}, {0x0, 0x2, 0x2}}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x24}, [0xff, 0xffffffff, 0xffffffff, 0x7c37b3791c458719], [0xffffffff, 0x0, 0x0, 0xffffffff], 'lo\x00', 'wg0\x00', {0xff}, {0xff}, 0x2, 0x45, 0x2}, 0x0, 0x108, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0xff, 0xc0, 0x9, 0x7, 0xd9, 0x9ae, 0x401}}, @common=@ah={{0x30}, {[0x4d6, 0x4d3], 0x8, 0x3, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x2, 0x1}, {0x1, 0x3}, {0x2, 0x0, 0x1}, 0xfff, 0x1000}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
write$P9_RATTACH(r2, &(0x7f0000000800)={0x14, 0x69, 0x1, {0x20, 0x0, 0x4}}, 0x14)
getpeername$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
write$P9_RSTATu(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="a70000007d0200000091000300530000000000000000000000000000000000000040000800001f000000010075672f62696e6465722f7374617473001f002f7379732f6b65726e656c2f64656275672f62696e6465722f7374617473001f002f737973c105470455294664656275672f62696e6465722f7374617473000100290100cd0000000000000000000000ae49de4486dab6dc369a0900000016ac141b00"/172, @ANYRES32=0xee00, @ANYRES32=0xee01, @ANYRES32=0xee00], 0xa7) (async)
write$P9_RFLUSH(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x6d, 0x2}, 0x7) (async)
write$P9_RREADDIR(r1, &(0x7f0000000200)={0x103, 0x29, 0x2, {0x6f6, [{{0x40, 0x4, 0x6}, 0x8, 0x2, 0x7, './file0'}, {{0x2, 0x3, 0x4}, 0xb67b, 0x0, 0x7, './file0'}, {{0x1, 0x0, 0x3}, 0x8, 0x0, 0x7, './file0'}, {{0x40, 0x2, 0x2}, 0x8000, 0x9d, 0x7, './file0'}, {{0x40, 0x0, 0x2}, 0x1000, 0x22, 0x7, './file0'}, {{0x10, 0x2, 0x7}, 0x1, 0xc8, 0x7, './file0'}, {{0x1, 0x4, 0x8}, 0x0, 0x4f, 0x7, './file0'}, {{0x0, 0x2, 0x5}, 0x1, 0x6, 0x7, './file0'}]}}, 0x103) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@security={'security\x00', 0xe, 0x4, 0x3f8, 0xffffffff, 0x258, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000340), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x7, 0x0, [0x2, 0x8, 0x8001, 0xb2, 0x6, 0x1000, 0x9e, 0x1, 0x7, 0x5, 0x1, 0x40, 0x3f, 0x0, 0x7], 0x7}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x1, 0x3, 0x4}, {0x0, 0x2, 0x2}}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x24}, [0xff, 0xffffffff, 0xffffffff, 0x7c37b3791c458719], [0xffffffff, 0x0, 0x0, 0xffffffff], 'lo\x00', 'wg0\x00', {0xff}, {0xff}, 0x2, 0x45, 0x2}, 0x0, 0x108, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0xff, 0xc0, 0x9, 0x7, 0xd9, 0x9ae, 0x401}}, @common=@ah={{0x30}, {[0x4d6, 0x4d3], 0x8, 0x3, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x2, 0x1}, {0x1, 0x3}, {0x2, 0x0, 0x1}, 0xfff, 0x1000}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458) (async)
write$P9_RATTACH(r2, &(0x7f0000000800)={0x14, 0x69, 0x1, {0x20, 0x0, 0x4}}, 0x14) (async)
getpeername$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c) (async)

12:02:12 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 32)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 32)
mmap$usbfs(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x110, 0xffffffffffffffff, 0x1) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x0)

[ 2250.744505][T13800] FAULT_INJECTION: forcing a failure.
[ 2250.744505][T13800] name failslab, interval 1, probability 0, space 0, times 0
[ 2250.761766][T13800] CPU: 1 PID: 13800 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2250.773403][T13800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2250.783439][T13800] Call Trace:
[ 2250.786724][T13800]  dump_stack+0x1d8/0x241
[ 2250.791026][T13800]  ? panic+0x73e/0x73e
[ 2250.795071][T13800]  ? idr_get_free+0x6a3/0x840
[ 2250.799721][T13800]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2250.805499][T13800]  ? mutex_unlock+0x19/0x40
[ 2250.809971][T13800]  ? kernfs_xattr_get+0x81/0x90
[ 2250.814787][T13800]  should_fail+0x709/0x870
[ 2250.819180][T13800]  ? setup_fault_attr+0x3d0/0x3d0
[ 2250.824172][T13800]  ? idr_alloc+0x2f0/0x2f0
[ 2250.828566][T13800]  ? __kernfs_new_node+0x99/0x6d0
[ 2250.833558][T13800]  should_failslab+0x5/0x20
[ 2250.838030][T13800]  __kmalloc_track_caller+0x4f/0x280
[ 2250.843292][T13800]  kstrdup_const+0x51/0x90
[ 2250.847682][T13800]  __kernfs_new_node+0x99/0x6d0
[ 2250.852502][T13800]  ? mutex_lock+0xa6/0x110
[ 2250.856892][T13800]  ? kernfs_new_node+0x160/0x160
[ 2250.861799][T13800]  kernfs_new_node+0x95/0x160
[ 2250.866458][T13800]  kernfs_create_link+0x9c/0x1f0
[ 2250.871375][T13800]  sysfs_do_create_link_sd+0x85/0x100
[ 2250.876723][T13800]  device_add_class_symlinks+0x211/0x2a0
[ 2250.882328][T13800]  device_add+0x4e4/0xbc0
[ 2250.886633][T13800]  device_create_vargs+0x1b8/0x210
[ 2250.891714][T13800]  device_create+0xea/0x130
[ 2250.896185][T13800]  ? device_create_vargs+0x210/0x210
[ 2250.901456][T13800]  bdi_register_va+0x89/0x5e0
[ 2250.906119][T13800]  bdi_register+0xd1/0x120
[ 2250.910515][T13800]  ? __device_add_disk+0x539/0x1200
[ 2250.915687][T13800]  ? bdi_register_va+0x5e0/0x5e0
[ 2250.920629][T13800]  ? percpu_ref_resurrect+0x113/0x190
[ 2250.925972][T13800]  bdi_register_owner+0x56/0xf0
[ 2250.930794][T13800]  __device_add_disk+0x5b8/0x1200
[ 2250.935810][T13800]  ? device_add_disk+0x30/0x30
[ 2250.940544][T13800]  ? vsprintf+0x30/0x30
[ 2250.944671][T13800]  ? device_initialize+0x1c7/0x3d0
[ 2250.949750][T13800]  ? __alloc_disk_node+0x326/0x380
[ 2250.954829][T13800]  loop_add+0x554/0x710
[ 2250.958957][T13800]  loop_control_ioctl+0x564/0x740
[ 2250.963948][T13800]  ? loop_remove+0xa0/0xa0
[ 2250.968334][T13800]  ? __lru_cache_add+0x1bf/0x210
[ 2250.973238][T13800]  ? memset+0x1f/0x40
[ 2250.977197][T13800]  ? fsnotify+0x1332/0x13f0
[ 2250.981679][T13800]  ? loop_remove+0xa0/0xa0
[ 2250.986069][T13800]  do_vfs_ioctl+0x744/0x1730
[ 2250.990628][T13800]  ? selinux_file_ioctl+0x723/0x970
[ 2250.995796][T13800]  ? ioctl_preallocate+0x250/0x250
[ 2251.000876][T13800]  ? __fget+0x40c/0x4a0
[ 2251.005002][T13800]  ? fget_many+0x20/0x20
[ 2251.009213][T13800]  ? check_preemption_disabled+0x154/0x330
[ 2251.014988][T13800]  ? debug_smp_processor_id+0x20/0x20
[ 2251.020328][T13800]  ? security_file_ioctl+0x9d/0xb0
[ 2251.025405][T13800]  __x64_sys_ioctl+0xd4/0x110
[ 2251.030051][T13800]  do_syscall_64+0xcb/0x1c0
[ 2251.034532][T13800]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2251.041174][T13800] ------------[ cut here ]------------
[ 2251.046655][T13800] WARNING: CPU: 1 PID: 13800 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2251.055731][T13800] Modules linked in:
[ 2251.059601][T13800] CPU: 1 PID: 13800 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2251.071189][T13800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2251.081221][T13800] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2251.086994][T13800] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2251.106569][T13800] RSP: 0018:ffff8881e1487a00 EFLAGS: 00010246
[ 2251.112607][T13800] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2251.120545][T13800] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2251.128487][T13800] RBP: ffff8881e1487b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2251.136449][T13800] R10: ffffffff84800000 R11: 1ffff1103c290e00 R12: ffff8881e6500000
[ 2251.144392][T13800] R13: dffffc0000000000 R14: ffff8881e6500070 R15: 1ffff1103cca009d
[ 2251.152361][T13800] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2251.161267][T13800] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2251.167818][T13800] CR2: 00007ffde2aae8d8 CR3: 00000001deede000 CR4: 00000000003406e0
[ 2251.175777][T13800] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2251.183728][T13800] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2251.191668][T13800] Call Trace:
[ 2251.194934][T13800]  ? device_add_disk+0x30/0x30
[ 2251.199664][T13800]  ? vsprintf+0x30/0x30
[ 2251.203787][T13800]  ? device_initialize+0x1c7/0x3d0
[ 2251.208869][T13800]  ? __alloc_disk_node+0x326/0x380
[ 2251.213951][T13800]  loop_add+0x554/0x710
[ 2251.218079][T13800]  loop_control_ioctl+0x564/0x740
[ 2251.223070][T13800]  ? loop_remove+0xa0/0xa0
[ 2251.227460][T13800]  ? __lru_cache_add+0x1bf/0x210
[ 2251.232367][T13800]  ? memset+0x1f/0x40
[ 2251.236324][T13800]  ? fsnotify+0x1332/0x13f0
[ 2251.240803][T13800]  ? loop_remove+0xa0/0xa0
[ 2251.245190][T13800]  do_vfs_ioctl+0x744/0x1730
[ 2251.249748][T13800]  ? selinux_file_ioctl+0x723/0x970
[ 2251.254937][T13800]  ? ioctl_preallocate+0x250/0x250
[ 2251.260019][T13800]  ? __fget+0x40c/0x4a0
[ 2251.264142][T13800]  ? fget_many+0x20/0x20
[ 2251.268352][T13800]  ? check_preemption_disabled+0x154/0x330
[ 2251.274125][T13800]  ? debug_smp_processor_id+0x20/0x20
[ 2251.279466][T13800]  ? security_file_ioctl+0x9d/0xb0
[ 2251.284543][T13800]  __x64_sys_ioctl+0xd4/0x110
[ 2251.289190][T13800]  do_syscall_64+0xcb/0x1c0
12:02:12 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 54)

12:02:12 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@loopback, @private1, [], [], 'ip6gre0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@ipv6={@dev, @private0, [], [], 'tunl0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ipvlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)
write$P9_RSTATu(r0, &(0x7f0000000240)={0x63, 0x7d, 0x1, {{0x0, 0x43, 0x57, 0xfffffffc, {0x40, 0x3, 0x3}, 0x8080000, 0x7, 0x80, 0x80000000, 0x1, '*', 0x2, ',{', 0x3, '@\')', 0xa, '/dev/vcsu\x00'}, 0xb, '/dev/loop#\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff}}, 0x63)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x4, 0x12, 0x12, 0x0, "4f35c0d0fe0e467c7acc99f5fa721cbd0491cf052ae03284f9f9700a54ccb0bf520dce778b6b77986ac5366fba4270c6f572228fe10656fb30ba3e3e25fb427c", "d91a2618a2face3eec9d5d533950dc6dd939484cebed58831a9866c799734728", [0x1, 0x1]})
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x200003, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000140))
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, &(0x7f0000000440)={0x6, "08a4b81da3a60479d0331120e706da191e908f4073ba0477781e9989aafe2e61a89ff564ee04191df2e0e1aeba8d30375a00b14e39805071692fa72d5d0b35c19a0b9ffbae85b04c97815f30b55c3ac6e6b55646117e3755be803ec4ee633e536414362dae8961b842d012099fb5069981c05d6c31448a85508575fc48b336225157319136abcaa049388987eeeb73228f2e4613aa7fa348e3df41a51f4c209c868f4d43d59d73a9a793b02d65a3f8772aeb86b86e2452d1f29cadeca4b0dac1c910d6e1487e2ff40875c022f6b618aad3261486af16a923f177afaf500d83933b94cbe71277b5e7f334f0f2d80f395a43a5ca922d32bdd988d64770c2484ae8"})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r6)

12:02:12 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/serio', 0x20540, 0x49)
write$P9_RREMOVE(r2, 0x0, 0x0)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)

[ 2251.293670][T13800]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2251.299529][T13800] ---[ end trace 9fb896c1b706f707 ]---
12:02:12 executing program 3:
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000000)=0xb, 0x4)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000180)=0x80000000) (async, rerun: 64)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:12 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
getpeername$netlink(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
read$watch_queue(r4, &(0x7f0000000240)=""/10, 0xa)

12:02:12 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/serio', 0x20540, 0x49)
write$P9_RREMOVE(r2, 0x0, 0x0) (async)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)

12:02:12 executing program 1:
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000040)={0x29, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x1f}]}, 0x10)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000080)={0x16, 0x18, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x3, 0x7a, "e4b398c3d956bc7dc981ae43f2e94ef95cbdf555b73924883b303d6faaa7a2de5d3cb1f5b6515b5a31f8b19c4ec90307da2b31682e5da4571c8af8b7de584cd4ea56b684e3deae96732ce05b636b8d0cf23320ac7d0659614a2dd23c4d3445601d90b9ff41d1072d20503287e20ad239b3b2a939d44cf16c8f55"}, @calipso={0x7, 0x40, {0x3, 0xe, 0xfa, 0x38ac, [0x100000001, 0x401, 0x6c, 0x20, 0x8, 0x360, 0x239]}}, @enc_lim={0x4, 0x1, 0x6}]}, 0xd0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:12 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@loopback, @private1, [], [], 'ip6gre0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@ipv6={@dev, @private0, [], [], 'tunl0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ipvlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) (async)
write$P9_RSTATu(r0, &(0x7f0000000240)={0x63, 0x7d, 0x1, {{0x0, 0x43, 0x57, 0xfffffffc, {0x40, 0x3, 0x3}, 0x8080000, 0x7, 0x80, 0x80000000, 0x1, '*', 0x2, ',{', 0x3, '@\')', 0xa, '/dev/vcsu\x00'}, 0xb, '/dev/loop#\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff}}, 0x63) (async)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x4, 0x12, 0x12, 0x0, "4f35c0d0fe0e467c7acc99f5fa721cbd0491cf052ae03284f9f9700a54ccb0bf520dce778b6b77986ac5366fba4270c6f572228fe10656fb30ba3e3e25fb427c", "d91a2618a2face3eec9d5d533950dc6dd939484cebed58831a9866c799734728", [0x1, 0x1]}) (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x200003, 0x0) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000140)) (async)
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, &(0x7f0000000440)={0x6, "08a4b81da3a60479d0331120e706da191e908f4073ba0477781e9989aafe2e61a89ff564ee04191df2e0e1aeba8d30375a00b14e39805071692fa72d5d0b35c19a0b9ffbae85b04c97815f30b55c3ac6e6b55646117e3755be803ec4ee633e536414362dae8961b842d012099fb5069981c05d6c31448a85508575fc48b336225157319136abcaa049388987eeeb73228f2e4613aa7fa348e3df41a51f4c209c868f4d43d59d73a9a793b02d65a3f8772aeb86b86e2452d1f29cadeca4b0dac1c910d6e1487e2ff40875c022f6b618aad3261486af16a923f177afaf500d83933b94cbe71277b5e7f334f0f2d80f395a43a5ca922d32bdd988d64770c2484ae8"}) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r6)

12:02:12 executing program 1:
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000040)={0x29, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x1f}]}, 0x10)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000080)={0x16, 0x18, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x3, 0x7a, "e4b398c3d956bc7dc981ae43f2e94ef95cbdf555b73924883b303d6faaa7a2de5d3cb1f5b6515b5a31f8b19c4ec90307da2b31682e5da4571c8af8b7de584cd4ea56b684e3deae96732ce05b636b8d0cf23320ac7d0659614a2dd23c4d3445601d90b9ff41d1072d20503287e20ad239b3b2a939d44cf16c8f55"}, @calipso={0x7, 0x40, {0x3, 0xe, 0xfa, 0x38ac, [0x100000001, 0x401, 0x6c, 0x20, 0x8, 0x360, 0x239]}}, @enc_lim={0x4, 0x1, 0x6}]}, 0xd0) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:12 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/serio', 0x20540, 0x49)
write$P9_RREMOVE(r2, 0x0, 0x0)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/serio', 0x20540, 0x49) (async)
write$P9_RREMOVE(r2, 0x0, 0x0) (async)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4) (async)

[ 2251.415870][T13825] x_tables: duplicate underflow at hook 3
[ 2251.428056][T13834] FAULT_INJECTION: forcing a failure.
[ 2251.428056][T13834] name failslab, interval 1, probability 0, space 0, times 0
[ 2251.443433][T13834] CPU: 1 PID: 13834 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2251.455070][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2251.465101][T13834] Call Trace:
[ 2251.468369][T13834]  dump_stack+0x1d8/0x241
[ 2251.472668][T13834]  ? panic+0x73e/0x73e
[ 2251.476702][T13834]  ? mutex_unlock+0x19/0x40
[ 2251.481172][T13834]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2251.486961][T13834]  ? selinux_kernfs_init_security+0x155/0x760
[ 2251.493021][T13834]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2251.493036][T13834]  should_fail+0x709/0x870
[ 2251.502448][T13834]  ? setup_fault_attr+0x3d0/0x3d0
[ 2251.502458][T13834]  ? _raw_spin_lock+0xa3/0x1b0
[ 2251.502473][T13834]  ? __kernfs_new_node+0xdb/0x6d0
[ 2251.517198][T13834]  should_failslab+0x5/0x20
[ 2251.517214][T13834]  kmem_cache_alloc+0x24/0x210
[ 2251.526428][T13834]  __kernfs_new_node+0xdb/0x6d0
[ 2251.531254][T13834]  ? mutex_lock+0xa6/0x110
[ 2251.535639][T13834]  ? kernfs_new_node+0x160/0x160
[ 2251.540546][T13834]  kernfs_new_node+0x95/0x160
[ 2251.545192][T13834]  __kernfs_create_file+0x45/0x260
[ 2251.550269][T13834]  sysfs_add_file_mode_ns+0x292/0x340
[ 2251.555609][T13834]  internal_create_group+0x55e/0xf50
[ 2251.560861][T13834]  ? mutex_unlock+0x19/0x40
[ 2251.565329][T13834]  ? sysfs_create_group+0x20/0x20
[ 2251.570322][T13834]  sysfs_create_groups+0x5d/0x130
[ 2251.575326][T13834]  device_add_attrs+0x87/0x370
[ 2251.580079][T13834]  device_add+0x505/0xbc0
[ 2251.584386][T13834]  device_create_vargs+0x1b8/0x210
[ 2251.589469][T13834]  device_create+0xea/0x130
[ 2251.593943][T13834]  ? device_create_vargs+0x210/0x210
[ 2251.599196][T13834]  bdi_register_va+0x89/0x5e0
[ 2251.603843][T13834]  bdi_register+0xd1/0x120
[ 2251.608228][T13834]  ? __device_add_disk+0x539/0x1200
[ 2251.613395][T13834]  ? bdi_register_va+0x5e0/0x5e0
[ 2251.618300][T13834]  ? percpu_ref_resurrect+0x113/0x190
[ 2251.623641][T13834]  bdi_register_owner+0x56/0xf0
[ 2251.628461][T13834]  __device_add_disk+0x5b8/0x1200
[ 2251.633455][T13834]  ? device_add_disk+0x30/0x30
[ 2251.638192][T13834]  ? vsprintf+0x30/0x30
[ 2251.642322][T13834]  ? device_initialize+0x1c7/0x3d0
[ 2251.647400][T13834]  ? __alloc_disk_node+0x326/0x380
[ 2251.652481][T13834]  loop_add+0x554/0x710
[ 2251.656606][T13834]  loop_control_ioctl+0x564/0x740
[ 2251.661598][T13834]  ? loop_remove+0xa0/0xa0
[ 2251.665984][T13834]  ? __lru_cache_add+0x1bf/0x210
[ 2251.670893][T13834]  ? memset+0x1f/0x40
[ 2251.674841][T13834]  ? fsnotify+0x1332/0x13f0
[ 2251.679315][T13834]  ? loop_remove+0xa0/0xa0
[ 2251.683700][T13834]  do_vfs_ioctl+0x744/0x1730
[ 2251.688258][T13834]  ? selinux_file_ioctl+0x723/0x970
[ 2251.693423][T13834]  ? ioctl_preallocate+0x250/0x250
[ 2251.698501][T13834]  ? __fget+0x40c/0x4a0
[ 2251.702624][T13834]  ? fget_many+0x20/0x20
[ 2251.706834][T13834]  ? check_preemption_disabled+0x154/0x330
[ 2251.712604][T13834]  ? debug_smp_processor_id+0x20/0x20
[ 2251.717945][T13834]  ? security_file_ioctl+0x9d/0xb0
[ 2251.723032][T13834]  __x64_sys_ioctl+0xd4/0x110
[ 2251.727681][T13834]  do_syscall_64+0xcb/0x1c0
[ 2251.732154][T13834]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2251.738587][T13834] ------------[ cut here ]------------
[ 2251.744052][T13834] WARNING: CPU: 1 PID: 13834 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2251.753121][T13834] Modules linked in:
[ 2251.756988][T13834] CPU: 1 PID: 13834 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2251.768572][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2251.778604][T13834] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2251.784377][T13834] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2251.803952][T13834] RSP: 0018:ffff8881e471fa00 EFLAGS: 00010246
[ 2251.809985][T13834] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2251.817926][T13834] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2251.825865][T13834] RBP: ffff8881e471fb40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2251.833805][T13834] R10: ffffffff84800000 R11: 1ffff1103c8e3e00 R12: ffff8881e1303000
[ 2251.841742][T13834] R13: dffffc0000000000 R14: ffff8881e1303070 R15: 1ffff1103c26069d
[ 2251.849686][T13834] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2251.858579][T13834] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2251.865129][T13834] CR2: 00007fce6c79c718 CR3: 00000001e7e19000 CR4: 00000000003406e0
[ 2251.873073][T13834] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2251.881015][T13834] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2251.888954][T13834] Call Trace:
[ 2251.892238][T13834]  ? device_add_disk+0x30/0x30
[ 2251.896969][T13834]  ? vsprintf+0x30/0x30
[ 2251.901101][T13834]  ? device_initialize+0x1c7/0x3d0
[ 2251.906181][T13834]  ? __alloc_disk_node+0x326/0x380
[ 2251.911259][T13834]  loop_add+0x554/0x710
[ 2251.915473][T13834]  loop_control_ioctl+0x564/0x740
[ 2251.920467][T13834]  ? loop_remove+0xa0/0xa0
[ 2251.924858][T13834]  ? __lru_cache_add+0x1bf/0x210
[ 2251.929763][T13834]  ? memset+0x1f/0x40
[ 2251.933712][T13834]  ? fsnotify+0x1332/0x13f0
[ 2251.938182][T13834]  ? loop_remove+0xa0/0xa0
[ 2251.942565][T13834]  do_vfs_ioctl+0x744/0x1730
[ 2251.947131][T13834]  ? selinux_file_ioctl+0x723/0x970
[ 2251.952302][T13834]  ? ioctl_preallocate+0x250/0x250
[ 2251.957386][T13834]  ? __fget+0x40c/0x4a0
[ 2251.961515][T13834]  ? fget_many+0x20/0x20
12:02:13 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 55)

12:02:13 executing program 3:
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000000)=0xb, 0x4) (async)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(0xffffffffffffffff, 0x4004af77, &(0x7f0000000180)=0x80000000) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2251.965729][T13834]  ? check_preemption_disabled+0x154/0x330
[ 2251.971504][T13834]  ? debug_smp_processor_id+0x20/0x20
[ 2251.976843][T13834]  ? security_file_ioctl+0x9d/0xb0
[ 2251.981924][T13834]  __x64_sys_ioctl+0xd4/0x110
[ 2251.986569][T13834]  do_syscall_64+0xcb/0x1c0
[ 2251.991044][T13834]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2251.996913][T13834] ---[ end trace 9fb896c1b706f708 ]---
12:02:13 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 64)
getpeername$netlink(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0xc) (async, rerun: 64)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
read$watch_queue(r4, &(0x7f0000000240)=""/10, 0xa)

12:02:13 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000)="067d4c16bfae7daad5cf09f6663af71fce3c07b7692a5da45e826e3f4cc5c0306afc541975bc17f69df552cf8a8ccad2726499f95d093c995f8ff143803ce8cb018e15c49ae9a899fd8255d6789f2261201cb726f1c0f2179a6fc28d79978b3acc6f1da21c757d", &(0x7f0000000080)=@tcp=r1, 0x2}, 0x20)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:13 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@loopback, @private1, [], [], 'ip6gre0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@ipv6={@dev, @private0, [], [], 'tunl0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ipvlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)
write$P9_RSTATu(r0, &(0x7f0000000240)={0x63, 0x7d, 0x1, {{0x0, 0x43, 0x57, 0xfffffffc, {0x40, 0x3, 0x3}, 0x8080000, 0x7, 0x80, 0x80000000, 0x1, '*', 0x2, ',{', 0x3, '@\')', 0xa, '/dev/vcsu\x00'}, 0xb, '/dev/loop#\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff}}, 0x63)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x4, 0x12, 0x12, 0x0, "4f35c0d0fe0e467c7acc99f5fa721cbd0491cf052ae03284f9f9700a54ccb0bf520dce778b6b77986ac5366fba4270c6f572228fe10656fb30ba3e3e25fb427c", "d91a2618a2face3eec9d5d533950dc6dd939484cebed58831a9866c799734728", [0x1, 0x1]})
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x200003, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000140))
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, &(0x7f0000000440)={0x6, "08a4b81da3a60479d0331120e706da191e908f4073ba0477781e9989aafe2e61a89ff564ee04191df2e0e1aeba8d30375a00b14e39805071692fa72d5d0b35c19a0b9ffbae85b04c97815f30b55c3ac6e6b55646117e3755be803ec4ee633e536414362dae8961b842d012099fb5069981c05d6c31448a85508575fc48b336225157319136abcaa049388987eeeb73228f2e4613aa7fa348e3df41a51f4c209c868f4d43d59d73a9a793b02d65a3f8772aeb86b86e2452d1f29cadeca4b0dac1c910d6e1487e2ff40875c022f6b618aad3261486af16a923f177afaf500d83933b94cbe71277b5e7f334f0f2d80f395a43a5ca922d32bdd988d64770c2484ae8"})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r6)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@loopback, @private1, [], [], 'ip6gre0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@ipv6={@dev, @private0, [], [], 'tunl0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ipvlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) (async)
write$P9_RSTATu(r0, &(0x7f0000000240)={0x63, 0x7d, 0x1, {{0x0, 0x43, 0x57, 0xfffffffc, {0x40, 0x3, 0x3}, 0x8080000, 0x7, 0x80, 0x80000000, 0x1, '*', 0x2, ',{', 0x3, '@\')', 0xa, '/dev/vcsu\x00'}, 0xb, '/dev/loop#\x00', 0x0, 0xffffffffffffffff, 0xffffffffffffffff}}, 0x63) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0x4, 0x12, 0x12, 0x0, "4f35c0d0fe0e467c7acc99f5fa721cbd0491cf052ae03284f9f9700a54ccb0bf520dce778b6b77986ac5366fba4270c6f572228fe10656fb30ba3e3e25fb427c", "d91a2618a2face3eec9d5d533950dc6dd939484cebed58831a9866c799734728", [0x1, 0x1]}) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x200003, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000140)) (async)
ioctl$LOOP_SET_CAPACITY(r2, 0x4c07) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r5, 0x0, 0x0) (async)
ioctl$USBDEVFS_GETDRIVER(r5, 0x41045508, &(0x7f0000000440)={0x6, "08a4b81da3a60479d0331120e706da191e908f4073ba0477781e9989aafe2e61a89ff564ee04191df2e0e1aeba8d30375a00b14e39805071692fa72d5d0b35c19a0b9ffbae85b04c97815f30b55c3ac6e6b55646117e3755be803ec4ee633e536414362dae8961b842d012099fb5069981c05d6c31448a85508575fc48b336225157319136abcaa049388987eeeb73228f2e4613aa7fa348e3df41a51f4c209c868f4d43d59d73a9a793b02d65a3f8772aeb86b86e2452d1f29cadeca4b0dac1c910d6e1487e2ff40875c022f6b618aad3261486af16a923f177afaf500d83933b94cbe71277b5e7f334f0f2d80f395a43a5ca922d32bdd988d64770c2484ae8"}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r6) (async)

12:02:13 executing program 1:
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000040)={0x29, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x1f}]}, 0x10) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000080)={0x16, 0x18, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x3, 0x7a, "e4b398c3d956bc7dc981ae43f2e94ef95cbdf555b73924883b303d6faaa7a2de5d3cb1f5b6515b5a31f8b19c4ec90307da2b31682e5da4571c8af8b7de584cd4ea56b684e3deae96732ce05b636b8d0cf23320ac7d0659614a2dd23c4d3445601d90b9ff41d1072d20503287e20ad239b3b2a939d44cf16c8f55"}, @calipso={0x7, 0x40, {0x3, 0xe, 0xfa, 0x38ac, [0x100000001, 0x401, 0x6c, 0x20, 0x8, 0x360, 0x239]}}, @enc_lim={0x4, 0x1, 0x6}]}, 0xd0) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:13 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:13 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000)="067d4c16bfae7daad5cf09f6663af71fce3c07b7692a5da45e826e3f4cc5c0306afc541975bc17f69df552cf8a8ccad2726499f95d093c995f8ff143803ce8cb018e15c49ae9a899fd8255d6789f2261201cb726f1c0f2179a6fc28d79978b3acc6f1da21c757d", &(0x7f0000000080)=@tcp=r1, 0x2}, 0x20) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:13 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/hid_magicmouse', 0xfd74c143c23d4d70, 0x22)
openat$cgroup(r2, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[ 2252.030237][T13848] x_tables: duplicate underflow at hook 3
[ 2252.056265][T13877] x_tables: duplicate underflow at hook 3
[ 2252.062454][T13867] FAULT_INJECTION: forcing a failure.
[ 2252.062454][T13867] name failslab, interval 1, probability 0, space 0, times 0
[ 2252.076527][T13867] CPU: 0 PID: 13867 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2252.088156][T13867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2252.098200][T13867] Call Trace:
[ 2252.101471][T13867]  dump_stack+0x1d8/0x241
[ 2252.105768][T13867]  ? panic+0x73e/0x73e
[ 2252.109805][T13867]  ? mutex_unlock+0x19/0x40
[ 2252.114275][T13867]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2252.120051][T13867]  ? selinux_kernfs_init_security+0x155/0x760
[ 2252.126101][T13867]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2252.131091][T13867]  should_fail+0x709/0x870
[ 2252.135475][T13867]  ? setup_fault_attr+0x3d0/0x3d0
[ 2252.140465][T13867]  ? _raw_spin_lock+0xa3/0x1b0
[ 2252.145199][T13867]  ? __kernfs_new_node+0xdb/0x6d0
[ 2252.150189][T13867]  should_failslab+0x5/0x20
[ 2252.154658][T13867]  kmem_cache_alloc+0x24/0x210
[ 2252.159390][T13867]  __kernfs_new_node+0xdb/0x6d0
[ 2252.164208][T13867]  ? mutex_lock+0xa6/0x110
[ 2252.168596][T13867]  ? kernfs_new_node+0x160/0x160
[ 2252.173501][T13867]  kernfs_new_node+0x95/0x160
[ 2252.178147][T13867]  __kernfs_create_file+0x45/0x260
[ 2252.183222][T13867]  sysfs_add_file_mode_ns+0x292/0x340
[ 2252.188580][T13867]  internal_create_group+0x55e/0xf50
[ 2252.193838][T13867]  ? mutex_unlock+0x19/0x40
[ 2252.198310][T13867]  ? sysfs_create_group+0x20/0x20
[ 2252.203305][T13867]  sysfs_create_groups+0x5d/0x130
[ 2252.208300][T13867]  device_add_attrs+0x87/0x370
[ 2252.213031][T13867]  device_add+0x505/0xbc0
[ 2252.217326][T13867]  device_create_vargs+0x1b8/0x210
[ 2252.222401][T13867]  device_create+0xea/0x130
[ 2252.226870][T13867]  ? device_create_vargs+0x210/0x210
[ 2252.232123][T13867]  bdi_register_va+0x89/0x5e0
[ 2252.236768][T13867]  bdi_register+0xd1/0x120
[ 2252.241152][T13867]  ? __device_add_disk+0x539/0x1200
[ 2252.246317][T13867]  ? bdi_register_va+0x5e0/0x5e0
[ 2252.251221][T13867]  ? percpu_ref_resurrect+0x113/0x190
[ 2252.256560][T13867]  bdi_register_owner+0x56/0xf0
[ 2252.261380][T13867]  __device_add_disk+0x5b8/0x1200
[ 2252.266370][T13867]  ? device_add_disk+0x30/0x30
[ 2252.271100][T13867]  ? vsprintf+0x30/0x30
[ 2252.275220][T13867]  ? device_initialize+0x1c7/0x3d0
[ 2252.280297][T13867]  ? __alloc_disk_node+0x326/0x380
[ 2252.285373][T13867]  loop_add+0x554/0x710
[ 2252.289495][T13867]  loop_control_ioctl+0x564/0x740
[ 2252.294486][T13867]  ? loop_remove+0xa0/0xa0
[ 2252.298869][T13867]  ? __lru_cache_add+0x1bf/0x210
[ 2252.303772][T13867]  ? memset+0x1f/0x40
[ 2252.307721][T13867]  ? fsnotify+0x1332/0x13f0
[ 2252.312192][T13867]  ? loop_remove+0xa0/0xa0
[ 2252.316573][T13867]  do_vfs_ioctl+0x744/0x1730
[ 2252.321134][T13867]  ? selinux_file_ioctl+0x723/0x970
[ 2252.326296][T13867]  ? ioctl_preallocate+0x250/0x250
12:02:13 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
getpeername$netlink(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
read$watch_queue(r4, &(0x7f0000000240)=""/10, 0xa)

12:02:13 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0xac)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0x6, 0x10000)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x1f)

[ 2252.331374][T13867]  ? __fget+0x40c/0x4a0
[ 2252.335498][T13867]  ? fget_many+0x20/0x20
[ 2252.339705][T13867]  ? check_preemption_disabled+0x154/0x330
[ 2252.345476][T13867]  ? debug_smp_processor_id+0x20/0x20
[ 2252.350815][T13867]  ? security_file_ioctl+0x9d/0xb0
[ 2252.355891][T13867]  __x64_sys_ioctl+0xd4/0x110
[ 2252.360543][T13867]  do_syscall_64+0xcb/0x1c0
[ 2252.365016][T13867]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2252.376825][T13867] ------------[ cut here ]------------
[ 2252.382326][T13867] WARNING: CPU: 0 PID: 13867 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2252.382335][T13867] Modules linked in:
[ 2252.395300][T13867] CPU: 0 PID: 13867 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2252.395305][T13867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2252.395326][T13867] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2252.422715][T13867] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2252.422720][T13867] RSP: 0018:ffff8881ec1d7a00 EFLAGS: 00010246
[ 2252.448343][T13867] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2252.456283][T13867] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2252.464221][T13867] RBP: ffff8881ec1d7b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2252.472161][T13867] R10: ffffffff84800000 R11: 1ffff1103d83ae00 R12: ffff8881ef507000
[ 2252.480100][T13867] R13: dffffc0000000000 R14: ffff8881ef507070 R15: 1ffff1103dea0e9d
[ 2252.488043][T13867] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2252.496942][T13867] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2252.503510][T13867] CR2: 00007ffde2aae8d8 CR3: 00000001f0e95000 CR4: 00000000003406f0
[ 2252.511451][T13867] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2252.519391][T13867] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2252.527349][T13867] Call Trace:
[ 2252.530623][T13867]  ? device_add_disk+0x30/0x30
[ 2252.535355][T13867]  ? vsprintf+0x30/0x30
[ 2252.539481][T13867]  ? device_initialize+0x1c7/0x3d0
[ 2252.544562][T13867]  ? __alloc_disk_node+0x326/0x380
[ 2252.549641][T13867]  loop_add+0x554/0x710
[ 2252.553767][T13867]  loop_control_ioctl+0x564/0x740
[ 2252.558762][T13867]  ? loop_remove+0xa0/0xa0
[ 2252.563150][T13867]  ? __lru_cache_add+0x1bf/0x210
[ 2252.568061][T13867]  ? memset+0x1f/0x40
[ 2252.572012][T13867]  ? fsnotify+0x1332/0x13f0
[ 2252.576480][T13867]  ? loop_remove+0xa0/0xa0
[ 2252.580862][T13867]  do_vfs_ioctl+0x744/0x1730
[ 2252.585420][T13867]  ? selinux_file_ioctl+0x723/0x970
[ 2252.590584][T13867]  ? ioctl_preallocate+0x250/0x250
[ 2252.595661][T13867]  ? __fget+0x40c/0x4a0
[ 2252.599784][T13867]  ? fget_many+0x20/0x20
[ 2252.603994][T13867]  ? check_preemption_disabled+0x154/0x330
[ 2252.609768][T13867]  ? debug_smp_processor_id+0x20/0x20
[ 2252.615107][T13867]  ? security_file_ioctl+0x9d/0xb0
[ 2252.620195][T13867]  __x64_sys_ioctl+0xd4/0x110
[ 2252.624840][T13867]  do_syscall_64+0xcb/0x1c0
12:02:13 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 56)

12:02:13 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/hid_magicmouse', 0xfd74c143c23d4d70, 0x22)
openat$cgroup(r2, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/hid_magicmouse', 0xfd74c143c23d4d70, 0x22) (async)
openat$cgroup(r2, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async)

12:02:13 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0xac) (async)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0x6, 0x10000)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x1f)

12:02:13 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000)="067d4c16bfae7daad5cf09f6663af71fce3c07b7692a5da45e826e3f4cc5c0306afc541975bc17f69df552cf8a8ccad2726499f95d093c995f8ff143803ce8cb018e15c49ae9a899fd8255d6789f2261201cb726f1c0f2179a6fc28d79978b3acc6f1da21c757d", &(0x7f0000000080)=@tcp=r1, 0x2}, 0x20) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

[ 2252.629314][T13867]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2252.635182][T13867] ---[ end trace 9fb896c1b706f709 ]---
12:02:14 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f00000001c0)='.pending_reads\x00', 0x10840, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e24, 0x1, @mcast1, 0x5}, 0x1c)
recvfrom$inet6(r2, &(0x7f0000000180)=""/45, 0x2d, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:14 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async, rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r1, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async, rerun: 64)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/hid_magicmouse', 0xfd74c143c23d4d70, 0x22) (rerun: 64)
openat$cgroup(r2, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[ 2252.685041][T13913] FAULT_INJECTION: forcing a failure.
[ 2252.685041][T13913] name failslab, interval 1, probability 0, space 0, times 0
[ 2252.699087][T13913] CPU: 0 PID: 13913 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2252.710703][T13913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2252.720739][T13913] Call Trace:
[ 2252.724012][T13913]  dump_stack+0x1d8/0x241
[ 2252.728319][T13913]  ? panic+0x73e/0x73e
[ 2252.732356][T13913]  ? mutex_unlock+0x19/0x40
[ 2252.736826][T13913]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2252.742608][T13913]  ? selinux_kernfs_init_security+0x155/0x760
[ 2252.748647][T13913]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2252.753639][T13913]  should_fail+0x709/0x870
[ 2252.758026][T13913]  ? setup_fault_attr+0x3d0/0x3d0
[ 2252.763017][T13913]  ? _raw_spin_lock+0xa3/0x1b0
[ 2252.767749][T13913]  ? __kernfs_new_node+0xdb/0x6d0
[ 2252.772742][T13913]  should_failslab+0x5/0x20
[ 2252.777220][T13913]  kmem_cache_alloc+0x24/0x210
[ 2252.781994][T13913]  __kernfs_new_node+0xdb/0x6d0
[ 2252.786816][T13913]  ? mutex_lock+0xa6/0x110
[ 2252.791202][T13913]  ? kernfs_new_node+0x160/0x160
[ 2252.796111][T13913]  kernfs_new_node+0x95/0x160
[ 2252.800758][T13913]  __kernfs_create_file+0x45/0x260
[ 2252.805837][T13913]  sysfs_add_file_mode_ns+0x292/0x340
[ 2252.811187][T13913]  internal_create_group+0x55e/0xf50
[ 2252.816449][T13913]  ? mutex_unlock+0x19/0x40
[ 2252.820927][T13913]  ? sysfs_create_group+0x20/0x20
[ 2252.825922][T13913]  sysfs_create_groups+0x5d/0x130
[ 2252.830917][T13913]  device_add_attrs+0x87/0x370
[ 2252.835650][T13913]  device_add+0x505/0xbc0
[ 2252.839950][T13913]  device_create_vargs+0x1b8/0x210
[ 2252.845032][T13913]  device_create+0xea/0x130
[ 2252.849503][T13913]  ? device_create_vargs+0x210/0x210
[ 2252.854761][T13913]  bdi_register_va+0x89/0x5e0
[ 2252.859407][T13913]  bdi_register+0xd1/0x120
[ 2252.863793][T13913]  ? __device_add_disk+0x539/0x1200
[ 2252.868971][T13913]  ? bdi_register_va+0x5e0/0x5e0
[ 2252.873884][T13913]  ? percpu_ref_resurrect+0x113/0x190
[ 2252.879226][T13913]  bdi_register_owner+0x56/0xf0
[ 2252.884050][T13913]  __device_add_disk+0x5b8/0x1200
[ 2252.889046][T13913]  ? device_add_disk+0x30/0x30
[ 2252.893778][T13913]  ? vsprintf+0x30/0x30
[ 2252.897915][T13913]  ? device_initialize+0x1c7/0x3d0
[ 2252.902997][T13913]  ? __alloc_disk_node+0x326/0x380
[ 2252.908076][T13913]  loop_add+0x554/0x710
[ 2252.912208][T13913]  loop_control_ioctl+0x564/0x740
[ 2252.917202][T13913]  ? loop_remove+0xa0/0xa0
[ 2252.921586][T13913]  ? __lru_cache_add+0x1bf/0x210
[ 2252.926490][T13913]  ? memset+0x1f/0x40
[ 2252.930438][T13913]  ? fsnotify+0x1332/0x13f0
[ 2252.934908][T13913]  ? loop_remove+0xa0/0xa0
[ 2252.939294][T13913]  do_vfs_ioctl+0x744/0x1730
[ 2252.943852][T13913]  ? selinux_file_ioctl+0x723/0x970
[ 2252.949018][T13913]  ? ioctl_preallocate+0x250/0x250
[ 2252.954099][T13913]  ? __fget+0x40c/0x4a0
[ 2252.958221][T13913]  ? fget_many+0x20/0x20
[ 2252.962432][T13913]  ? check_preemption_disabled+0x154/0x330
[ 2252.968207][T13913]  ? debug_smp_processor_id+0x20/0x20
[ 2252.973545][T13913]  ? security_file_ioctl+0x9d/0xb0
[ 2252.978631][T13913]  __x64_sys_ioctl+0xd4/0x110
[ 2252.983280][T13913]  do_syscall_64+0xcb/0x1c0
[ 2252.987753][T13913]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2252.993937][T13913] ------------[ cut here ]------------
[ 2252.999401][T13913] WARNING: CPU: 0 PID: 13913 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2253.008475][T13913] Modules linked in:
[ 2253.012349][T13913] CPU: 0 PID: 13913 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2253.023972][T13913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2253.034023][T13913] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2253.039798][T13913] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2253.059369][T13913] RSP: 0018:ffff8881e44d7a00 EFLAGS: 00010246
[ 2253.065401][T13913] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2253.073340][T13913] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2253.081281][T13913] RBP: ffff8881e44d7b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2253.089223][T13913] R10: ffffffff84800000 R11: 1ffff1103c89ae00 R12: ffff8881d0c21000
[ 2253.097161][T13913] R13: dffffc0000000000 R14: ffff8881d0c21070 R15: 1ffff1103a18429d
[ 2253.105225][T13913] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2253.114133][T13913] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2253.120687][T13913] CR2: 00005555573ec728 CR3: 00000001edc54000 CR4: 00000000003406f0
[ 2253.128633][T13913] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2253.136573][T13913] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2253.144551][T13913] Call Trace:
[ 2253.147824][T13913]  ? device_add_disk+0x30/0x30
[ 2253.152566][T13913]  ? vsprintf+0x30/0x30
[ 2253.156695][T13913]  ? device_initialize+0x1c7/0x3d0
[ 2253.161791][T13913]  ? __alloc_disk_node+0x326/0x380
[ 2253.166874][T13913]  loop_add+0x554/0x710
[ 2253.171002][T13913]  loop_control_ioctl+0x564/0x740
[ 2253.175995][T13913]  ? loop_remove+0xa0/0xa0
[ 2253.180379][T13913]  ? __lru_cache_add+0x1bf/0x210
[ 2253.185288][T13913]  ? memset+0x1f/0x40
[ 2253.189238][T13913]  ? fsnotify+0x1332/0x13f0
[ 2253.193721][T13913]  ? loop_remove+0xa0/0xa0
[ 2253.198103][T13913]  do_vfs_ioctl+0x744/0x1730
[ 2253.202674][T13913]  ? selinux_file_ioctl+0x723/0x970
[ 2253.207849][T13913]  ? ioctl_preallocate+0x250/0x250
[ 2253.212961][T13913]  ? __fget+0x40c/0x4a0
[ 2253.217090][T13913]  ? fget_many+0x20/0x20
[ 2253.221304][T13913]  ? check_preemption_disabled+0x154/0x330
[ 2253.227083][T13913]  ? debug_smp_processor_id+0x20/0x20
[ 2253.232426][T13913]  ? security_file_ioctl+0x9d/0xb0
12:02:14 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 57)

[ 2253.237512][T13913]  __x64_sys_ioctl+0xd4/0x110
[ 2253.242159][T13913]  do_syscall_64+0xcb/0x1c0
[ 2253.246634][T13913]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2253.252493][T13913] ---[ end trace 9fb896c1b706f70a ]---
12:02:14 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:14 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
r3 = openat$incfs(r2, &(0x7f00000001c0)='.pending_reads\x00', 0x10840, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e24, 0x1, @mcast1, 0x5}, 0x1c) (async)
recvfrom$inet6(r2, &(0x7f0000000180)=""/45, 0x2d, 0x1, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x30000, 0x1a502)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000100)={0x0, {}, 0x0, {}, 0x100, 0x12, 0x20, 0x11, "c6d258debaacc9aa744582d63354d0afd8e84faba2be059d20e55efe58ae426d3ca4082d922b82177d0d040e093f9026199df99ccdcace6151f78200490243a2", "f799257ab7c5b370fa0ccb57e3da797e80462f0573fe0881cb6a7b829ce02af4", [0x1, 0x6]})
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, &(0x7f0000000040)={0x7, 0x7b, 0x1}, 0x7)

12:02:14 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) (async, rerun: 64)
connect$inet6(r0, 0x0, 0x0) (rerun: 64)
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0xac) (async)
r1 = syz_open_dev$loop(&(0x7f0000000040), 0x6, 0x10000)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x1f)

12:02:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x30000, 0x1a502)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000100)={0x0, {}, 0x0, {}, 0x100, 0x12, 0x20, 0x11, "c6d258debaacc9aa744582d63354d0afd8e84faba2be059d20e55efe58ae426d3ca4082d922b82177d0d040e093f9026199df99ccdcace6151f78200490243a2", "f799257ab7c5b370fa0ccb57e3da797e80462f0573fe0881cb6a7b829ce02af4", [0x1, 0x6]})
connect$inet6(r0, 0x0, 0x0)
write$P9_RREMOVE(r0, &(0x7f0000000040)={0x7, 0x7b, 0x1}, 0x7)

12:02:14 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000000)={@void, @val={0x2, 0x80, 0x3f, 0x505, 0xfff, 0x2}, @ipv6=@tipc_packet={0x4, 0x6, "116d4c", 0xd0, 0x6, 0xff, @remote, @dev={0xfe, 0x80, '\x00', 0x2f}, {[@srh={0x3c, 0x4, 0x4, 0x2, 0x3f, 0x30, 0x1, [@local, @dev={0xfe, 0x80, '\x00', 0x29}]}, @dstopts={0x89, 0x6, '\x00', [@hao={0xc9, 0x10, @local}, @jumbo={0xc2, 0x4, 0x8}, @hao={0xc9, 0x10, @loopback}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x2}, @ra={0x5, 0x2, 0x9}]}, @fragment={0x87, 0x0, 0x7, 0x1, 0x0, 0x1a, 0x65}], @name_distributor={{0x60, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x20, 0x0, 0x0, 0x1, 0x2, 0x0, 0x4e20, 0x4e23, 0x0, 0x1, 0x0, 0x0, 0x1}, [{0x777b000, 0x8, 0x5, 0x3, 0x40, 0x0, 0xe}, {0x4a64, 0x3, 0x7, 0x10001, 0x817, 0x7ff, 0x5, 0x1}]}}}}, 0x102)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x0)

[ 2253.327128][T13937] FAULT_INJECTION: forcing a failure.
[ 2253.327128][T13937] name failslab, interval 1, probability 0, space 0, times 0
[ 2253.340909][T13937] CPU: 1 PID: 13937 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2253.352538][T13937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2253.362569][T13937] Call Trace:
[ 2253.365836][T13937]  dump_stack+0x1d8/0x241
[ 2253.370135][T13937]  ? panic+0x73e/0x73e
[ 2253.374175][T13937]  ? mutex_unlock+0x19/0x40
[ 2253.378655][T13937]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2253.384432][T13937]  ? selinux_kernfs_init_security+0x155/0x760
[ 2253.390467][T13937]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2253.395458][T13937]  should_fail+0x709/0x870
[ 2253.399841][T13937]  ? setup_fault_attr+0x3d0/0x3d0
[ 2253.404831][T13937]  ? _raw_spin_lock+0xa3/0x1b0
[ 2253.409562][T13937]  ? __kernfs_new_node+0xdb/0x6d0
[ 2253.414552][T13937]  should_failslab+0x5/0x20
[ 2253.419022][T13937]  kmem_cache_alloc+0x24/0x210
[ 2253.423759][T13937]  __kernfs_new_node+0xdb/0x6d0
[ 2253.428575][T13937]  ? mutex_lock+0xa6/0x110
[ 2253.432959][T13937]  ? kernfs_new_node+0x160/0x160
[ 2253.437866][T13937]  kernfs_new_node+0x95/0x160
[ 2253.442510][T13937]  __kernfs_create_file+0x45/0x260
[ 2253.447591][T13937]  sysfs_add_file_mode_ns+0x292/0x340
[ 2253.452933][T13937]  internal_create_group+0x55e/0xf50
[ 2253.458187][T13937]  ? mutex_unlock+0x19/0x40
[ 2253.462654][T13937]  ? sysfs_create_group+0x20/0x20
[ 2253.467651][T13937]  sysfs_create_groups+0x5d/0x130
[ 2253.472645][T13937]  device_add_attrs+0x87/0x370
[ 2253.477383][T13937]  device_add+0x505/0xbc0
[ 2253.481681][T13937]  device_create_vargs+0x1b8/0x210
[ 2253.486758][T13937]  device_create+0xea/0x130
[ 2253.491230][T13937]  ? device_create_vargs+0x210/0x210
[ 2253.496484][T13937]  bdi_register_va+0x89/0x5e0
[ 2253.501127][T13937]  bdi_register+0xd1/0x120
[ 2253.505510][T13937]  ? __device_add_disk+0x539/0x1200
[ 2253.510671][T13937]  ? bdi_register_va+0x5e0/0x5e0
[ 2253.515574][T13937]  ? percpu_ref_resurrect+0x113/0x190
[ 2253.520910][T13937]  bdi_register_owner+0x56/0xf0
[ 2253.525729][T13937]  __device_add_disk+0x5b8/0x1200
[ 2253.530720][T13937]  ? device_add_disk+0x30/0x30
[ 2253.535452][T13937]  ? vsprintf+0x30/0x30
[ 2253.539574][T13937]  ? device_initialize+0x1c7/0x3d0
[ 2253.544651][T13937]  ? __alloc_disk_node+0x326/0x380
[ 2253.549726][T13937]  loop_add+0x554/0x710
[ 2253.553853][T13937]  loop_control_ioctl+0x564/0x740
[ 2253.558847][T13937]  ? loop_remove+0xa0/0xa0
[ 2253.563231][T13937]  ? __lru_cache_add+0x1bf/0x210
[ 2253.568137][T13937]  ? memset+0x1f/0x40
[ 2253.572085][T13937]  ? fsnotify+0x1332/0x13f0
[ 2253.576553][T13937]  ? loop_remove+0xa0/0xa0
[ 2253.580938][T13937]  do_vfs_ioctl+0x744/0x1730
[ 2253.585498][T13937]  ? selinux_file_ioctl+0x723/0x970
[ 2253.590661][T13937]  ? ioctl_preallocate+0x250/0x250
[ 2253.595746][T13937]  ? __fget+0x40c/0x4a0
[ 2253.599870][T13937]  ? fget_many+0x20/0x20
[ 2253.604078][T13937]  ? check_preemption_disabled+0x154/0x330
[ 2253.609850][T13937]  ? debug_smp_processor_id+0x20/0x20
[ 2253.615195][T13937]  ? security_file_ioctl+0x9d/0xb0
[ 2253.620273][T13937]  __x64_sys_ioctl+0xd4/0x110
[ 2253.624924][T13937]  do_syscall_64+0xcb/0x1c0
[ 2253.629397][T13937]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2253.636775][T13937] ------------[ cut here ]------------
[ 2253.642248][T13937] WARNING: CPU: 0 PID: 13937 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2253.651321][T13937] Modules linked in:
[ 2253.655190][T13937] CPU: 0 PID: 13937 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2253.666775][T13937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2253.676809][T13937] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2253.682582][T13937] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2253.702153][T13937] RSP: 0018:ffff8881e903fa00 EFLAGS: 00010246
[ 2253.708186][T13937] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2253.716127][T13937] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2253.724081][T13937] RBP: ffff8881e903fb40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2253.732025][T13937] R10: ffffffff84800000 R11: 1ffff1103d207e00 R12: ffff8881e2157000
[ 2253.739967][T13937] R13: dffffc0000000000 R14: ffff8881e2157070 R15: 1ffff1103c42ae9d
[ 2253.747909][T13937] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2253.756804][T13937] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2253.763354][T13937] CR2: 00007ffd5b88fbf8 CR3: 00000001e40a3000 CR4: 00000000003406f0
[ 2253.771295][T13937] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2253.779234][T13937] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2253.787174][T13937] Call Trace:
[ 2253.790441][T13937]  ? device_add_disk+0x30/0x30
[ 2253.795171][T13937]  ? vsprintf+0x30/0x30
[ 2253.799296][T13937]  ? device_initialize+0x1c7/0x3d0
[ 2253.804375][T13937]  ? __alloc_disk_node+0x326/0x380
[ 2253.809462][T13937]  loop_add+0x554/0x710
[ 2253.813592][T13937]  loop_control_ioctl+0x564/0x740
[ 2253.818585][T13937]  ? loop_remove+0xa0/0xa0
[ 2253.822969][T13937]  ? __lru_cache_add+0x1bf/0x210
[ 2253.827872][T13937]  ? memset+0x1f/0x40
[ 2253.831831][T13937]  ? fsnotify+0x1332/0x13f0
[ 2253.836317][T13937]  ? loop_remove+0xa0/0xa0
[ 2253.840701][T13937]  do_vfs_ioctl+0x744/0x1730
[ 2253.845261][T13937]  ? selinux_file_ioctl+0x723/0x970
[ 2253.850432][T13937]  ? ioctl_preallocate+0x250/0x250
[ 2253.855515][T13937]  ? __fget+0x40c/0x4a0
[ 2253.859640][T13937]  ? fget_many+0x20/0x20
[ 2253.863853][T13937]  ? check_preemption_disabled+0x154/0x330
[ 2253.869627][T13937]  ? debug_smp_processor_id+0x20/0x20
12:02:15 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 58)

12:02:15 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00')
connect$inet6(r0, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000240)='.log\x00', 0x400000, 0x2)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(r2, 0x8002af76, &(0x7f0000000280))
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0)
futimesat(r3, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)={{0x77359400}})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x1f, @private1={0xfc, 0x1, '\x00', 0x1}, 0x81}, 0x1c)
syz_open_dev$loop(&(0x7f0000000000), 0x1007f, 0x147442)

[ 2253.874965][T13937]  ? security_file_ioctl+0x9d/0xb0
[ 2253.880043][T13937]  __x64_sys_ioctl+0xd4/0x110
[ 2253.884689][T13937]  do_syscall_64+0xcb/0x1c0
[ 2253.889161][T13937]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2253.895017][T13937] ---[ end trace 9fb896c1b706f70b ]---
12:02:15 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f00000001c0)='.pending_reads\x00', 0x10840, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e24, 0x1, @mcast1, 0x5}, 0x1c)
recvfrom$inet6(r2, &(0x7f0000000180)=""/45, 0x2d, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$incfs(r2, &(0x7f00000001c0)='.pending_reads\x00', 0x10840, 0x0) (async)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e24, 0x1, @mcast1, 0x5}, 0x1c) (async)
recvfrom$inet6(r2, &(0x7f0000000180)=""/45, 0x2d, 0x1, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:15 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)

12:02:15 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
write$tun(r0, &(0x7f0000000000)={@void, @val={0x2, 0x80, 0x3f, 0x505, 0xfff, 0x2}, @ipv6=@tipc_packet={0x4, 0x6, "116d4c", 0xd0, 0x6, 0xff, @remote, @dev={0xfe, 0x80, '\x00', 0x2f}, {[@srh={0x3c, 0x4, 0x4, 0x2, 0x3f, 0x30, 0x1, [@local, @dev={0xfe, 0x80, '\x00', 0x29}]}, @dstopts={0x89, 0x6, '\x00', [@hao={0xc9, 0x10, @local}, @jumbo={0xc2, 0x4, 0x8}, @hao={0xc9, 0x10, @loopback}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x2}, @ra={0x5, 0x2, 0x9}]}, @fragment={0x87, 0x0, 0x7, 0x1, 0x0, 0x1a, 0x65}], @name_distributor={{0x60, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x20, 0x0, 0x0, 0x1, 0x2, 0x0, 0x4e20, 0x4e23, 0x0, 0x1, 0x0, 0x0, 0x1}, [{0x777b000, 0x8, 0x5, 0x3, 0x40, 0x0, 0xe}, {0x4a64, 0x3, 0x7, 0x10001, 0x817, 0x7ff, 0x5, 0x1}]}}}}, 0x102) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) (async)
write$P9_RREMOVE(r1, 0x0, 0x0)

12:02:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async, rerun: 64)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x30000, 0x1a502) (rerun: 64)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000100)={0x0, {}, 0x0, {}, 0x100, 0x12, 0x20, 0x11, "c6d258debaacc9aa744582d63354d0afd8e84faba2be059d20e55efe58ae426d3ca4082d922b82177d0d040e093f9026199df99ccdcace6151f78200490243a2", "f799257ab7c5b370fa0ccb57e3da797e80462f0573fe0881cb6a7b829ce02af4", [0x1, 0x6]}) (async)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 64)
write$P9_RREMOVE(r0, &(0x7f0000000040)={0x7, 0x7b, 0x1}, 0x7) (rerun: 64)

[ 2253.947184][T13956] FAULT_INJECTION: forcing a failure.
[ 2253.947184][T13956] name failslab, interval 1, probability 0, space 0, times 0
[ 2253.966221][T13956] CPU: 0 PID: 13956 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2253.977856][T13956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2253.987889][T13956] Call Trace:
[ 2253.991167][T13956]  dump_stack+0x1d8/0x241
[ 2253.995468][T13956]  ? panic+0x73e/0x73e
[ 2253.999521][T13956]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2254.005300][T13956]  ? idr_alloc+0x2f0/0x2f0
[ 2254.009690][T13956]  should_fail+0x709/0x870
[ 2254.014078][T13956]  ? setup_fault_attr+0x3d0/0x3d0
[ 2254.019077][T13956]  ? security_kernfs_init_security+0x9a/0xb0
[ 2254.025027][T13956]  ? __kernfs_new_node+0x465/0x6d0
[ 2254.030106][T13956]  ? __kernfs_new_node+0xdb/0x6d0
[ 2254.035096][T13956]  should_failslab+0x5/0x20
[ 2254.039566][T13956]  kmem_cache_alloc+0x24/0x210
[ 2254.044307][T13956]  __kernfs_new_node+0xdb/0x6d0
[ 2254.049134][T13956]  ? kernfs_new_node+0x160/0x160
[ 2254.054041][T13956]  ? kernfs_activate+0x3fc/0x420
[ 2254.058948][T13956]  ? mutex_unlock+0x19/0x40
[ 2254.063422][T13956]  ? kernfs_add_one+0x4a3/0x5c0
[ 2254.068241][T13956]  kernfs_new_node+0x95/0x160
[ 2254.072898][T13956]  __kernfs_create_file+0x45/0x260
[ 2254.077981][T13956]  sysfs_add_file_mode_ns+0x292/0x340
[ 2254.083323][T13956]  sysfs_create_file_ns+0x191/0x2a0
[ 2254.088493][T13956]  ? sysfs_create_group+0x20/0x20
[ 2254.093493][T13956]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 2254.099014][T13956]  ? device_create_file+0xe8/0x1b0
[ 2254.104095][T13956]  device_add_attrs+0x2be/0x370
[ 2254.108915][T13956]  device_add+0x505/0xbc0
[ 2254.113214][T13956]  device_create_vargs+0x1b8/0x210
[ 2254.118296][T13956]  device_create+0xea/0x130
[ 2254.122767][T13956]  ? device_create_vargs+0x210/0x210
[ 2254.128022][T13956]  bdi_register_va+0x89/0x5e0
[ 2254.132669][T13956]  bdi_register+0xd1/0x120
[ 2254.137054][T13956]  ? __device_add_disk+0x539/0x1200
[ 2254.142219][T13956]  ? bdi_register_va+0x5e0/0x5e0
[ 2254.147124][T13956]  ? percpu_ref_resurrect+0x113/0x190
[ 2254.152465][T13956]  bdi_register_owner+0x56/0xf0
[ 2254.157285][T13956]  __device_add_disk+0x5b8/0x1200
[ 2254.162280][T13956]  ? device_add_disk+0x30/0x30
[ 2254.167017][T13956]  ? vsprintf+0x30/0x30
[ 2254.171144][T13956]  ? device_initialize+0x1c7/0x3d0
[ 2254.176224][T13956]  ? __alloc_disk_node+0x326/0x380
[ 2254.181332][T13956]  loop_add+0x554/0x710
[ 2254.185461][T13956]  loop_control_ioctl+0x564/0x740
[ 2254.190460][T13956]  ? loop_remove+0xa0/0xa0
[ 2254.194845][T13956]  ? __lru_cache_add+0x1bf/0x210
[ 2254.199750][T13956]  ? memset+0x1f/0x40
[ 2254.203699][T13956]  ? fsnotify+0x1332/0x13f0
[ 2254.208172][T13956]  ? loop_remove+0xa0/0xa0
[ 2254.212556][T13956]  do_vfs_ioctl+0x744/0x1730
[ 2254.217114][T13956]  ? selinux_file_ioctl+0x723/0x970
[ 2254.222280][T13956]  ? ioctl_preallocate+0x250/0x250
[ 2254.227361][T13956]  ? __fget+0x40c/0x4a0
[ 2254.231484][T13956]  ? fget_many+0x20/0x20
[ 2254.235704][T13956]  ? check_preemption_disabled+0x154/0x330
[ 2254.241486][T13956]  ? debug_smp_processor_id+0x20/0x20
12:02:15 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1e, 0x6, 0x1cb, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, r1, 0x1, 0x4, 0x2}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
r4 = openat$incfs(r1, &(0x7f0000000280)='.log\x00', 0x200c40, 0x8)
write$P9_RSTATFS(r4, &(0x7f00000002c0)={0x43, 0x9, 0x1, {0x4, 0x7, 0x9, 0x100000001, 0x40, 0x5, 0x87, 0xffffffffffffffff, 0x13}}, 0x43)
write$P9_RRENAME(r3, &(0x7f0000000040)={0x7, 0x15, 0x2}, 0x7)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f00000001c0)={0x50c6, {{0xa, 0x4e21, 0x12f, @private0, 0x61d}}}, 0x88)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2254.246836][T13956]  ? security_file_ioctl+0x9d/0xb0
[ 2254.251931][T13956]  __x64_sys_ioctl+0xd4/0x110
[ 2254.256580][T13956]  do_syscall_64+0xcb/0x1c0
[ 2254.261062][T13956]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2254.267783][T13956] ------------[ cut here ]------------
[ 2254.273272][T13956] WARNING: CPU: 0 PID: 13956 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2254.282354][T13956] Modules linked in:
[ 2254.286249][T13956] CPU: 0 PID: 13956 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2254.297857][T13956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2254.307901][T13956] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2254.313674][T13956] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2254.333246][T13956] RSP: 0018:ffff8881e420fa00 EFLAGS: 00010246
[ 2254.339279][T13956] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2254.347217][T13956] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2254.355166][T13956] RBP: ffff8881e420fb40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2254.363108][T13956] R10: ffffffff84800000 R11: 1ffff1103c841e00 R12: ffff8881ef76f000
[ 2254.371048][T13956] R13: dffffc0000000000 R14: ffff8881ef76f070 R15: 1ffff1103deede9d
[ 2254.378989][T13956] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2254.387886][T13956] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2254.394442][T13956] CR2: 00007fdebbe0c718 CR3: 00000001ecb02000 CR4: 00000000003406f0
[ 2254.402391][T13956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2254.410335][T13956] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2254.418277][T13956] Call Trace:
[ 2254.421543][T13956]  ? device_add_disk+0x30/0x30
[ 2254.426276][T13956]  ? vsprintf+0x30/0x30
[ 2254.430402][T13956]  ? device_initialize+0x1c7/0x3d0
[ 2254.435483][T13956]  ? __alloc_disk_node+0x326/0x380
[ 2254.440561][T13956]  loop_add+0x554/0x710
[ 2254.444688][T13956]  loop_control_ioctl+0x564/0x740
[ 2254.449679][T13956]  ? loop_remove+0xa0/0xa0
[ 2254.454065][T13956]  ? __lru_cache_add+0x1bf/0x210
[ 2254.458969][T13956]  ? memset+0x1f/0x40
[ 2254.462922][T13956]  ? fsnotify+0x1332/0x13f0
[ 2254.467391][T13956]  ? loop_remove+0xa0/0xa0
[ 2254.471777][T13956]  do_vfs_ioctl+0x744/0x1730
[ 2254.476359][T13956]  ? selinux_file_ioctl+0x723/0x970
[ 2254.481523][T13956]  ? ioctl_preallocate+0x250/0x250
[ 2254.486603][T13956]  ? __fget+0x40c/0x4a0
[ 2254.490727][T13956]  ? fget_many+0x20/0x20
12:02:15 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 59)

12:02:15 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async, rerun: 32)
write$tun(r0, &(0x7f0000000000)={@void, @val={0x2, 0x80, 0x3f, 0x505, 0xfff, 0x2}, @ipv6=@tipc_packet={0x4, 0x6, "116d4c", 0xd0, 0x6, 0xff, @remote, @dev={0xfe, 0x80, '\x00', 0x2f}, {[@srh={0x3c, 0x4, 0x4, 0x2, 0x3f, 0x30, 0x1, [@local, @dev={0xfe, 0x80, '\x00', 0x29}]}, @dstopts={0x89, 0x6, '\x00', [@hao={0xc9, 0x10, @local}, @jumbo={0xc2, 0x4, 0x8}, @hao={0xc9, 0x10, @loopback}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x2}, @ra={0x5, 0x2, 0x9}]}, @fragment={0x87, 0x0, 0x7, 0x1, 0x0, 0x1a, 0x65}], @name_distributor={{0x60, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x20, 0x0, 0x0, 0x1, 0x2, 0x0, 0x4e20, 0x4e23, 0x0, 0x1, 0x0, 0x0, 0x1}, [{0x777b000, 0x8, 0x5, 0x3, 0x40, 0x0, 0xe}, {0x4a64, 0x3, 0x7, 0x10001, 0x817, 0x7ff, 0x5, 0x1}]}}}}, 0x102) (rerun: 32)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) (async)
write$P9_RREMOVE(r1, 0x0, 0x0)

12:02:15 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00')
connect$inet6(r0, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000240)='.log\x00', 0x400000, 0x2)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(r2, 0x8002af76, &(0x7f0000000280))
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0)
futimesat(r3, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)={{0x77359400}})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x1f, @private1={0xfc, 0x1, '\x00', 0x1}, 0x81}, 0x1c)
syz_open_dev$loop(&(0x7f0000000000), 0x1007f, 0x147442)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
symlinkat(&(0x7f0000000000)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00') (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0) (async)
openat$incfs(0xffffffffffffffff, &(0x7f0000000240)='.log\x00', 0x400000, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$VHOST_VDPA_GET_VRING_NUM(r2, 0x8002af76, &(0x7f0000000280)) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0) (async)
futimesat(r3, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)={{0x77359400}}) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x1f, @private1={0xfc, 0x1, '\x00', 0x1}, 0x81}, 0x1c) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x1007f, 0x147442) (async)

12:02:15 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1e, 0x6, 0x1cb, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, r1, 0x1, 0x4, 0x2}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = openat$incfs(r1, &(0x7f0000000280)='.log\x00', 0x200c40, 0x8)
write$P9_RSTATFS(r4, &(0x7f00000002c0)={0x43, 0x9, 0x1, {0x4, 0x7, 0x9, 0x100000001, 0x40, 0x5, 0x87, 0xffffffffffffffff, 0x13}}, 0x43) (async)
write$P9_RRENAME(r3, &(0x7f0000000040)={0x7, 0x15, 0x2}, 0x7) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f00000001c0)={0x50c6, {{0xa, 0x4e21, 0x12f, @private0, 0x61d}}}, 0x88) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2254.494949][T13956]  ? check_preemption_disabled+0x154/0x330
[ 2254.500729][T13956]  ? debug_smp_processor_id+0x20/0x20
[ 2254.506068][T13956]  ? security_file_ioctl+0x9d/0xb0
[ 2254.511152][T13956]  __x64_sys_ioctl+0xd4/0x110
[ 2254.515810][T13956]  do_syscall_64+0xcb/0x1c0
[ 2254.520283][T13956]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2254.526144][T13956] ---[ end trace 9fb896c1b706f70c ]---
12:02:15 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0)

12:02:15 executing program 1:
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000080)=0x1c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@nat={'nat\x00', 0x1b, 0x5, 0x620, 0x160, 0x0, 0xffffffff, 0x0, 0x160, 0x550, 0x550, 0xffffffff, 0x550, 0x550, 0x5, &(0x7f00000000c0), {[{{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@hbh={{0x48}, {0x1, 0x6, 0x0, [0xf1c3, 0xfff, 0x3, 0xf9, 0x2, 0x100, 0x5, 0x0, 0x3, 0x3ff, 0x6, 0x4, 0x1, 0x9, 0x4, 0x20], 0x2}}, @common=@dst={{0x48}, {0x9, 0x1, 0x1, [0x3ff, 0x6, 0x2, 0x6, 0xa3db, 0x0, 0x1965, 0xffff, 0x200, 0x7, 0xfff9, 0x802, 0x9, 0x6, 0x40, 0x20], 0xd}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x8, @ipv6=@mcast1, @ipv4=@multicast1, @port=0x4e20, @gre_key=0x6e5}}}, {{@ipv6={@local, @loopback, [0xffffffff, 0x0, 0xffffff00, 0xffffffff], [0xff000000, 0xff, 0x0, 0xffffffff], 'veth0_vlan\x00', 'bridge0\x00', {}, {0xff}, 0x84, 0x1f, 0x2, 0x8}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x1, 0x1, [0x2, 0x2, 0x404, 0x2, 0x7ff, 0x3f, 0x0, 0x1, 0xfffb, 0x400, 0x1, 0x81, 0x8, 0x4, 0xe2d7, 0x4], 0xc}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x5, @ipv4=@dev={0xac, 0x14, 0x14, 0x25}, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @icmp_id=0x67, @icmp_id=0x67}}}, {{@uncond, 0x0, 0x180, 0x1c8, 0x0, {}, [@common=@hbh={{0x48}, {0x80000000, 0x3, 0x0, [0x1, 0x6d50, 0x1, 0xff, 0x4, 0x0, 0x81, 0x580, 0x4, 0x1, 0x2, 0x20, 0x5, 0x969, 0x0, 0x7], 0x7}}, @common=@srh1={{0x90}, {0x1d, 0x7f, 0x81, 0x4, 0x20, @local, @loopback, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xffffffff, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffff00, 0xff000000], 0x568, 0x156}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xc, @ipv6=@loopback, @ipv4=@rand_addr=0x64010102, @port=0x4e20, @gre_key=0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x680)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:15 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
faccessat(r1, &(0x7f0000000180)='./file0\x00', 0x46)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='\x00\x00\b\x00\x00\x00'], 0x400)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2254.567616][T13990] FAULT_INJECTION: forcing a failure.
[ 2254.567616][T13990] name failslab, interval 1, probability 0, space 0, times 0
[ 2254.584901][T13990] CPU: 1 PID: 13990 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2254.596536][T13990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2254.606574][T13990] Call Trace:
[ 2254.609842][T13990]  dump_stack+0x1d8/0x241
12:02:15 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00')
connect$inet6(r0, 0x0, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0) (async)
openat$incfs(0xffffffffffffffff, &(0x7f0000000240)='.log\x00', 0x400000, 0x2)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$VHOST_VDPA_GET_VRING_NUM(r2, 0x8002af76, &(0x7f0000000280)) (async)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0)
futimesat(r3, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)={{0x77359400}}) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x1f, @private1={0xfc, 0x1, '\x00', 0x1}, 0x81}, 0x1c)
syz_open_dev$loop(&(0x7f0000000000), 0x1007f, 0x147442)

[ 2254.614147][T13990]  ? panic+0x73e/0x73e
[ 2254.618184][T13990]  ? mutex_unlock+0x19/0x40
[ 2254.622668][T13990]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2254.628470][T13990]  ? selinux_kernfs_init_security+0x155/0x760
[ 2254.634525][T13990]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2254.639525][T13990]  should_fail+0x709/0x870
[ 2254.643916][T13990]  ? setup_fault_attr+0x3d0/0x3d0
[ 2254.648910][T13990]  ? _raw_spin_lock+0xa3/0x1b0
[ 2254.653644][T13990]  ? __kernfs_new_node+0xdb/0x6d0
[ 2254.658640][T13990]  should_failslab+0x5/0x20
[ 2254.663110][T13990]  kmem_cache_alloc+0x24/0x210
[ 2254.667841][T13990]  __kernfs_new_node+0xdb/0x6d0
[ 2254.672663][T13990]  ? mutex_lock+0xa6/0x110
[ 2254.677048][T13990]  ? kernfs_new_node+0x160/0x160
[ 2254.681954][T13990]  kernfs_new_node+0x95/0x160
[ 2254.686601][T13990]  __kernfs_create_file+0x45/0x260
[ 2254.691680][T13990]  sysfs_add_file_mode_ns+0x292/0x340
[ 2254.697020][T13990]  internal_create_group+0x55e/0xf50
[ 2254.702271][T13990]  ? mutex_unlock+0x19/0x40
[ 2254.706744][T13990]  ? sysfs_create_group+0x20/0x20
[ 2254.711734][T13990]  sysfs_create_groups+0x5d/0x130
[ 2254.716726][T13990]  device_add_attrs+0x87/0x370
[ 2254.721457][T13990]  device_add+0x505/0xbc0
[ 2254.725755][T13990]  device_create_vargs+0x1b8/0x210
[ 2254.730835][T13990]  device_create+0xea/0x130
[ 2254.735308][T13990]  ? device_create_vargs+0x210/0x210
[ 2254.740561][T13990]  bdi_register_va+0x89/0x5e0
[ 2254.745206][T13990]  bdi_register+0xd1/0x120
[ 2254.749592][T13990]  ? __device_add_disk+0x539/0x1200
[ 2254.754757][T13990]  ? bdi_register_va+0x5e0/0x5e0
[ 2254.759686][T13990]  ? percpu_ref_resurrect+0x113/0x190
[ 2254.765026][T13990]  bdi_register_owner+0x56/0xf0
[ 2254.769845][T13990]  __device_add_disk+0x5b8/0x1200
[ 2254.774837][T13990]  ? device_add_disk+0x30/0x30
[ 2254.779569][T13990]  ? vsprintf+0x30/0x30
[ 2254.783692][T13990]  ? device_initialize+0x1c7/0x3d0
[ 2254.788770][T13990]  ? __alloc_disk_node+0x326/0x380
[ 2254.793848][T13990]  loop_add+0x554/0x710
[ 2254.797974][T13990]  loop_control_ioctl+0x564/0x740
[ 2254.802965][T13990]  ? loop_remove+0xa0/0xa0
[ 2254.807348][T13990]  ? __lru_cache_add+0x1bf/0x210
[ 2254.812260][T13990]  ? memset+0x1f/0x40
[ 2254.816215][T13990]  ? fsnotify+0x1332/0x13f0
[ 2254.820684][T13990]  ? loop_remove+0xa0/0xa0
[ 2254.825066][T13990]  do_vfs_ioctl+0x744/0x1730
[ 2254.829625][T13990]  ? selinux_file_ioctl+0x723/0x970
[ 2254.834791][T13990]  ? ioctl_preallocate+0x250/0x250
[ 2254.839872][T13990]  ? __fget+0x40c/0x4a0
[ 2254.843994][T13990]  ? fget_many+0x20/0x20
[ 2254.848205][T13990]  ? check_preemption_disabled+0x154/0x330
[ 2254.853987][T13990]  ? debug_smp_processor_id+0x20/0x20
[ 2254.859326][T13990]  ? security_file_ioctl+0x9d/0xb0
[ 2254.864404][T13990]  __x64_sys_ioctl+0xd4/0x110
[ 2254.869049][T13990]  do_syscall_64+0xcb/0x1c0
[ 2254.873525][T13990]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2254.881708][T13990] ------------[ cut here ]------------
[ 2254.887184][T13990] WARNING: CPU: 1 PID: 13990 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2254.896262][T13990] Modules linked in:
[ 2254.900136][T13990] CPU: 1 PID: 13990 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2254.911724][T13990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2254.921759][T13990] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2254.927532][T13990] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2254.947105][T13990] RSP: 0018:ffff8881e210fa00 EFLAGS: 00010246
[ 2254.953138][T13990] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2254.961079][T13990] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2254.969019][T13990] RBP: ffff8881e210fb40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2254.976958][T13990] R10: ffffffff84800000 R11: 1ffff1103c421e00 R12: ffff8881d17f9000
[ 2254.984902][T13990] R13: dffffc0000000000 R14: ffff8881d17f9070 R15: 1ffff1103a2ff29d
[ 2254.992844][T13990] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2255.001740][T13990] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2255.008291][T13990] CR2: 00007ffe4f5e9bf8 CR3: 00000001eb1df000 CR4: 00000000003406e0
[ 2255.016233][T13990] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2255.024172][T13990] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2255.032111][T13990] Call Trace:
[ 2255.035375][T13990]  ? device_add_disk+0x30/0x30
[ 2255.040106][T13990]  ? vsprintf+0x30/0x30
[ 2255.044243][T13990]  ? device_initialize+0x1c7/0x3d0
[ 2255.049329][T13990]  ? __alloc_disk_node+0x326/0x380
[ 2255.054408][T13990]  loop_add+0x554/0x710
[ 2255.058536][T13990]  loop_control_ioctl+0x564/0x740
[ 2255.063534][T13990]  ? loop_remove+0xa0/0xa0
[ 2255.067931][T13990]  ? __lru_cache_add+0x1bf/0x210
[ 2255.072839][T13990]  ? memset+0x1f/0x40
[ 2255.076792][T13990]  ? fsnotify+0x1332/0x13f0
[ 2255.081266][T13990]  ? loop_remove+0xa0/0xa0
[ 2255.085660][T13990]  do_vfs_ioctl+0x744/0x1730
[ 2255.090227][T13990]  ? selinux_file_ioctl+0x723/0x970
[ 2255.095408][T13990]  ? ioctl_preallocate+0x250/0x250
[ 2255.100498][T13990]  ? __fget+0x40c/0x4a0
[ 2255.104629][T13990]  ? fget_many+0x20/0x20
[ 2255.108844][T13990]  ? check_preemption_disabled+0x154/0x330
[ 2255.114621][T13990]  ? debug_smp_processor_id+0x20/0x20
12:02:16 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 60)

12:02:16 executing program 1:
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000080)=0x1c) (async)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@nat={'nat\x00', 0x1b, 0x5, 0x620, 0x160, 0x0, 0xffffffff, 0x0, 0x160, 0x550, 0x550, 0xffffffff, 0x550, 0x550, 0x5, &(0x7f00000000c0), {[{{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@hbh={{0x48}, {0x1, 0x6, 0x0, [0xf1c3, 0xfff, 0x3, 0xf9, 0x2, 0x100, 0x5, 0x0, 0x3, 0x3ff, 0x6, 0x4, 0x1, 0x9, 0x4, 0x20], 0x2}}, @common=@dst={{0x48}, {0x9, 0x1, 0x1, [0x3ff, 0x6, 0x2, 0x6, 0xa3db, 0x0, 0x1965, 0xffff, 0x200, 0x7, 0xfff9, 0x802, 0x9, 0x6, 0x40, 0x20], 0xd}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x8, @ipv6=@mcast1, @ipv4=@multicast1, @port=0x4e20, @gre_key=0x6e5}}}, {{@ipv6={@local, @loopback, [0xffffffff, 0x0, 0xffffff00, 0xffffffff], [0xff000000, 0xff, 0x0, 0xffffffff], 'veth0_vlan\x00', 'bridge0\x00', {}, {0xff}, 0x84, 0x1f, 0x2, 0x8}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x1, 0x1, [0x2, 0x2, 0x404, 0x2, 0x7ff, 0x3f, 0x0, 0x1, 0xfffb, 0x400, 0x1, 0x81, 0x8, 0x4, 0xe2d7, 0x4], 0xc}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x5, @ipv4=@dev={0xac, 0x14, 0x14, 0x25}, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @icmp_id=0x67, @icmp_id=0x67}}}, {{@uncond, 0x0, 0x180, 0x1c8, 0x0, {}, [@common=@hbh={{0x48}, {0x80000000, 0x3, 0x0, [0x1, 0x6d50, 0x1, 0xff, 0x4, 0x0, 0x81, 0x580, 0x4, 0x1, 0x2, 0x20, 0x5, 0x969, 0x0, 0x7], 0x7}}, @common=@srh1={{0x90}, {0x1d, 0x7f, 0x81, 0x4, 0x20, @local, @loopback, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xffffffff, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffff00, 0xff000000], 0x568, 0x156}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xc, @ipv6=@loopback, @ipv4=@rand_addr=0x64010102, @port=0x4e20, @gre_key=0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x680) (async, rerun: 32)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (rerun: 32)

12:02:16 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1e, 0x6, 0x1cb, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, r1, 0x1, 0x4, 0x2}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
r4 = openat$incfs(r1, &(0x7f0000000280)='.log\x00', 0x200c40, 0x8)
write$P9_RSTATFS(r4, &(0x7f00000002c0)={0x43, 0x9, 0x1, {0x4, 0x7, 0x9, 0x100000001, 0x40, 0x5, 0x87, 0xffffffffffffffff, 0x13}}, 0x43) (async)
write$P9_RRENAME(r3, &(0x7f0000000040)={0x7, 0x15, 0x2}, 0x7) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f00000001c0)={0x50c6, {{0xa, 0x4e21, 0x12f, @private0, 0x61d}}}, 0x88) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2255.119964][T13990]  ? security_file_ioctl+0x9d/0xb0
[ 2255.125044][T13990]  __x64_sys_ioctl+0xd4/0x110
[ 2255.129694][T13990]  do_syscall_64+0xcb/0x1c0
[ 2255.134169][T13990]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2255.140027][T13990] ---[ end trace 9fb896c1b706f70d ]---
12:02:16 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 32)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (rerun: 32)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
faccessat(r1, &(0x7f0000000180)='./file0\x00', 0x46) (async)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='\x00\x00\b\x00\x00\x00'], 0x400) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:16 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) (async)

12:02:16 executing program 1:
getpeername$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000080)=0x1c) (async)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@nat={'nat\x00', 0x1b, 0x5, 0x620, 0x160, 0x0, 0xffffffff, 0x0, 0x160, 0x550, 0x550, 0xffffffff, 0x550, 0x550, 0x5, &(0x7f00000000c0), {[{{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@hbh={{0x48}, {0x1, 0x6, 0x0, [0xf1c3, 0xfff, 0x3, 0xf9, 0x2, 0x100, 0x5, 0x0, 0x3, 0x3ff, 0x6, 0x4, 0x1, 0x9, 0x4, 0x20], 0x2}}, @common=@dst={{0x48}, {0x9, 0x1, 0x1, [0x3ff, 0x6, 0x2, 0x6, 0xa3db, 0x0, 0x1965, 0xffff, 0x200, 0x7, 0xfff9, 0x802, 0x9, 0x6, 0x40, 0x20], 0xd}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x8, @ipv6=@mcast1, @ipv4=@multicast1, @port=0x4e20, @gre_key=0x6e5}}}, {{@ipv6={@local, @loopback, [0xffffffff, 0x0, 0xffffff00, 0xffffffff], [0xff000000, 0xff, 0x0, 0xffffffff], 'veth0_vlan\x00', 'bridge0\x00', {}, {0xff}, 0x84, 0x1f, 0x2, 0x8}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x1, 0x1, [0x2, 0x2, 0x404, 0x2, 0x7ff, 0x3f, 0x0, 0x1, 0xfffb, 0x400, 0x1, 0x81, 0x8, 0x4, 0xe2d7, 0x4], 0xc}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x5, @ipv4=@dev={0xac, 0x14, 0x14, 0x25}, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @icmp_id=0x67, @icmp_id=0x67}}}, {{@uncond, 0x0, 0x180, 0x1c8, 0x0, {}, [@common=@hbh={{0x48}, {0x80000000, 0x3, 0x0, [0x1, 0x6d50, 0x1, 0xff, 0x4, 0x0, 0x81, 0x580, 0x4, 0x1, 0x2, 0x20, 0x5, 0x969, 0x0, 0x7], 0x7}}, @common=@srh1={{0x90}, {0x1d, 0x7f, 0x81, 0x4, 0x20, @local, @loopback, @loopback, [0xff000000, 0xffffffff, 0xffffff00, 0xff000000], [0xffffffff, 0xff, 0xff, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffff00, 0xff000000], 0x568, 0x156}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xc, @ipv6=@loopback, @ipv4=@rand_addr=0x64010102, @port=0x4e20, @gre_key=0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x680) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)

12:02:16 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) (async)

12:02:16 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
faccessat(r1, &(0x7f0000000180)='./file0\x00', 0x46)
execveat(r1, 0x0, &(0x7f00000000c0)=[&(0x7f00000001c0)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='\x00\x00\b\x00\x00\x00'], 0x400) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2255.211884][T14022] FAULT_INJECTION: forcing a failure.
[ 2255.211884][T14022] name failslab, interval 1, probability 0, space 0, times 0
[ 2255.224532][T14022] CPU: 1 PID: 14022 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2255.236142][T14022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2255.246176][T14022] Call Trace:
[ 2255.249445][T14022]  dump_stack+0x1d8/0x241
[ 2255.253839][T14022]  ? panic+0x73e/0x73e
[ 2255.257877][T14022]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2255.263658][T14022]  ? idr_get_free+0x6a3/0x840
[ 2255.268301][T14022]  ? mutex_unlock+0x19/0x40
[ 2255.272773][T14022]  should_fail+0x709/0x870
[ 2255.277159][T14022]  ? setup_fault_attr+0x3d0/0x3d0
[ 2255.282149][T14022]  ? idr_alloc+0x2f0/0x2f0
[ 2255.286533][T14022]  ? __kernfs_new_node+0xdb/0x6d0
[ 2255.291523][T14022]  should_failslab+0x5/0x20
[ 2255.295996][T14022]  kmem_cache_alloc+0x24/0x210
[ 2255.300729][T14022]  __kernfs_new_node+0xdb/0x6d0
[ 2255.305558][T14022]  ? kernfs_new_node+0x160/0x160
[ 2255.310464][T14022]  ? mutex_lock+0xa6/0x110
[ 2255.314845][T14022]  ? mutex_trylock+0xa0/0xa0
[ 2255.319411][T14022]  ? kernfs_activate+0x3fc/0x420
[ 2255.324314][T14022]  kernfs_new_node+0x95/0x160
[ 2255.328963][T14022]  __kernfs_create_file+0x45/0x260
[ 2255.334044][T14022]  sysfs_add_file_mode_ns+0x292/0x340
[ 2255.339385][T14022]  sysfs_merge_group+0x207/0x460
[ 2255.344293][T14022]  ? sysfs_remove_groups+0xb0/0xb0
[ 2255.349372][T14022]  ? device_create_file+0xe8/0x1b0
[ 2255.354451][T14022]  ? bus_add_device+0x92/0x3f0
[ 2255.359183][T14022]  dpm_sysfs_add+0xc0/0x260
[ 2255.363654][T14022]  device_add+0x547/0xbc0
[ 2255.367954][T14022]  device_create_vargs+0x1b8/0x210
[ 2255.373037][T14022]  device_create+0xea/0x130
[ 2255.377509][T14022]  ? device_create_vargs+0x210/0x210
[ 2255.382764][T14022]  bdi_register_va+0x89/0x5e0
[ 2255.387410][T14022]  bdi_register+0xd1/0x120
[ 2255.391798][T14022]  ? __device_add_disk+0x539/0x1200
[ 2255.396961][T14022]  ? bdi_register_va+0x5e0/0x5e0
[ 2255.401864][T14022]  ? percpu_ref_resurrect+0x113/0x190
[ 2255.407205][T14022]  bdi_register_owner+0x56/0xf0
[ 2255.412025][T14022]  __device_add_disk+0x5b8/0x1200
[ 2255.417019][T14022]  ? device_add_disk+0x30/0x30
[ 2255.421750][T14022]  ? vsprintf+0x30/0x30
[ 2255.425880][T14022]  ? device_initialize+0x1c7/0x3d0
[ 2255.430984][T14022]  ? __alloc_disk_node+0x326/0x380
[ 2255.436070][T14022]  loop_add+0x554/0x710
[ 2255.440196][T14022]  loop_control_ioctl+0x564/0x740
[ 2255.445188][T14022]  ? loop_remove+0xa0/0xa0
[ 2255.449577][T14022]  ? __lru_cache_add+0x1bf/0x210
[ 2255.454481][T14022]  ? memset+0x1f/0x40
[ 2255.458433][T14022]  ? fsnotify+0x1332/0x13f0
[ 2255.462905][T14022]  ? loop_remove+0xa0/0xa0
[ 2255.467294][T14022]  do_vfs_ioctl+0x744/0x1730
[ 2255.471863][T14022]  ? selinux_file_ioctl+0x723/0x970
[ 2255.477027][T14022]  ? ioctl_preallocate+0x250/0x250
[ 2255.482106][T14022]  ? __fget+0x40c/0x4a0
[ 2255.486228][T14022]  ? fget_many+0x20/0x20
[ 2255.490438][T14022]  ? check_preemption_disabled+0x154/0x330
[ 2255.496210][T14022]  ? debug_smp_processor_id+0x20/0x20
[ 2255.501548][T14022]  ? security_file_ioctl+0x9d/0xb0
[ 2255.506625][T14022]  __x64_sys_ioctl+0xd4/0x110
[ 2255.511273][T14022]  do_syscall_64+0xcb/0x1c0
[ 2255.515749][T14022]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2255.522766][T14022] ------------[ cut here ]------------
[ 2255.528243][T14022] WARNING: CPU: 1 PID: 14022 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2255.537321][T14022] Modules linked in:
[ 2255.541190][T14022] CPU: 1 PID: 14022 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2255.552777][T14022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2255.562896][T14022] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2255.568675][T14022] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2255.588248][T14022] RSP: 0018:ffff8881e4b27a00 EFLAGS: 00010246
[ 2255.594312][T14022] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2255.602251][T14022] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2255.610191][T14022] RBP: ffff8881e4b27b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2255.618131][T14022] R10: ffffffff84800000 R11: 1ffff1103c964e00 R12: ffff8881e0f85000
[ 2255.626078][T14022] R13: dffffc0000000000 R14: ffff8881e0f85070 R15: 1ffff1103c1f0a9d
[ 2255.634025][T14022] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2255.642917][T14022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2255.649467][T14022] CR2: 00005555573ec728 CR3: 00000001ec176000 CR4: 00000000003406e0
[ 2255.657410][T14022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2255.665353][T14022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2255.673295][T14022] Call Trace:
[ 2255.676559][T14022]  ? device_add_disk+0x30/0x30
[ 2255.681289][T14022]  ? vsprintf+0x30/0x30
[ 2255.685416][T14022]  ? device_initialize+0x1c7/0x3d0
[ 2255.690494][T14022]  ? __alloc_disk_node+0x326/0x380
[ 2255.695584][T14022]  loop_add+0x554/0x710
[ 2255.699715][T14022]  loop_control_ioctl+0x564/0x740
[ 2255.704722][T14022]  ? loop_remove+0xa0/0xa0
[ 2255.709131][T14022]  ? __lru_cache_add+0x1bf/0x210
[ 2255.714046][T14022]  ? memset+0x1f/0x40
[ 2255.718000][T14022]  ? fsnotify+0x1332/0x13f0
[ 2255.722470][T14022]  ? loop_remove+0xa0/0xa0
[ 2255.726856][T14022]  do_vfs_ioctl+0x744/0x1730
[ 2255.731423][T14022]  ? selinux_file_ioctl+0x723/0x970
[ 2255.736593][T14022]  ? ioctl_preallocate+0x250/0x250
[ 2255.741671][T14022]  ? __fget+0x40c/0x4a0
[ 2255.745817][T14022]  ? fget_many+0x20/0x20
[ 2255.750028][T14022]  ? check_preemption_disabled+0x154/0x330
[ 2255.755801][T14022]  ? debug_smp_processor_id+0x20/0x20
12:02:17 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0xe7, @remote, 0x1}, 0x1c)

12:02:17 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 61)

12:02:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.L'}, 0x15)

[ 2255.761138][T14022]  ? security_file_ioctl+0x9d/0xb0
[ 2255.766217][T14022]  __x64_sys_ioctl+0xd4/0x110
[ 2255.770884][T14022]  do_syscall_64+0xcb/0x1c0
[ 2255.775355][T14022]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2255.781215][T14022] ---[ end trace 9fb896c1b706f70e ]---
12:02:17 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:17 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
mknodat(r2, &(0x7f00000001c0)='./file0\x00', 0x1200, 0x9)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000200)={0x89, 0x24, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x1}, @enc_lim={0x4, 0x1, 0x3}, @enc_lim={0x4, 0x1, 0x6a}, @hao={0xc9, 0x10, @local}, @generic={0x40, 0xee, "2cfde4a31e309248f005eccd5c4e9c22525f46c24c2b62f964136530f2df7946fd18d72ba9442be305580153a37fd6547c71042a99747e30b6aa47bb1c3b56fc1a52051130992894e69bbc65faa34c5b37319603adab59126a091b5b950d1de5f72e207e23657c38434176030919e535925faf34cf81abaab07ee0b6be3e66d96d5351a9aa7e67ff085cef1fbc79dabaef5e6ba4648a3f87148cdd58b2aef6d9b870d6601ec10aea959a3d693c7ec3dc285bbdc3b03cf34621d2bcb406c19730cd37d4b84aac6a8251650284022be4da042a100db59c43f7df581d1150877c08ae2f660087a6df75003d623fb260"}, @pad1]}, 0x130)

12:02:17 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)

12:02:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.L'}, 0x15)

12:02:17 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x64083, 0x48)
write$P9_RXATTRWALK(r1, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x2}, 0xf)
connect$inet6(r0, 0x0, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000080)={'icmp\x00'}, &(0x7f00000000c0)=0x1e)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4481, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40e140, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
renameat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', r3, &(0x7f0000000280)='./file0\x00')
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000180)={@desc={0x1, 0x0, @desc1}})
write$P9_RREMOVE(r2, 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e24, 0x0, @local, 0x3}, 0x1c)

[ 2255.867984][T14059] FAULT_INJECTION: forcing a failure.
[ 2255.867984][T14059] name failslab, interval 1, probability 0, space 0, times 0
[ 2255.880810][T14059] CPU: 0 PID: 14059 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2255.892425][T14059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2255.902454][T14059] Call Trace:
[ 2255.905719][T14059]  dump_stack+0x1d8/0x241
[ 2255.910020][T14059]  ? panic+0x73e/0x73e
[ 2255.914057][T14059]  ? mutex_unlock+0x19/0x40
[ 2255.918535][T14059]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2255.924335][T14059]  ? selinux_kernfs_init_security+0x155/0x760
[ 2255.930375][T14059]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2255.935367][T14059]  should_fail+0x709/0x870
[ 2255.939756][T14059]  ? setup_fault_attr+0x3d0/0x3d0
[ 2255.944748][T14059]  ? _raw_spin_lock+0xa3/0x1b0
[ 2255.949482][T14059]  ? __kernfs_new_node+0xdb/0x6d0
[ 2255.954493][T14059]  should_failslab+0x5/0x20
[ 2255.958975][T14059]  kmem_cache_alloc+0x24/0x210
[ 2255.963726][T14059]  __kernfs_new_node+0xdb/0x6d0
[ 2255.968561][T14059]  ? mutex_lock+0xa6/0x110
[ 2255.972963][T14059]  ? kernfs_new_node+0x160/0x160
[ 2255.977876][T14059]  ? mutex_lock+0xa6/0x110
[ 2255.982263][T14059]  ? mutex_trylock+0xa0/0xa0
[ 2255.986823][T14059]  kernfs_new_node+0x95/0x160
[ 2255.991471][T14059]  __kernfs_create_file+0x45/0x260
[ 2255.996568][T14059]  sysfs_add_file_mode_ns+0x292/0x340
[ 2256.001919][T14059]  sysfs_merge_group+0x207/0x460
[ 2256.006835][T14059]  ? sysfs_remove_groups+0xb0/0xb0
[ 2256.011919][T14059]  ? device_create_file+0xe8/0x1b0
[ 2256.017006][T14059]  ? bus_add_device+0x92/0x3f0
[ 2256.021739][T14059]  dpm_sysfs_add+0xc0/0x260
[ 2256.026210][T14059]  device_add+0x547/0xbc0
[ 2256.030509][T14059]  device_create_vargs+0x1b8/0x210
[ 2256.035590][T14059]  device_create+0xea/0x130
[ 2256.040111][T14059]  ? device_create_vargs+0x210/0x210
[ 2256.045364][T14059]  bdi_register_va+0x89/0x5e0
[ 2256.050008][T14059]  bdi_register+0xd1/0x120
[ 2256.054394][T14059]  ? __device_add_disk+0x539/0x1200
[ 2256.059560][T14059]  ? bdi_register_va+0x5e0/0x5e0
[ 2256.064466][T14059]  ? percpu_ref_resurrect+0x113/0x190
[ 2256.069808][T14059]  bdi_register_owner+0x56/0xf0
[ 2256.074627][T14059]  __device_add_disk+0x5b8/0x1200
[ 2256.079622][T14059]  ? device_add_disk+0x30/0x30
[ 2256.084353][T14059]  ? vsprintf+0x30/0x30
[ 2256.088480][T14059]  ? device_initialize+0x1c7/0x3d0
[ 2256.093562][T14059]  ? __alloc_disk_node+0x326/0x380
[ 2256.098639][T14059]  loop_add+0x554/0x710
[ 2256.102764][T14059]  loop_control_ioctl+0x564/0x740
[ 2256.107798][T14059]  ? loop_remove+0xa0/0xa0
[ 2256.112184][T14059]  ? __lru_cache_add+0x1bf/0x210
[ 2256.117099][T14059]  ? memset+0x1f/0x40
[ 2256.121141][T14059]  ? fsnotify+0x1332/0x13f0
[ 2256.125612][T14059]  ? loop_remove+0xa0/0xa0
[ 2256.129994][T14059]  do_vfs_ioctl+0x744/0x1730
[ 2256.134553][T14059]  ? selinux_file_ioctl+0x723/0x970
[ 2256.139720][T14059]  ? ioctl_preallocate+0x250/0x250
[ 2256.144798][T14059]  ? __fget+0x40c/0x4a0
[ 2256.148920][T14059]  ? fget_many+0x20/0x20
[ 2256.153133][T14059]  ? check_preemption_disabled+0x154/0x330
[ 2256.158907][T14059]  ? debug_smp_processor_id+0x20/0x20
[ 2256.164253][T14059]  ? security_file_ioctl+0x9d/0xb0
[ 2256.169342][T14059]  __x64_sys_ioctl+0xd4/0x110
[ 2256.173988][T14059]  do_syscall_64+0xcb/0x1c0
[ 2256.178471][T14059]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2256.186773][T14059] ------------[ cut here ]------------
[ 2256.192248][T14059] WARNING: CPU: 1 PID: 14059 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2256.201317][T14059] Modules linked in:
[ 2256.205184][T14059] CPU: 1 PID: 14059 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2256.216769][T14059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2256.226961][T14059] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2256.232741][T14059] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2256.252316][T14059] RSP: 0018:ffff8881cc7d7a00 EFLAGS: 00010246
[ 2256.258349][T14059] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2256.266285][T14059] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2256.274221][T14059] RBP: ffff8881cc7d7b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2256.282162][T14059] R10: ffffffff84800000 R11: 1ffff110398fae00 R12: ffff8881ef03d000
[ 2256.290105][T14059] R13: dffffc0000000000 R14: ffff8881ef03d070 R15: 1ffff1103de07a9d
[ 2256.298061][T14059] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2256.306951][T14059] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2256.313501][T14059] CR2: 00007f0a08f50718 CR3: 00000001f29e3000 CR4: 00000000003406e0
[ 2256.321440][T14059] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2256.329376][T14059] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2256.337313][T14059] Call Trace:
[ 2256.340574][T14059]  ? device_add_disk+0x30/0x30
[ 2256.345303][T14059]  ? vsprintf+0x30/0x30
[ 2256.349427][T14059]  ? device_initialize+0x1c7/0x3d0
[ 2256.354504][T14059]  ? __alloc_disk_node+0x326/0x380
[ 2256.359584][T14059]  loop_add+0x554/0x710
[ 2256.363706][T14059]  loop_control_ioctl+0x564/0x740
[ 2256.368698][T14059]  ? loop_remove+0xa0/0xa0
[ 2256.373078][T14059]  ? __lru_cache_add+0x1bf/0x210
[ 2256.377982][T14059]  ? memset+0x1f/0x40
[ 2256.381931][T14059]  ? fsnotify+0x1332/0x13f0
[ 2256.386397][T14059]  ? loop_remove+0xa0/0xa0
[ 2256.390793][T14059]  do_vfs_ioctl+0x744/0x1730
[ 2256.395349][T14059]  ? selinux_file_ioctl+0x723/0x970
[ 2256.400511][T14059]  ? ioctl_preallocate+0x250/0x250
[ 2256.405588][T14059]  ? __fget+0x40c/0x4a0
[ 2256.409708][T14059]  ? fget_many+0x20/0x20
[ 2256.413918][T14059]  ? check_preemption_disabled+0x154/0x330
12:02:17 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 62)

[ 2256.419692][T14059]  ? debug_smp_processor_id+0x20/0x20
[ 2256.425031][T14059]  ? security_file_ioctl+0x9d/0xb0
[ 2256.430107][T14059]  __x64_sys_ioctl+0xd4/0x110
[ 2256.434753][T14059]  do_syscall_64+0xcb/0x1c0
[ 2256.439225][T14059]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2256.445086][T14059] ---[ end trace 9fb896c1b706f70f ]---
12:02:17 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0xe7, @remote, 0x1}, 0x1c)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0xe7, @remote, 0x1}, 0x1c) (async)

12:02:17 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
mknodat(r2, &(0x7f00000001c0)='./file0\x00', 0x1200, 0x9) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000200)={0x89, 0x24, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x1}, @enc_lim={0x4, 0x1, 0x3}, @enc_lim={0x4, 0x1, 0x6a}, @hao={0xc9, 0x10, @local}, @generic={0x40, 0xee, "2cfde4a31e309248f005eccd5c4e9c22525f46c24c2b62f964136530f2df7946fd18d72ba9442be305580153a37fd6547c71042a99747e30b6aa47bb1c3b56fc1a52051130992894e69bbc65faa34c5b37319603adab59126a091b5b950d1de5f72e207e23657c38434176030919e535925faf34cf81abaab07ee0b6be3e66d96d5351a9aa7e67ff085cef1fbc79dabaef5e6ba4648a3f87148cdd58b2aef6d9b870d6601ec10aea959a3d693c7ec3dc285bbdc3b03cf34621d2bcb406c19730cd37d4b84aac6a8251650284022be4da042a100db59c43f7df581d1150877c08ae2f660087a6df75003d623fb260"}, @pad1]}, 0x130)

12:02:17 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x64083, 0x48)
write$P9_RXATTRWALK(r1, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x2}, 0xf) (async)
connect$inet6(r0, 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000080)={'icmp\x00'}, &(0x7f00000000c0)=0x1e)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4481, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40e140, 0x0) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
renameat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', r3, &(0x7f0000000280)='./file0\x00') (async)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000180)={@desc={0x1, 0x0, @desc1}}) (async)
write$P9_RREMOVE(r2, 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e24, 0x0, @local, 0x3}, 0x1c)

12:02:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.L'}, 0x15)

12:02:17 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:17 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
mknodat(r2, &(0x7f00000001c0)='./file0\x00', 0x1200, 0x9) (async, rerun: 32)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000200)={0x89, 0x24, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x1}, @enc_lim={0x4, 0x1, 0x3}, @enc_lim={0x4, 0x1, 0x6a}, @hao={0xc9, 0x10, @local}, @generic={0x40, 0xee, "2cfde4a31e309248f005eccd5c4e9c22525f46c24c2b62f964136530f2df7946fd18d72ba9442be305580153a37fd6547c71042a99747e30b6aa47bb1c3b56fc1a52051130992894e69bbc65faa34c5b37319603adab59126a091b5b950d1de5f72e207e23657c38434176030919e535925faf34cf81abaab07ee0b6be3e66d96d5351a9aa7e67ff085cef1fbc79dabaef5e6ba4648a3f87148cdd58b2aef6d9b870d6601ec10aea959a3d693c7ec3dc285bbdc3b03cf34621d2bcb406c19730cd37d4b84aac6a8251650284022be4da042a100db59c43f7df581d1150877c08ae2f660087a6df75003d623fb260"}, @pad1]}, 0x130)

12:02:17 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x64083, 0x48)
write$P9_RXATTRWALK(r1, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x2}, 0xf)
connect$inet6(r0, 0x0, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000080)={'icmp\x00'}, &(0x7f00000000c0)=0x1e)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4481, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40e140, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
renameat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', r3, &(0x7f0000000280)='./file0\x00')
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000180)={@desc={0x1, 0x0, @desc1}})
write$P9_RREMOVE(r2, 0x0, 0x0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e24, 0x0, @local, 0x3}, 0x1c)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x64083, 0x48) (async)
write$P9_RXATTRWALK(r1, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0x2}, 0xf) (async)
connect$inet6(r0, 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000080)={'icmp\x00'}, &(0x7f00000000c0)=0x1e) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x4481, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x40e140, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
renameat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', r3, &(0x7f0000000280)='./file0\x00') (async)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000180)={@desc={0x1, 0x0, @desc1}}) (async)
write$P9_RREMOVE(r2, 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e24, 0x0, @local, 0x3}, 0x1c) (async)

12:02:17 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0xe7, @remote, 0x1}, 0x1c)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0xe7, @remote, 0x1}, 0x1c) (async)

12:02:17 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000040)={0x0, {{0xa, 0x4e23, 0x6c3, @local, 0x2}}}, 0x88)

12:02:17 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x6041)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0)
socket$inet6(0xa, 0x800, 0x4)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000140)={0x400000, {{0xa, 0x4e20, 0xf87, @rand_addr=' \x01\x00', 0x5}}}, 0x88)

[ 2256.562492][T14101] FAULT_INJECTION: forcing a failure.
[ 2256.562492][T14101] name failslab, interval 1, probability 0, space 0, times 0
[ 2256.577283][T14101] CPU: 1 PID: 14101 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2256.588922][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2256.598954][T14101] Call Trace:
[ 2256.602220][T14101]  dump_stack+0x1d8/0x241
[ 2256.606521][T14101]  ? panic+0x73e/0x73e
[ 2256.610557][T14101]  ? mutex_unlock+0x19/0x40
[ 2256.615027][T14101]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2256.620802][T14101]  ? selinux_kernfs_init_security+0x155/0x760
[ 2256.626835][T14101]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2256.631826][T14101]  should_fail+0x709/0x870
[ 2256.636215][T14101]  ? setup_fault_attr+0x3d0/0x3d0
[ 2256.641205][T14101]  ? _raw_spin_lock+0xa3/0x1b0
[ 2256.645937][T14101]  ? __kernfs_new_node+0xdb/0x6d0
[ 2256.650935][T14101]  should_failslab+0x5/0x20
[ 2256.655412][T14101]  kmem_cache_alloc+0x24/0x210
[ 2256.660148][T14101]  __kernfs_new_node+0xdb/0x6d0
[ 2256.664973][T14101]  ? mutex_lock+0xa6/0x110
[ 2256.669364][T14101]  ? kernfs_new_node+0x160/0x160
[ 2256.674267][T14101]  ? mutex_lock+0xa6/0x110
[ 2256.678650][T14101]  ? mutex_trylock+0xa0/0xa0
[ 2256.683208][T14101]  kernfs_new_node+0x95/0x160
[ 2256.687852][T14101]  __kernfs_create_file+0x45/0x260
[ 2256.692930][T14101]  sysfs_add_file_mode_ns+0x292/0x340
[ 2256.698270][T14101]  sysfs_merge_group+0x207/0x460
[ 2256.703179][T14101]  ? sysfs_remove_groups+0xb0/0xb0
[ 2256.708256][T14101]  ? device_create_file+0xe8/0x1b0
[ 2256.713336][T14101]  ? bus_add_device+0x92/0x3f0
[ 2256.718068][T14101]  dpm_sysfs_add+0xc0/0x260
[ 2256.722555][T14101]  device_add+0x547/0xbc0
[ 2256.726863][T14101]  device_create_vargs+0x1b8/0x210
[ 2256.731946][T14101]  device_create+0xea/0x130
[ 2256.736416][T14101]  ? device_create_vargs+0x210/0x210
[ 2256.741669][T14101]  bdi_register_va+0x89/0x5e0
[ 2256.746316][T14101]  bdi_register+0xd1/0x120
[ 2256.750710][T14101]  ? __device_add_disk+0x539/0x1200
[ 2256.755882][T14101]  ? bdi_register_va+0x5e0/0x5e0
[ 2256.760785][T14101]  ? percpu_ref_resurrect+0x113/0x190
[ 2256.766126][T14101]  bdi_register_owner+0x56/0xf0
[ 2256.770943][T14101]  __device_add_disk+0x5b8/0x1200
[ 2256.775938][T14101]  ? device_add_disk+0x30/0x30
[ 2256.780668][T14101]  ? vsprintf+0x30/0x30
[ 2256.784791][T14101]  ? device_initialize+0x1c7/0x3d0
[ 2256.789880][T14101]  ? __alloc_disk_node+0x326/0x380
[ 2256.794967][T14101]  loop_add+0x554/0x710
[ 2256.799091][T14101]  loop_control_ioctl+0x564/0x740
[ 2256.804081][T14101]  ? loop_remove+0xa0/0xa0
[ 2256.808465][T14101]  ? __lru_cache_add+0x1bf/0x210
[ 2256.813371][T14101]  ? memset+0x1f/0x40
[ 2256.817321][T14101]  ? fsnotify+0x1332/0x13f0
[ 2256.821792][T14101]  ? loop_remove+0xa0/0xa0
[ 2256.826173][T14101]  do_vfs_ioctl+0x744/0x1730
[ 2256.830731][T14101]  ? selinux_file_ioctl+0x723/0x970
[ 2256.835897][T14101]  ? ioctl_preallocate+0x250/0x250
[ 2256.840974][T14101]  ? __fget+0x40c/0x4a0
[ 2256.845099][T14101]  ? fget_many+0x20/0x20
[ 2256.849311][T14101]  ? check_preemption_disabled+0x154/0x330
[ 2256.855084][T14101]  ? debug_smp_processor_id+0x20/0x20
[ 2256.860424][T14101]  ? security_file_ioctl+0x9d/0xb0
[ 2256.865502][T14101]  __x64_sys_ioctl+0xd4/0x110
[ 2256.870149][T14101]  do_syscall_64+0xcb/0x1c0
[ 2256.874621][T14101]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2256.881751][T14101] ------------[ cut here ]------------
[ 2256.887213][T14101] WARNING: CPU: 1 PID: 14101 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2256.896283][T14101] Modules linked in:
[ 2256.900152][T14101] CPU: 1 PID: 14101 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2256.911735][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2256.921767][T14101] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2256.927542][T14101] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2256.947124][T14101] RSP: 0018:ffff8881f20c7a00 EFLAGS: 00010246
[ 2256.953165][T14101] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2256.961108][T14101] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2256.969048][T14101] RBP: ffff8881f20c7b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2256.976989][T14101] R10: ffffffff84800000 R11: 1ffff1103e418e00 R12: ffff8881cecd3000
[ 2256.984931][T14101] R13: dffffc0000000000 R14: ffff8881cecd3070 R15: 1ffff11039d9a69d
[ 2256.992871][T14101] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2257.001767][T14101] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2257.008318][T14101] CR2: 00005555573ec728 CR3: 00000001cc47f000 CR4: 00000000003406e0
[ 2257.016264][T14101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2257.024212][T14101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2257.032150][T14101] Call Trace:
[ 2257.035420][T14101]  ? device_add_disk+0x30/0x30
[ 2257.040154][T14101]  ? vsprintf+0x30/0x30
[ 2257.044277][T14101]  ? device_initialize+0x1c7/0x3d0
[ 2257.049367][T14101]  ? __alloc_disk_node+0x326/0x380
[ 2257.054453][T14101]  loop_add+0x554/0x710
[ 2257.058589][T14101]  loop_control_ioctl+0x564/0x740
[ 2257.063588][T14101]  ? loop_remove+0xa0/0xa0
[ 2257.067977][T14101]  ? __lru_cache_add+0x1bf/0x210
[ 2257.072884][T14101]  ? memset+0x1f/0x40
[ 2257.076834][T14101]  ? fsnotify+0x1332/0x13f0
[ 2257.081303][T14101]  ? loop_remove+0xa0/0xa0
[ 2257.085689][T14101]  do_vfs_ioctl+0x744/0x1730
[ 2257.090247][T14101]  ? selinux_file_ioctl+0x723/0x970
[ 2257.095412][T14101]  ? ioctl_preallocate+0x250/0x250
[ 2257.100494][T14101]  ? __fget+0x40c/0x4a0
[ 2257.104640][T14101]  ? fget_many+0x20/0x20
[ 2257.108867][T14101]  ? check_preemption_disabled+0x154/0x330
12:02:18 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 63)

12:02:18 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in6=@mcast1, @in=@broadcast}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8)
write$P9_RREMOVE(r0, 0x0, 0x0)

[ 2257.114639][T14101]  ? debug_smp_processor_id+0x20/0x20
[ 2257.119980][T14101]  ? security_file_ioctl+0x9d/0xb0
[ 2257.125058][T14101]  __x64_sys_ioctl+0xd4/0x110
[ 2257.129705][T14101]  do_syscall_64+0xcb/0x1c0
[ 2257.134189][T14101]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2257.140056][T14101] ---[ end trace 9fb896c1b706f710 ]---
12:02:18 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000040)={0x0, {{0xa, 0x4e23, 0x6c3, @local, 0x2}}}, 0x88)

12:02:18 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RLCREATE(r1, &(0x7f00000005c0)={0x18, 0xf, 0x2, {{0x1, 0x3, 0x3}, 0x1}}, 0x18)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000400)='.pending_reads\x00', 0xc0100, 0x8)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f0000000440))
execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000200)='/sys/kernel/debug/binder/stats\x00'], &(0x7f00000003c0)=[&(0x7f0000000280)='@B&\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)=':\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00'], 0x100)
connect$inet6(r2, 0x0, 0x0)
mknodat(r3, &(0x7f0000000580)='.\x00', 0x1, 0x1ff)
accept$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c)

[ 2257.192784][T14141] FAULT_INJECTION: forcing a failure.
[ 2257.192784][T14141] name failslab, interval 1, probability 0, space 0, times 0
[ 2257.210958][T14141] CPU: 0 PID: 14141 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2257.222608][T14141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2257.232657][T14141] Call Trace:
[ 2257.235947][T14141]  dump_stack+0x1d8/0x241
12:02:18 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x711800, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/wireguard', 0x8000, 0x100)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x19, 0xfffffffd, 0x1000, 0x800, 0x2, 0xffffffffffffffff, 0x53f6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x48)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e22, 0x100, @local, 0x7fff}, 0x1c)
connect$inet6(r4, 0x0, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000240)={'filter\x00', 0xec, "0306a29ec31fa8eb49257b879f0e4e6b66f53d6090ca0beba3da597adef36177138c752e0d6e5a151e6b5d0c69847d29a865815ddc2f9123a79afa9a2a4a4a9b4d045ab228c77af4ef92e1a38158f311f40e82edc130c8b22d86d8cd2b2ecf2565fecf83512b4bf2d5d7e25151aabcd10662e496b0d5ab6206333a2ea58c7c2e70f45c2d5e3260961b0919a5732337cefa8c3cd1e1e2f124096e83b7c9453670a5fe7c1dd6a09bf59a0087ff6ffa00f99ab916ae700406ce9a4a2768c9999f125230fd7153e1981ce9ef3299bde4f7c45d9f1272191059f05c6bb4cb1ebc24f729a6a3c7216a00b20cc61c4d"}, &(0x7f0000000380)=0x110)
socket$inet6_tcp(0xa, 0x1, 0x0)

12:02:18 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x711800, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/wireguard', 0x8000, 0x100)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x19, 0xfffffffd, 0x1000, 0x800, 0x2, 0xffffffffffffffff, 0x53f6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x48)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e22, 0x100, @local, 0x7fff}, 0x1c)
connect$inet6(r4, 0x0, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000240)={'filter\x00', 0xec, "0306a29ec31fa8eb49257b879f0e4e6b66f53d6090ca0beba3da597adef36177138c752e0d6e5a151e6b5d0c69847d29a865815ddc2f9123a79afa9a2a4a4a9b4d045ab228c77af4ef92e1a38158f311f40e82edc130c8b22d86d8cd2b2ecf2565fecf83512b4bf2d5d7e25151aabcd10662e496b0d5ab6206333a2ea58c7c2e70f45c2d5e3260961b0919a5732337cefa8c3cd1e1e2f124096e83b7c9453670a5fe7c1dd6a09bf59a0087ff6ffa00f99ab916ae700406ce9a4a2768c9999f125230fd7153e1981ce9ef3299bde4f7c45d9f1272191059f05c6bb4cb1ebc24f729a6a3c7216a00b20cc61c4d"}, &(0x7f0000000380)=0x110)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x711800, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/wireguard', 0x8000, 0x100) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x19, 0xfffffffd, 0x1000, 0x800, 0x2, 0xffffffffffffffff, 0x53f6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x48) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e22, 0x100, @local, 0x7fff}, 0x1c) (async)
connect$inet6(r4, 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000240)={'filter\x00', 0xec, "0306a29ec31fa8eb49257b879f0e4e6b66f53d6090ca0beba3da597adef36177138c752e0d6e5a151e6b5d0c69847d29a865815ddc2f9123a79afa9a2a4a4a9b4d045ab228c77af4ef92e1a38158f311f40e82edc130c8b22d86d8cd2b2ecf2565fecf83512b4bf2d5d7e25151aabcd10662e496b0d5ab6206333a2ea58c7c2e70f45c2d5e3260961b0919a5732337cefa8c3cd1e1e2f124096e83b7c9453670a5fe7c1dd6a09bf59a0087ff6ffa00f99ab916ae700406ce9a4a2768c9999f125230fd7153e1981ce9ef3299bde4f7c45d9f1272191059f05c6bb4cb1ebc24f729a6a3c7216a00b20cc61c4d"}, &(0x7f0000000380)=0x110) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)

12:02:18 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x711800, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/wireguard', 0x8000, 0x100) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x19, 0xfffffffd, 0x1000, 0x800, 0x2, 0xffffffffffffffff, 0x53f6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x48)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e22, 0x100, @local, 0x7fff}, 0x1c) (async)
connect$inet6(r4, 0x0, 0x0) (async)
getsockopt$IP6T_SO_GET_ENTRIES(r4, 0x29, 0x41, &(0x7f0000000240)={'filter\x00', 0xec, "0306a29ec31fa8eb49257b879f0e4e6b66f53d6090ca0beba3da597adef36177138c752e0d6e5a151e6b5d0c69847d29a865815ddc2f9123a79afa9a2a4a4a9b4d045ab228c77af4ef92e1a38158f311f40e82edc130c8b22d86d8cd2b2ecf2565fecf83512b4bf2d5d7e25151aabcd10662e496b0d5ab6206333a2ea58c7c2e70f45c2d5e3260961b0919a5732337cefa8c3cd1e1e2f124096e83b7c9453670a5fe7c1dd6a09bf59a0087ff6ffa00f99ab916ae700406ce9a4a2768c9999f125230fd7153e1981ce9ef3299bde4f7c45d9f1272191059f05c6bb4cb1ebc24f729a6a3c7216a00b20cc61c4d"}, &(0x7f0000000380)=0x110) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)

12:02:18 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x40, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
utimensat(r1, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)={{0x0, 0xea60}, {0x77359400}}, 0x100)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000180)={0xb, 0x77, 0x2}, 0xb)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
write$P9_RREADLINK(r3, &(0x7f00000001c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2257.240273][T14141]  ? panic+0x73e/0x73e
[ 2257.244326][T14141]  ? mutex_unlock+0x19/0x40
[ 2257.248813][T14141]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2257.254619][T14141]  ? selinux_kernfs_init_security+0x155/0x760
[ 2257.260685][T14141]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2257.265708][T14141]  should_fail+0x709/0x870
[ 2257.270118][T14141]  ? setup_fault_attr+0x3d0/0x3d0
[ 2257.275146][T14141]  ? _raw_spin_lock+0xa3/0x1b0
[ 2257.279906][T14141]  ? __kernfs_new_node+0xdb/0x6d0
[ 2257.284924][T14141]  should_failslab+0x5/0x20
[ 2257.289420][T14141]  kmem_cache_alloc+0x24/0x210
[ 2257.294181][T14141]  __kernfs_new_node+0xdb/0x6d0
[ 2257.299024][T14141]  ? mutex_lock+0xa6/0x110
[ 2257.303411][T14141]  ? kernfs_new_node+0x160/0x160
[ 2257.308314][T14141]  ? mutex_lock+0xa6/0x110
[ 2257.312723][T14141]  ? mutex_trylock+0xa0/0xa0
[ 2257.317304][T14141]  kernfs_new_node+0x95/0x160
[ 2257.321953][T14141]  __kernfs_create_file+0x45/0x260
[ 2257.327032][T14141]  sysfs_add_file_mode_ns+0x292/0x340
[ 2257.332374][T14141]  sysfs_merge_group+0x207/0x460
[ 2257.337285][T14141]  ? sysfs_remove_groups+0xb0/0xb0
[ 2257.342368][T14141]  ? device_create_file+0xe8/0x1b0
[ 2257.347452][T14141]  ? bus_add_device+0x92/0x3f0
[ 2257.352188][T14141]  dpm_sysfs_add+0xc0/0x260
[ 2257.356663][T14141]  device_add+0x547/0xbc0
[ 2257.360963][T14141]  device_create_vargs+0x1b8/0x210
[ 2257.366044][T14141]  device_create+0xea/0x130
[ 2257.370519][T14141]  ? device_create_vargs+0x210/0x210
[ 2257.375774][T14141]  bdi_register_va+0x89/0x5e0
[ 2257.380421][T14141]  bdi_register+0xd1/0x120
[ 2257.384833][T14141]  ? __device_add_disk+0x539/0x1200
[ 2257.390004][T14141]  ? bdi_register_va+0x5e0/0x5e0
[ 2257.394911][T14141]  ? percpu_ref_resurrect+0x113/0x190
[ 2257.400400][T14141]  bdi_register_owner+0x56/0xf0
[ 2257.405232][T14141]  __device_add_disk+0x5b8/0x1200
[ 2257.410231][T14141]  ? device_add_disk+0x30/0x30
[ 2257.414967][T14141]  ? vsprintf+0x30/0x30
[ 2257.419092][T14141]  ? device_initialize+0x1c7/0x3d0
[ 2257.424295][T14141]  ? __alloc_disk_node+0x326/0x380
[ 2257.429393][T14141]  loop_add+0x554/0x710
[ 2257.433530][T14141]  loop_control_ioctl+0x564/0x740
[ 2257.438536][T14141]  ? loop_remove+0xa0/0xa0
[ 2257.442963][T14141]  ? __lru_cache_add+0x1bf/0x210
[ 2257.447874][T14141]  ? memset+0x1f/0x40
[ 2257.451831][T14141]  ? fsnotify+0x1332/0x13f0
[ 2257.456415][T14141]  ? loop_remove+0xa0/0xa0
[ 2257.460812][T14141]  do_vfs_ioctl+0x744/0x1730
[ 2257.465379][T14141]  ? selinux_file_ioctl+0x723/0x970
[ 2257.470547][T14141]  ? ioctl_preallocate+0x250/0x250
[ 2257.475654][T14141]  ? __fget+0x40c/0x4a0
[ 2257.479791][T14141]  ? fget_many+0x20/0x20
[ 2257.484004][T14141]  ? check_preemption_disabled+0x154/0x330
12:02:18 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x6041)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0)
socket$inet6(0xa, 0x800, 0x4) (async)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000140)={0x400000, {{0xa, 0x4e20, 0xf87, @rand_addr=' \x01\x00', 0x5}}}, 0x88)

12:02:18 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in6=@mcast1, @in=@broadcast}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

[ 2257.489777][T14141]  ? debug_smp_processor_id+0x20/0x20
[ 2257.495118][T14141]  ? security_file_ioctl+0x9d/0xb0
[ 2257.500196][T14141]  __x64_sys_ioctl+0xd4/0x110
[ 2257.504843][T14141]  do_syscall_64+0xcb/0x1c0
[ 2257.509446][T14141]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2257.518460][T14141] ------------[ cut here ]------------
[ 2257.523946][T14141] WARNING: CPU: 0 PID: 14141 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2257.533018][T14141] Modules linked in:
[ 2257.536897][T14141] CPU: 0 PID: 14141 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2257.548491][T14141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2257.558532][T14141] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2257.564315][T14141] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2257.583897][T14141] RSP: 0018:ffff8881ce247a00 EFLAGS: 00010246
[ 2257.589937][T14141] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2257.597885][T14141] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2257.605829][T14141] RBP: ffff8881ce247b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2257.613774][T14141] R10: ffffffff84800000 R11: 1ffff11039c48e00 R12: ffff8881d0502000
[ 2257.621734][T14141] R13: dffffc0000000000 R14: ffff8881d0502070 R15: 1ffff1103a0a049d
[ 2257.629686][T14141] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2257.638589][T14141] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2257.645147][T14141] CR2: 0000555555a14728 CR3: 00000001e2dc1000 CR4: 00000000003406f0
[ 2257.653093][T14141] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2257.661040][T14141] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2257.668978][T14141] Call Trace:
[ 2257.672246][T14141]  ? device_add_disk+0x30/0x30
[ 2257.676979][T14141]  ? vsprintf+0x30/0x30
[ 2257.681107][T14141]  ? device_initialize+0x1c7/0x3d0
[ 2257.686188][T14141]  ? __alloc_disk_node+0x326/0x380
[ 2257.691273][T14141]  loop_add+0x554/0x710
[ 2257.695402][T14141]  loop_control_ioctl+0x564/0x740
[ 2257.700395][T14141]  ? loop_remove+0xa0/0xa0
[ 2257.704784][T14141]  ? __lru_cache_add+0x1bf/0x210
[ 2257.709701][T14141]  ? memset+0x1f/0x40
[ 2257.713656][T14141]  ? fsnotify+0x1332/0x13f0
[ 2257.718127][T14141]  ? loop_remove+0xa0/0xa0
[ 2257.722513][T14141]  do_vfs_ioctl+0x744/0x1730
[ 2257.727085][T14141]  ? selinux_file_ioctl+0x723/0x970
[ 2257.732258][T14141]  ? ioctl_preallocate+0x250/0x250
[ 2257.737337][T14141]  ? __fget+0x40c/0x4a0
12:02:19 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 64)

12:02:19 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x40, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
utimensat(r1, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)={{0x0, 0xea60}, {0x77359400}}, 0x100) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000180)={0xb, 0x77, 0x2}, 0xb) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
write$P9_RREADLINK(r3, &(0x7f00000001c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:19 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RLCREATE(r1, &(0x7f00000005c0)={0x18, 0xf, 0x2, {{0x1, 0x3, 0x3}, 0x1}}, 0x18)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000400)='.pending_reads\x00', 0xc0100, 0x8)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f0000000440))
execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000200)='/sys/kernel/debug/binder/stats\x00'], &(0x7f00000003c0)=[&(0x7f0000000280)='@B&\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)=':\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00'], 0x100)
connect$inet6(r2, 0x0, 0x0)
mknodat(r3, &(0x7f0000000580)='.\x00', 0x1, 0x1ff)
accept$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RLCREATE(r1, &(0x7f00000005c0)={0x18, 0xf, 0x2, {{0x1, 0x3, 0x3}, 0x1}}, 0x18) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(r2, &(0x7f0000000400)='.pending_reads\x00', 0xc0100, 0x8) (async)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f0000000440)) (async)
execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000200)='/sys/kernel/debug/binder/stats\x00'], &(0x7f00000003c0)=[&(0x7f0000000280)='@B&\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)=':\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00'], 0x100) (async)
connect$inet6(r2, 0x0, 0x0) (async)
mknodat(r3, &(0x7f0000000580)='.\x00', 0x1, 0x1ff) (async)
accept$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c) (async)

[ 2257.741463][T14141]  ? fget_many+0x20/0x20
[ 2257.745676][T14141]  ? check_preemption_disabled+0x154/0x330
[ 2257.751451][T14141]  ? debug_smp_processor_id+0x20/0x20
[ 2257.756797][T14141]  ? security_file_ioctl+0x9d/0xb0
[ 2257.761878][T14141]  __x64_sys_ioctl+0xd4/0x110
[ 2257.766525][T14141]  do_syscall_64+0xcb/0x1c0
[ 2257.771003][T14141]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2257.776863][T14141] ---[ end trace 9fb896c1b706f711 ]---
12:02:19 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in6=@mcast1, @in=@broadcast}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:19 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000040)={0x0, {{0xa, 0x4e23, 0x6c3, @local, 0x2}}}, 0x88)

12:02:19 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x40, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
utimensat(r1, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)={{0x0, 0xea60}, {0x77359400}}, 0x100)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async, rerun: 64)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000180)={0xb, 0x77, 0x2}, 0xb) (async, rerun: 64)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async, rerun: 64)
write$P9_RREADLINK(r3, &(0x7f00000001c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) (async, rerun: 64)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:19 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x6041) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0) (async)
socket$inet6(0xa, 0x800, 0x4) (async)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000140)={0x400000, {{0xa, 0x4e20, 0xf87, @rand_addr=' \x01\x00', 0x5}}}, 0x88)

12:02:19 executing program 4:
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "5fae6cae3b7ebc343816174d89bd4acef73a5b6e200934b2614a435b961ffc9b7adf90417d53c3bfce036eb6afb72bc82b7e5fed4c3f81e7e974f629b02206dd", 0x3a}, 0x48, 0xfffffffffffffffe)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xd9)
linkat(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00', 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
statx(r1, &(0x7f0000000180)='./file0\x00', 0x400, 0x20, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fchownat(r4, &(0x7f0000000140)='./file0\x00', 0xee00, r5, 0x800)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r7, 0x0, 0x0)
write$cgroup_int(r7, &(0x7f00000000c0)=0x4, 0x12)
write$P9_RREMOVE(r6, 0x0, 0x0)

[ 2257.843286][T14196] FAULT_INJECTION: forcing a failure.
[ 2257.843286][T14196] name failslab, interval 1, probability 0, space 0, times 0
[ 2257.856092][T14196] CPU: 1 PID: 14196 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2257.867711][T14196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2257.877746][T14196] Call Trace:
[ 2257.881015][T14196]  dump_stack+0x1d8/0x241
[ 2257.885319][T14196]  ? panic+0x73e/0x73e
12:02:19 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RLCREATE(r1, &(0x7f00000005c0)={0x18, 0xf, 0x2, {{0x1, 0x3, 0x3}, 0x1}}, 0x18)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000400)='.pending_reads\x00', 0xc0100, 0x8)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f0000000440))
execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000200)='/sys/kernel/debug/binder/stats\x00'], &(0x7f00000003c0)=[&(0x7f0000000280)='@B&\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)=':\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00'], 0x100)
connect$inet6(r2, 0x0, 0x0)
mknodat(r3, &(0x7f0000000580)='.\x00', 0x1, 0x1ff)
accept$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RLCREATE(r1, &(0x7f00000005c0)={0x18, 0xf, 0x2, {{0x1, 0x3, 0x3}, 0x1}}, 0x18) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000540)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(r2, &(0x7f0000000400)='.pending_reads\x00', 0xc0100, 0x8) (async)
ioctl$LOOP_GET_STATUS64(r3, 0x4c05, &(0x7f0000000440)) (async)
execveat(r2, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000200)='/sys/kernel/debug/binder/stats\x00'], &(0x7f00000003c0)=[&(0x7f0000000280)='@B&\x00', &(0x7f00000002c0)='\x00', &(0x7f0000000300)=':\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='-@\xa3+\xa7\x00'], 0x100) (async)
connect$inet6(r2, 0x0, 0x0) (async)
mknodat(r3, &(0x7f0000000580)='.\x00', 0x1, 0x1ff) (async)
accept$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c) (async)

[ 2257.889357][T14196]  ? mutex_unlock+0x19/0x40
[ 2257.893833][T14196]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2257.899632][T14196]  ? selinux_kernfs_init_security+0x155/0x760
[ 2257.905680][T14196]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2257.910691][T14196]  should_fail+0x709/0x870
[ 2257.915108][T14196]  ? setup_fault_attr+0x3d0/0x3d0
[ 2257.920117][T14196]  ? _raw_spin_lock+0xa3/0x1b0
[ 2257.924876][T14196]  ? __kernfs_new_node+0xdb/0x6d0
[ 2257.929873][T14196]  should_failslab+0x5/0x20
[ 2257.934346][T14196]  kmem_cache_alloc+0x24/0x210
[ 2257.939086][T14196]  __kernfs_new_node+0xdb/0x6d0
[ 2257.943912][T14196]  ? mutex_lock+0xa6/0x110
[ 2257.948301][T14196]  ? kernfs_new_node+0x160/0x160
[ 2257.953212][T14196]  ? mutex_lock+0xa6/0x110
[ 2257.957603][T14196]  kernfs_new_node+0x95/0x160
[ 2257.962253][T14196]  __kernfs_create_file+0x45/0x260
[ 2257.967333][T14196]  sysfs_add_file_mode_ns+0x292/0x340
[ 2257.972688][T14196]  sysfs_merge_group+0x207/0x460
[ 2257.977598][T14196]  ? sysfs_remove_groups+0xb0/0xb0
[ 2257.982677][T14196]  ? device_create_file+0xe8/0x1b0
[ 2257.987757][T14196]  ? bus_add_device+0x92/0x3f0
[ 2257.992488][T14196]  dpm_sysfs_add+0xc0/0x260
[ 2257.996963][T14196]  device_add+0x547/0xbc0
[ 2258.001270][T14196]  device_create_vargs+0x1b8/0x210
[ 2258.006354][T14196]  device_create+0xea/0x130
[ 2258.010829][T14196]  ? device_create_vargs+0x210/0x210
[ 2258.016089][T14196]  bdi_register_va+0x89/0x5e0
[ 2258.020742][T14196]  bdi_register+0xd1/0x120
[ 2258.025130][T14196]  ? __device_add_disk+0x539/0x1200
[ 2258.030295][T14196]  ? bdi_register_va+0x5e0/0x5e0
[ 2258.035201][T14196]  ? percpu_ref_resurrect+0x113/0x190
[ 2258.040547][T14196]  bdi_register_owner+0x56/0xf0
[ 2258.045372][T14196]  __device_add_disk+0x5b8/0x1200
[ 2258.050365][T14196]  ? device_add_disk+0x30/0x30
[ 2258.055100][T14196]  ? vsprintf+0x30/0x30
[ 2258.059227][T14196]  ? device_initialize+0x1c7/0x3d0
[ 2258.064311][T14196]  ? __alloc_disk_node+0x326/0x380
[ 2258.069395][T14196]  loop_add+0x554/0x710
[ 2258.073533][T14196]  loop_control_ioctl+0x564/0x740
[ 2258.078535][T14196]  ? loop_remove+0xa0/0xa0
[ 2258.082923][T14196]  ? __lru_cache_add+0x1bf/0x210
[ 2258.087866][T14196]  ? memset+0x1f/0x40
[ 2258.091816][T14196]  ? fsnotify+0x1332/0x13f0
[ 2258.096297][T14196]  ? loop_remove+0xa0/0xa0
[ 2258.100695][T14196]  do_vfs_ioctl+0x744/0x1730
[ 2258.105267][T14196]  ? selinux_file_ioctl+0x723/0x970
[ 2258.110448][T14196]  ? ioctl_preallocate+0x250/0x250
[ 2258.115570][T14196]  ? __fget+0x40c/0x4a0
[ 2258.119703][T14196]  ? fget_many+0x20/0x20
[ 2258.123924][T14196]  ? check_preemption_disabled+0x154/0x330
[ 2258.129728][T14196]  ? debug_smp_processor_id+0x20/0x20
[ 2258.135070][T14196]  ? security_file_ioctl+0x9d/0xb0
[ 2258.140149][T14196]  __x64_sys_ioctl+0xd4/0x110
[ 2258.144812][T14196]  do_syscall_64+0xcb/0x1c0
[ 2258.149287][T14196]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2258.156858][T14196] ------------[ cut here ]------------
[ 2258.162329][T14196] WARNING: CPU: 1 PID: 14196 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2258.171396][T14196] Modules linked in:
[ 2258.175265][T14196] CPU: 1 PID: 14196 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2258.186852][T14196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2258.196892][T14196] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2258.202670][T14196] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2258.222252][T14196] RSP: 0018:ffff8881e063fa00 EFLAGS: 00010246
[ 2258.228295][T14196] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2258.236242][T14196] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2258.244186][T14196] RBP: ffff8881e063fb40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2258.252151][T14196] R10: ffffffff84800000 R11: 1ffff1103c0c7e00 R12: ffff8881e14d7000
[ 2258.260094][T14196] R13: dffffc0000000000 R14: ffff8881e14d7070 R15: 1ffff1103c29ae9d
[ 2258.268044][T14196] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2258.276965][T14196] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2258.283517][T14196] CR2: 00007f5fe0795ff8 CR3: 00000001eae66000 CR4: 00000000003406e0
[ 2258.291460][T14196] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2258.299404][T14196] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2258.307343][T14196] Call Trace:
[ 2258.310615][T14196]  ? device_add_disk+0x30/0x30
[ 2258.315351][T14196]  ? vsprintf+0x30/0x30
[ 2258.319476][T14196]  ? device_initialize+0x1c7/0x3d0
[ 2258.324579][T14196]  ? __alloc_disk_node+0x326/0x380
[ 2258.329664][T14196]  loop_add+0x554/0x710
[ 2258.333809][T14196]  loop_control_ioctl+0x564/0x740
[ 2258.338808][T14196]  ? loop_remove+0xa0/0xa0
[ 2258.343195][T14196]  ? __lru_cache_add+0x1bf/0x210
[ 2258.348104][T14196]  ? memset+0x1f/0x40
[ 2258.352082][T14196]  ? fsnotify+0x1332/0x13f0
[ 2258.356557][T14196]  ? loop_remove+0xa0/0xa0
[ 2258.360944][T14196]  do_vfs_ioctl+0x744/0x1730
[ 2258.365517][T14196]  ? selinux_file_ioctl+0x723/0x970
[ 2258.370682][T14196]  ? ioctl_preallocate+0x250/0x250
[ 2258.375762][T14196]  ? __fget+0x40c/0x4a0
[ 2258.379889][T14196]  ? fget_many+0x20/0x20
[ 2258.384099][T14196]  ? check_preemption_disabled+0x154/0x330
[ 2258.389873][T14196]  ? debug_smp_processor_id+0x20/0x20
12:02:19 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 65)

12:02:19 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x101082, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)
write$P9_RXATTRWALK(r0, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0xffffffff}, 0xf)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:19 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
accept$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:19 executing program 1:
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x105580)
write$9p(r0, &(0x7f0000000080)="01b0845aa45f83175a568412aabc59058288aa81fb2da19537210b4ec38c2ba4dd61ce5668b8ab17b36d89de0387263023a1791cd9f6aa9b06b9c195b6ba0239832b56e6f0620945c321f973545e651dcc9914e3933e0c6205fa93ea0497e23f540c3eab76d1c81908489be2f4d6584a82e97f4666501367e19a8a5a6412350a391bb7cf385132847786fb0d6ea2bb99ad8b3ed4c8f892e49a54d0a1c3fb8b2f1552eaa303278ae4bc", 0xa9)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00')

[ 2258.395214][T14196]  ? security_file_ioctl+0x9d/0xb0
[ 2258.400296][T14196]  __x64_sys_ioctl+0xd4/0x110
[ 2258.404946][T14196]  do_syscall_64+0xcb/0x1c0
[ 2258.409424][T14196]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2258.415294][T14196] ---[ end trace 9fb896c1b706f712 ]---
12:02:19 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
accept$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c) (async, rerun: 64)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (rerun: 64)

12:02:19 executing program 1:
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x105580)
write$9p(r0, &(0x7f0000000080)="01b0845aa45f83175a568412aabc59058288aa81fb2da19537210b4ec38c2ba4dd61ce5668b8ab17b36d89de0387263023a1791cd9f6aa9b06b9c195b6ba0239832b56e6f0620945c321f973545e651dcc9914e3933e0c6205fa93ea0497e23f540c3eab76d1c81908489be2f4d6584a82e97f4666501367e19a8a5a6412350a391bb7cf385132847786fb0d6ea2bb99ad8b3ed4c8f892e49a54d0a1c3fb8b2f1552eaa303278ae4bc", 0xa9) (async, rerun: 32)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (rerun: 32)
symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00')

12:02:19 executing program 4:
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80) (async, rerun: 64)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 64)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "5fae6cae3b7ebc343816174d89bd4acef73a5b6e200934b2614a435b961ffc9b7adf90417d53c3bfce036eb6afb72bc82b7e5fed4c3f81e7e974f629b02206dd", 0x3a}, 0x48, 0xfffffffffffffffe) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async, rerun: 64)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xd9) (async, rerun: 64)
linkat(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00', 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async, rerun: 64)
statx(r1, &(0x7f0000000180)='./file0\x00', 0x400, 0x20, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
fchownat(r4, &(0x7f0000000140)='./file0\x00', 0xee00, r5, 0x800)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r7, 0x0, 0x0) (async, rerun: 32)
write$cgroup_int(r7, &(0x7f00000000c0)=0x4, 0x12) (rerun: 32)
write$P9_RREMOVE(r6, 0x0, 0x0)

12:02:19 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
accept$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

[ 2258.464153][T14233] FAULT_INJECTION: forcing a failure.
[ 2258.464153][T14233] name failslab, interval 1, probability 0, space 0, times 0
[ 2258.479533][T14233] CPU: 1 PID: 14233 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2258.491168][T14233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2258.501203][T14233] Call Trace:
[ 2258.504469][T14233]  dump_stack+0x1d8/0x241
[ 2258.508771][T14233]  ? panic+0x73e/0x73e
[ 2258.512810][T14233]  ? mutex_unlock+0x19/0x40
[ 2258.517284][T14233]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2258.523068][T14233]  ? selinux_kernfs_init_security+0x155/0x760
[ 2258.529119][T14233]  ? idr_alloc_cyclic+0x36e/0x5e0
[ 2258.534115][T14233]  should_fail+0x709/0x870
[ 2258.538503][T14233]  ? setup_fault_attr+0x3d0/0x3d0
[ 2258.543498][T14233]  ? _raw_spin_lock+0xa3/0x1b0
[ 2258.548231][T14233]  ? __kernfs_new_node+0xdb/0x6d0
[ 2258.553222][T14233]  should_failslab+0x5/0x20
[ 2258.557693][T14233]  kmem_cache_alloc+0x24/0x210
[ 2258.562425][T14233]  __kernfs_new_node+0xdb/0x6d0
[ 2258.567244][T14233]  ? mutex_lock+0xa6/0x110
[ 2258.571636][T14233]  ? kernfs_new_node+0x160/0x160
[ 2258.576541][T14233]  ? mutex_lock+0xa6/0x110
[ 2258.580928][T14233]  kernfs_new_node+0x95/0x160
[ 2258.585579][T14233]  __kernfs_create_file+0x45/0x260
[ 2258.590659][T14233]  sysfs_add_file_mode_ns+0x292/0x340
[ 2258.595999][T14233]  sysfs_merge_group+0x207/0x460
[ 2258.600906][T14233]  ? sysfs_remove_groups+0xb0/0xb0
[ 2258.605993][T14233]  ? device_create_file+0xe8/0x1b0
[ 2258.611102][T14233]  ? bus_add_device+0x92/0x3f0
[ 2258.615834][T14233]  dpm_sysfs_add+0xc0/0x260
[ 2258.620310][T14233]  device_add+0x547/0xbc0
[ 2258.624612][T14233]  device_create_vargs+0x1b8/0x210
[ 2258.629691][T14233]  device_create+0xea/0x130
[ 2258.634163][T14233]  ? device_create_vargs+0x210/0x210
[ 2258.639418][T14233]  bdi_register_va+0x89/0x5e0
[ 2258.644069][T14233]  bdi_register+0xd1/0x120
[ 2258.648455][T14233]  ? __device_add_disk+0x539/0x1200
[ 2258.653623][T14233]  ? bdi_register_va+0x5e0/0x5e0
[ 2258.658533][T14233]  ? percpu_ref_resurrect+0x113/0x190
[ 2258.663874][T14233]  bdi_register_owner+0x56/0xf0
[ 2258.668697][T14233]  __device_add_disk+0x5b8/0x1200
[ 2258.673694][T14233]  ? device_add_disk+0x30/0x30
[ 2258.678428][T14233]  ? vsprintf+0x30/0x30
[ 2258.682551][T14233]  ? device_initialize+0x1c7/0x3d0
[ 2258.687633][T14233]  ? __alloc_disk_node+0x326/0x380
[ 2258.692740][T14233]  loop_add+0x554/0x710
[ 2258.696867][T14233]  loop_control_ioctl+0x564/0x740
[ 2258.701860][T14233]  ? loop_remove+0xa0/0xa0
[ 2258.706272][T14233]  ? __lru_cache_add+0x1bf/0x210
[ 2258.711179][T14233]  ? memset+0x1f/0x40
[ 2258.715134][T14233]  ? fsnotify+0x1332/0x13f0
[ 2258.719608][T14233]  ? loop_remove+0xa0/0xa0
[ 2258.723993][T14233]  do_vfs_ioctl+0x744/0x1730
[ 2258.728555][T14233]  ? selinux_file_ioctl+0x723/0x970
[ 2258.733750][T14233]  ? ioctl_preallocate+0x250/0x250
[ 2258.738830][T14233]  ? __fget+0x40c/0x4a0
[ 2258.742957][T14233]  ? fget_many+0x20/0x20
[ 2258.747202][T14233]  ? check_preemption_disabled+0x154/0x330
[ 2258.752977][T14233]  ? debug_smp_processor_id+0x20/0x20
[ 2258.758343][T14233]  ? security_file_ioctl+0x9d/0xb0
12:02:20 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f00000014c0), 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

[ 2258.763424][T14233]  __x64_sys_ioctl+0xd4/0x110
[ 2258.768073][T14233]  do_syscall_64+0xcb/0x1c0
[ 2258.772550][T14233]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2258.779209][T14233] ------------[ cut here ]------------
[ 2258.784689][T14233] WARNING: CPU: 0 PID: 14233 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[ 2258.793775][T14233] Modules linked in:
[ 2258.797664][T14233] CPU: 0 PID: 14233 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2258.809255][T14233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2258.819294][T14233] RIP: 0010:__device_add_disk+0xe83/0x1200
[ 2258.825067][T14233] Code: ff ff e8 f0 b3 45 ff 0f 0b e9 29 f3 ff ff e8 e4 b3 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 cd b3 45 ff <0f> 0b e9 46 f7 ff ff e8 c1 b3 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[ 2258.844640][T14233] RSP: 0018:ffff8881e70d7a00 EFLAGS: 00010246
[ 2258.850676][T14233] RAX: ffffffff821f9753 RBX: 00000000fffffff4 RCX: 0000000000040000
[ 2258.858620][T14233] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2258.866561][T14233] RBP: ffff8881e70d7b40 R08: ffffffff821f8e93 R09: 0000000000000010
[ 2258.874503][T14233] R10: ffffffff84800000 R11: 1ffff1103ce1ae00 R12: ffff8881e80ee000
[ 2258.882443][T14233] R13: dffffc0000000000 R14: ffff8881e80ee070 R15: 1ffff1103d01dc9d
[ 2258.890387][T14233] FS:  00007f5fe0796700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2258.899285][T14233] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2258.905837][T14233] CR2: 00007fdebbe0c718 CR3: 00000001f29e3000 CR4: 00000000003406f0
[ 2258.913780][T14233] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2258.921721][T14233] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2258.929661][T14233] Call Trace:
[ 2258.932925][T14233]  ? device_add_disk+0x30/0x30
[ 2258.937659][T14233]  ? vsprintf+0x30/0x30
[ 2258.941785][T14233]  ? device_initialize+0x1c7/0x3d0
[ 2258.946866][T14233]  ? __alloc_disk_node+0x326/0x380
[ 2258.951950][T14233]  loop_add+0x554/0x710
[ 2258.956080][T14233]  loop_control_ioctl+0x564/0x740
[ 2258.961073][T14233]  ? loop_remove+0xa0/0xa0
[ 2258.965489][T14233]  ? __lru_cache_add+0x1bf/0x210
[ 2258.970410][T14233]  ? memset+0x1f/0x40
[ 2258.974376][T14233]  ? fsnotify+0x1332/0x13f0
[ 2258.978856][T14233]  ? loop_remove+0xa0/0xa0
[ 2258.983273][T14233]  do_vfs_ioctl+0x744/0x1730
[ 2258.987838][T14233]  ? selinux_file_ioctl+0x723/0x970
[ 2258.993005][T14233]  ? ioctl_preallocate+0x250/0x250
[ 2258.998089][T14233]  ? __fget+0x40c/0x4a0
[ 2259.002214][T14233]  ? fget_many+0x20/0x20
[ 2259.006425][T14233]  ? check_preemption_disabled+0x154/0x330
12:02:20 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 66)

12:02:20 executing program 1:
r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x105580)
write$9p(r0, &(0x7f0000000080)="01b0845aa45f83175a568412aabc59058288aa81fb2da19537210b4ec38c2ba4dd61ce5668b8ab17b36d89de0387263023a1791cd9f6aa9b06b9c195b6ba0239832b56e6f0620945c321f973545e651dcc9914e3933e0c6205fa93ea0497e23f540c3eab76d1c81908489be2f4d6584a82e97f4666501367e19a8a5a6412350a391bb7cf385132847786fb0d6ea2bb99ad8b3ed4c8f892e49a54d0a1c3fb8b2f1552eaa303278ae4bc", 0xa9)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00')
syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x105580) (async)
write$9p(r0, &(0x7f0000000080)="01b0845aa45f83175a568412aabc59058288aa81fb2da19537210b4ec38c2ba4dd61ce5668b8ab17b36d89de0387263023a1791cd9f6aa9b06b9c195b6ba0239832b56e6f0620945c321f973545e651dcc9914e3933e0c6205fa93ea0497e23f540c3eab76d1c81908489be2f4d6584a82e97f4666501367e19a8a5a6412350a391bb7cf385132847786fb0d6ea2bb99ad8b3ed4c8f892e49a54d0a1c3fb8b2f1552eaa303278ae4bc", 0xa9) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00') (async)

12:02:20 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x101082, 0x0) (async)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0) (async)
write$P9_RXATTRWALK(r0, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0xffffffff}, 0xf)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2259.012200][T14233]  ? debug_smp_processor_id+0x20/0x20
[ 2259.017542][T14233]  ? security_file_ioctl+0x9d/0xb0
[ 2259.022630][T14233]  __x64_sys_ioctl+0xd4/0x110
[ 2259.027278][T14233]  do_syscall_64+0xcb/0x1c0
[ 2259.031753][T14233]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2259.037615][T14233] ---[ end trace 9fb896c1b706f713 ]---
12:02:20 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$bsg(0xffffffffffffff9c, &(0x7f00000014c0), 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

12:02:20 executing program 0:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x101082, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)
write$P9_RXATTRWALK(r0, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0xffffffff}, 0xf)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x101082, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0) (async)
write$P9_RXATTRWALK(r0, &(0x7f0000000200)={0xf, 0x1f, 0x2, 0xffffffff}, 0xf) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:20 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000040), 0x80)

12:02:20 executing program 3:
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f00000014c0), 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

[ 2259.103973][T14269] FAULT_INJECTION: forcing a failure.
[ 2259.103973][T14269] name failslab, interval 1, probability 0, space 0, times 0
[ 2259.117328][T14269] CPU: 0 PID: 14269 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2259.129133][T14269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2259.139173][T14269] Call Trace:
[ 2259.142442][T14269]  dump_stack+0x1d8/0x241
[ 2259.146823][T14269]  ? panic+0x73e/0x73e
12:02:20 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1d, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x8c02, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x1c7, 0x50080)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
write$P9_RXATTRCREATE(r4, &(0x7f0000000200)={0x7, 0x21, 0x1}, 0x7)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp=r3, 0x2}, 0x20)

[ 2259.150866][T14269]  ? bdi_register_owner+0x56/0xf0
[ 2259.155867][T14269]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2259.161678][T14269]  ? do_vfs_ioctl+0x744/0x1730
[ 2259.166431][T14269]  ? do_syscall_64+0xcb/0x1c0
[ 2259.171105][T14269]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2259.177182][T14269]  should_fail+0x709/0x870
[ 2259.181592][T14269]  ? setup_fault_attr+0x3d0/0x3d0
[ 2259.186588][T14269]  ? kobject_get_path+0xbb/0x1a0
[ 2259.191528][T14269]  should_failslab+0x5/0x20
[ 2259.196047][T14269]  __kmalloc+0x51/0x2b0
[ 2259.200175][T14269]  kobject_get_path+0xbb/0x1a0
[ 2259.204913][T14269]  kobject_uevent_env+0x284/0x700
[ 2259.209944][T14269]  device_add+0x7a7/0xbc0
[ 2259.214261][T14269]  device_create_vargs+0x1b8/0x210
[ 2259.219357][T14269]  device_create+0xea/0x130
[ 2259.223849][T14269]  ? device_create_vargs+0x210/0x210
[ 2259.229123][T14269]  bdi_register_va+0x89/0x5e0
[ 2259.233788][T14269]  bdi_register+0xd1/0x120
[ 2259.238179][T14269]  ? __device_add_disk+0x539/0x1200
[ 2259.243348][T14269]  ? bdi_register_va+0x5e0/0x5e0
[ 2259.248257][T14269]  ? percpu_ref_resurrect+0x113/0x190
[ 2259.253597][T14269]  bdi_register_owner+0x56/0xf0
[ 2259.258418][T14269]  __device_add_disk+0x5b8/0x1200
[ 2259.263411][T14269]  ? device_add_disk+0x30/0x30
[ 2259.268145][T14269]  ? vsprintf+0x30/0x30
[ 2259.272272][T14269]  ? device_initialize+0x1c7/0x3d0
[ 2259.277352][T14269]  ? __alloc_disk_node+0x326/0x380
[ 2259.282453][T14269]  loop_add+0x554/0x710
[ 2259.286584][T14269]  loop_control_ioctl+0x564/0x740
[ 2259.291583][T14269]  ? loop_remove+0xa0/0xa0
[ 2259.295973][T14269]  ? __lru_cache_add+0x1bf/0x210
[ 2259.300893][T14269]  ? memset+0x1f/0x40
[ 2259.304853][T14269]  ? fsnotify+0x1332/0x13f0
[ 2259.309356][T14269]  ? loop_remove+0xa0/0xa0
[ 2259.313743][T14269]  do_vfs_ioctl+0x744/0x1730
[ 2259.318306][T14269]  ? selinux_file_ioctl+0x723/0x970
[ 2259.323473][T14269]  ? ioctl_preallocate+0x250/0x250
[ 2259.328837][T14269]  ? __fget+0x40c/0x4a0
[ 2259.332982][T14269]  ? fget_many+0x20/0x20
[ 2259.337196][T14269]  ? check_preemption_disabled+0x154/0x330
[ 2259.342975][T14269]  ? debug_smp_processor_id+0x20/0x20
[ 2259.348318][T14269]  ? security_file_ioctl+0x9d/0xb0
12:02:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))

12:02:20 executing program 4:
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "5fae6cae3b7ebc343816174d89bd4acef73a5b6e200934b2614a435b961ffc9b7adf90417d53c3bfce036eb6afb72bc82b7e5fed4c3f81e7e974f629b02206dd", 0x3a}, 0x48, 0xfffffffffffffffe)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r3, 0xd9) (async)
linkat(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00', 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
statx(r1, &(0x7f0000000180)='./file0\x00', 0x400, 0x20, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fchownat(r4, &(0x7f0000000140)='./file0\x00', 0xee00, r5, 0x800) (async)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r7, 0x0, 0x0)
write$cgroup_int(r7, &(0x7f00000000c0)=0x4, 0x12) (async)
write$P9_RREMOVE(r6, 0x0, 0x0)

12:02:20 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 67)

12:02:20 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000040), 0x80)

12:02:20 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'mangle\x00', 0x0, [0x2, 0x4, 0x7, 0xffffffff, 0x80000001]}, &(0x7f0000000000)=0x54)

[ 2259.353398][T14269]  __x64_sys_ioctl+0xd4/0x110
[ 2259.358074][T14269]  do_syscall_64+0xcb/0x1c0
[ 2259.362552][T14269]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:20 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1d, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x8c02, 0x0) (async)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x1c7, 0x50080) (async, rerun: 32)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r4, 0x0, 0x0)
write$P9_RXATTRCREATE(r4, &(0x7f0000000200)={0x7, 0x21, 0x1}, 0x7) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp=r3, 0x2}, 0x20)

12:02:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))

12:02:20 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000040), 0x80)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
pipe2$watch_queue(&(0x7f0000000040), 0x80) (async)

[ 2259.431086][T14309] FAULT_INJECTION: forcing a failure.
[ 2259.431086][T14309] name failslab, interval 1, probability 0, space 0, times 0
[ 2259.445160][T14309] CPU: 0 PID: 14309 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2259.456791][T14309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2259.466846][T14309] Call Trace:
[ 2259.470114][T14309]  dump_stack+0x1d8/0x241
[ 2259.474413][T14309]  ? panic+0x73e/0x73e
[ 2259.478451][T14309]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2259.484228][T14309]  should_fail+0x709/0x870
[ 2259.488615][T14309]  ? setup_fault_attr+0x3d0/0x3d0
[ 2259.493612][T14309]  ? alloc_uevent_skb+0x73/0x220
[ 2259.498517][T14309]  should_failslab+0x5/0x20
[ 2259.502989][T14309]  __kmalloc_track_caller+0x4f/0x280
[ 2259.508245][T14309]  ? kmem_cache_alloc+0xd0/0x210
[ 2259.513148][T14309]  ? alloc_uevent_skb+0x73/0x220
[ 2259.518053][T14309]  __alloc_skb+0xb5/0x4d0
[ 2259.522371][T14309]  alloc_uevent_skb+0x73/0x220
[ 2259.527106][T14309]  kobject_uevent_net_broadcast+0x2f3/0x570
[ 2259.532971][T14309]  ? kobject_get_path+0x17b/0x1a0
[ 2259.537966][T14309]  kobject_uevent_env+0x552/0x700
[ 2259.542966][T14309]  device_add+0x7a7/0xbc0
[ 2259.547265][T14309]  device_create_vargs+0x1b8/0x210
[ 2259.552365][T14309]  device_create+0xea/0x130
[ 2259.556840][T14309]  ? device_create_vargs+0x210/0x210
[ 2259.562097][T14309]  bdi_register_va+0x89/0x5e0
[ 2259.566743][T14309]  bdi_register+0xd1/0x120
[ 2259.571131][T14309]  ? __device_add_disk+0x539/0x1200
[ 2259.576297][T14309]  ? bdi_register_va+0x5e0/0x5e0
[ 2259.581203][T14309]  ? percpu_ref_resurrect+0x113/0x190
[ 2259.586547][T14309]  bdi_register_owner+0x56/0xf0
[ 2259.591372][T14309]  __device_add_disk+0x5b8/0x1200
[ 2259.596384][T14309]  ? device_add_disk+0x30/0x30
[ 2259.601116][T14309]  ? vsprintf+0x30/0x30
[ 2259.605240][T14309]  ? device_initialize+0x1c7/0x3d0
[ 2259.610346][T14309]  ? __alloc_disk_node+0x326/0x380
[ 2259.615429][T14309]  loop_add+0x554/0x710
[ 2259.619561][T14309]  loop_control_ioctl+0x564/0x740
[ 2259.624557][T14309]  ? loop_remove+0xa0/0xa0
[ 2259.628941][T14309]  ? __lru_cache_add+0x1bf/0x210
[ 2259.633844][T14309]  ? memset+0x1f/0x40
[ 2259.637793][T14309]  ? fsnotify+0x1332/0x13f0
[ 2259.642264][T14309]  ? loop_remove+0xa0/0xa0
[ 2259.646653][T14309]  do_vfs_ioctl+0x744/0x1730
[ 2259.651215][T14309]  ? selinux_file_ioctl+0x723/0x970
[ 2259.656381][T14309]  ? ioctl_preallocate+0x250/0x250
[ 2259.661463][T14309]  ? __fget+0x40c/0x4a0
[ 2259.665584][T14309]  ? fget_many+0x20/0x20
[ 2259.669799][T14309]  ? check_preemption_disabled+0x154/0x330
[ 2259.675572][T14309]  ? debug_smp_processor_id+0x20/0x20
12:02:21 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
utimensat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x77359400}, {0x0, 0x2710}}, 0x100)
r1 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r1, 0x0, 0x0)

12:02:21 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 68)

[ 2259.680911][T14309]  ? security_file_ioctl+0x9d/0xb0
[ 2259.685991][T14309]  __x64_sys_ioctl+0xd4/0x110
[ 2259.690648][T14309]  do_syscall_64+0xcb/0x1c0
[ 2259.695122][T14309]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:21 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1d, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x8c02, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000180), 0x1c7, 0x50080)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
write$P9_RXATTRCREATE(r4, &(0x7f0000000200)={0x7, 0x21, 0x1}, 0x7)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp=r3, 0x2}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1d, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000001c0), 0x8c02, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000180), 0x1c7, 0x50080) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
write$P9_RXATTRCREATE(r4, &(0x7f0000000200)={0x7, 0x21, 0x1}, 0x7) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp=r3, 0x2}, 0x20) (async)

12:02:21 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (rerun: 64)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async, rerun: 32)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'mangle\x00', 0x0, [0x2, 0x4, 0x7, 0xffffffff, 0x80000001]}, &(0x7f0000000000)=0x54) (rerun: 32)

12:02:21 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
utimensat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x77359400}, {0x0, 0x2710}}, 0x100) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r1, 0x0, 0x0)

12:02:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000040)) (async)

12:02:21 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

[ 2259.756341][T14328] FAULT_INJECTION: forcing a failure.
[ 2259.756341][T14328] name failslab, interval 1, probability 0, space 0, times 0
[ 2259.773425][T14328] CPU: 1 PID: 14328 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2259.785068][T14328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2259.795101][T14328] Call Trace:
[ 2259.798545][T14328]  dump_stack+0x1d8/0x241
[ 2259.802849][T14328]  ? panic+0x73e/0x73e
[ 2259.806885][T14328]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2259.812667][T14328]  should_fail+0x709/0x870
[ 2259.817053][T14328]  ? setup_fault_attr+0x3d0/0x3d0
[ 2259.822049][T14328]  ? alloc_uevent_skb+0x73/0x220
[ 2259.826954][T14328]  should_failslab+0x5/0x20
[ 2259.831426][T14328]  __kmalloc_track_caller+0x4f/0x280
[ 2259.836683][T14328]  ? kmem_cache_alloc+0xd0/0x210
[ 2259.841592][T14328]  ? alloc_uevent_skb+0x73/0x220
[ 2259.846505][T14328]  __alloc_skb+0xb5/0x4d0
[ 2259.850814][T14328]  alloc_uevent_skb+0x73/0x220
[ 2259.855552][T14328]  kobject_uevent_net_broadcast+0x2f3/0x570
[ 2259.861413][T14328]  ? kobject_get_path+0x17b/0x1a0
[ 2259.866406][T14328]  kobject_uevent_env+0x552/0x700
[ 2259.871402][T14328]  device_add+0x7a7/0xbc0
[ 2259.875701][T14328]  device_create_vargs+0x1b8/0x210
[ 2259.880783][T14328]  device_create+0xea/0x130
[ 2259.885257][T14328]  ? device_create_vargs+0x210/0x210
[ 2259.890510][T14328]  bdi_register_va+0x89/0x5e0
[ 2259.895154][T14328]  bdi_register+0xd1/0x120
[ 2259.899542][T14328]  ? __device_add_disk+0x539/0x1200
[ 2259.904716][T14328]  ? bdi_register_va+0x5e0/0x5e0
[ 2259.909625][T14328]  ? percpu_ref_resurrect+0x113/0x190
[ 2259.914968][T14328]  bdi_register_owner+0x56/0xf0
[ 2259.919795][T14328]  __device_add_disk+0x5b8/0x1200
[ 2259.924798][T14328]  ? device_add_disk+0x30/0x30
[ 2259.929535][T14328]  ? vsprintf+0x30/0x30
[ 2259.933667][T14328]  ? device_initialize+0x1c7/0x3d0
[ 2259.938750][T14328]  ? __alloc_disk_node+0x326/0x380
[ 2259.943830][T14328]  loop_add+0x554/0x710
[ 2259.947961][T14328]  loop_control_ioctl+0x564/0x740
[ 2259.952954][T14328]  ? loop_remove+0xa0/0xa0
[ 2259.957340][T14328]  ? memset+0x1f/0x40
[ 2259.961297][T14328]  ? fsnotify+0x1332/0x13f0
[ 2259.965769][T14328]  ? loop_remove+0xa0/0xa0
[ 2259.970154][T14328]  do_vfs_ioctl+0x744/0x1730
[ 2259.974714][T14328]  ? selinux_file_ioctl+0x723/0x970
[ 2259.979883][T14328]  ? ioctl_preallocate+0x250/0x250
[ 2259.984963][T14328]  ? __fget+0x40c/0x4a0
[ 2259.989087][T14328]  ? fget_many+0x20/0x20
[ 2259.993335][T14328]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 2259.998879][T14328]  ? security_file_ioctl+0x9d/0xb0
12:02:21 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)={'mangle\x00', 0x0, [0x2, 0x4, 0x7, 0xffffffff, 0x80000001]}, &(0x7f0000000000)=0x54)

12:02:21 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x88000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r3, 0x5521)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:21 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 69)

12:02:21 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

12:02:21 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x20000000000003, 0x40000)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xdea2, 0x2, 0x0, 0x6, 0x12, 0x3c, "019554cf37baa4c1ae5ee865907d60bfb9222a269d2d75617fdc9b3f501f50193857b51a57d28c170dc131fdab6a45f8838f2edc1ea8359517639a078f087184", "9d898ab4955b6d359e7c047ebcb55a9e583efa611770bfaf8bc8bfdbfa90a4916119ea5ad77d37fbfe3819d2f188b54741e8333346d66710a06edb9a706d700c", "054f00e73c4345f727f90e874c0c6fd5dca6600c2501f39c95993af99ba2d4d4", [0x1, 0xfffffffffffffff9]})

12:02:21 executing program 4:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
utimensat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={{0x77359400}, {0x0, 0x2710}}, 0x100) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r1, 0x0, 0x0)

[ 2260.003970][T14328]  __x64_sys_ioctl+0xd4/0x110
[ 2260.008624][T14328]  do_syscall_64+0xcb/0x1c0
[ 2260.013107][T14328]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:21 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x88000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r3, 0x5521) (async, rerun: 32)
connect$inet6(r2, 0x0, 0x0) (rerun: 32)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:21 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\b'], &(0x7f0000000140), 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2260.069149][T14362] FAULT_INJECTION: forcing a failure.
[ 2260.069149][T14362] name failslab, interval 1, probability 0, space 0, times 0
[ 2260.083199][T14362] CPU: 0 PID: 14362 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2260.094828][T14362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2260.104861][T14362] Call Trace:
[ 2260.108132][T14362]  dump_stack+0x1d8/0x241
[ 2260.112441][T14362]  ? panic+0x73e/0x73e
[ 2260.116482][T14362]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2260.122346][T14362]  ? __lookup_slow+0x340/0x450
[ 2260.127081][T14362]  should_fail+0x709/0x870
[ 2260.131467][T14362]  ? setup_fault_attr+0x3d0/0x3d0
[ 2260.136463][T14362]  ? lookup_one_len+0x426/0x680
[ 2260.141284][T14362]  ? new_inode_pseudo+0x78/0x210
[ 2260.146190][T14362]  should_failslab+0x5/0x20
[ 2260.150670][T14362]  kmem_cache_alloc+0x24/0x210
[ 2260.155408][T14362]  new_inode_pseudo+0x78/0x210
[ 2260.160140][T14362]  new_inode+0x25/0x1d0
[ 2260.164268][T14362]  ? start_creating+0x183/0x270
[ 2260.169087][T14362]  debugfs_create_dir+0x66/0x380
[ 2260.173992][T14362]  bdi_register_va+0x232/0x5e0
[ 2260.178728][T14362]  bdi_register+0xd1/0x120
[ 2260.183114][T14362]  ? __device_add_disk+0x539/0x1200
[ 2260.188295][T14362]  ? bdi_register_va+0x5e0/0x5e0
[ 2260.193231][T14362]  ? percpu_ref_resurrect+0x113/0x190
[ 2260.198579][T14362]  bdi_register_owner+0x56/0xf0
[ 2260.203409][T14362]  __device_add_disk+0x5b8/0x1200
[ 2260.208415][T14362]  ? device_add_disk+0x30/0x30
[ 2260.213146][T14362]  ? vsprintf+0x30/0x30
[ 2260.217272][T14362]  ? device_initialize+0x1c7/0x3d0
[ 2260.222353][T14362]  ? __alloc_disk_node+0x326/0x380
[ 2260.227436][T14362]  loop_add+0x554/0x710
[ 2260.231576][T14362]  loop_control_ioctl+0x564/0x740
[ 2260.236577][T14362]  ? loop_remove+0xa0/0xa0
[ 2260.240963][T14362]  ? __lru_cache_add+0x1bf/0x210
[ 2260.245868][T14362]  ? memset+0x1f/0x40
[ 2260.249819][T14362]  ? fsnotify+0x1332/0x13f0
[ 2260.254292][T14362]  ? loop_remove+0xa0/0xa0
[ 2260.258677][T14362]  do_vfs_ioctl+0x744/0x1730
[ 2260.263244][T14362]  ? selinux_file_ioctl+0x723/0x970
[ 2260.268414][T14362]  ? ioctl_preallocate+0x250/0x250
[ 2260.273493][T14362]  ? __fget+0x40c/0x4a0
[ 2260.277617][T14362]  ? fget_many+0x20/0x20
[ 2260.281831][T14362]  ? check_preemption_disabled+0x154/0x330
[ 2260.287606][T14362]  ? debug_smp_processor_id+0x20/0x20
[ 2260.292945][T14362]  ? security_file_ioctl+0x9d/0xb0
[ 2260.298022][T14362]  __x64_sys_ioctl+0xd4/0x110
[ 2260.302673][T14362]  do_syscall_64+0xcb/0x1c0
[ 2260.307146][T14362]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:21 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 70)

12:02:21 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) (async)

12:02:21 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x0)

[ 2260.313286][T14362] debugfs: out of free dentries, can not create directory '7:0'
12:02:21 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x88000, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r3, 0x5521) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:21 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x20000000000003, 0x40000)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xdea2, 0x2, 0x0, 0x6, 0x12, 0x3c, "019554cf37baa4c1ae5ee865907d60bfb9222a269d2d75617fdc9b3f501f50193857b51a57d28c170dc131fdab6a45f8838f2edc1ea8359517639a078f087184", "9d898ab4955b6d359e7c047ebcb55a9e583efa611770bfaf8bc8bfdbfa90a4916119ea5ad77d37fbfe3819d2f188b54741e8333346d66710a06edb9a706d700c", "054f00e73c4345f727f90e874c0c6fd5dca6600c2501f39c95993af99ba2d4d4", [0x1, 0xfffffffffffffff9]})

12:02:21 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\b'], &(0x7f0000000140), 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:21 executing program 5:
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:21 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r1, 0x0, 0x0) (async)
write$P9_RREMOVE(r1, 0x0, 0x0) (async)

[ 2260.376050][T14385] FAULT_INJECTION: forcing a failure.
[ 2260.376050][T14385] name failslab, interval 1, probability 0, space 0, times 0
[ 2260.389218][T14385] CPU: 1 PID: 14385 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2260.400846][T14385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2260.410882][T14385] Call Trace:
[ 2260.414151][T14385]  dump_stack+0x1d8/0x241
[ 2260.418452][T14385]  ? panic+0x73e/0x73e
[ 2260.422490][T14385]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2260.428266][T14385]  ? vsnprintf+0x1cd0/0x1cd0
[ 2260.432824][T14385]  ? bdi_register_va+0x89/0x5e0
[ 2260.437642][T14385]  ? bdi_register_owner+0x56/0xf0
[ 2260.442641][T14385]  ? __device_add_disk+0x5b8/0x1200
[ 2260.447811][T14385]  ? loop_add+0x554/0x710
[ 2260.452110][T14385]  should_fail+0x709/0x870
[ 2260.456497][T14385]  ? setup_fault_attr+0x3d0/0x3d0
[ 2260.461501][T14385]  ? skb_clone+0x1b7/0x380
[ 2260.465889][T14385]  should_failslab+0x5/0x20
[ 2260.470362][T14385]  kmem_cache_alloc+0x24/0x210
[ 2260.475097][T14385]  skb_clone+0x1b7/0x380
[ 2260.479311][T14385]  ? netlink_broadcast_filtered+0x64d/0x11d0
[ 2260.485257][T14385]  netlink_broadcast_filtered+0x65b/0x11d0
[ 2260.491034][T14385]  netlink_broadcast+0x35/0x50
[ 2260.495795][T14385]  kobject_uevent_net_broadcast+0x385/0x570
[ 2260.501657][T14385]  kobject_uevent_env+0x552/0x700
[ 2260.506654][T14385]  device_add+0x7a7/0xbc0
[ 2260.510956][T14385]  device_create_vargs+0x1b8/0x210
[ 2260.516040][T14385]  device_create+0xea/0x130
[ 2260.520514][T14385]  ? device_create_vargs+0x210/0x210
[ 2260.525771][T14385]  bdi_register_va+0x89/0x5e0
[ 2260.530422][T14385]  bdi_register+0xd1/0x120
[ 2260.534810][T14385]  ? __device_add_disk+0x539/0x1200
[ 2260.539976][T14385]  ? bdi_register_va+0x5e0/0x5e0
[ 2260.544881][T14385]  ? percpu_ref_resurrect+0x113/0x190
[ 2260.550221][T14385]  bdi_register_owner+0x56/0xf0
[ 2260.555047][T14385]  __device_add_disk+0x5b8/0x1200
[ 2260.560042][T14385]  ? device_add_disk+0x30/0x30
[ 2260.564786][T14385]  ? vsprintf+0x30/0x30
[ 2260.568919][T14385]  ? device_initialize+0x1c7/0x3d0
[ 2260.574001][T14385]  ? __alloc_disk_node+0x326/0x380
[ 2260.579081][T14385]  loop_add+0x554/0x710
[ 2260.583213][T14385]  loop_control_ioctl+0x564/0x740
[ 2260.588215][T14385]  ? loop_remove+0xa0/0xa0
[ 2260.592599][T14385]  ? __lru_cache_add+0x1bf/0x210
[ 2260.597506][T14385]  ? memset+0x1f/0x40
[ 2260.601459][T14385]  ? fsnotify+0x1332/0x13f0
[ 2260.605929][T14385]  ? loop_remove+0xa0/0xa0
[ 2260.610313][T14385]  do_vfs_ioctl+0x744/0x1730
[ 2260.614874][T14385]  ? selinux_file_ioctl+0x723/0x970
[ 2260.620041][T14385]  ? ioctl_preallocate+0x250/0x250
12:02:21 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 71)

12:02:22 executing program 5:
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000040)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:22 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\b'], &(0x7f0000000140), 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:22 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x2080, 0x20)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f00000001c0)={@id={0x2, 0x0, @d}})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x8008551d, &(0x7f0000000200)={0xefe, 0x1b, [{0x5}, {0xf}, {0x1}, {0x5, 0x1}, {0xf, 0x1}, {0xa, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0xe}, {0x6}, {0x7}, {0xd}, {0xf, 0x1}, {0x4}, {0x8, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0xc}, {0x7}, {0xa}, {0x1}, {0xc, 0x1}, {0x5, 0x1}, {}, {0x4}, {0xf}, {0x5, 0x1}]})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
symlinkat(&(0x7f0000000240)='./file0\x00', r5, &(0x7f00000002c0)='./file0\x00')

12:02:22 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x20000000000003, 0x40000)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xdea2, 0x2, 0x0, 0x6, 0x12, 0x3c, "019554cf37baa4c1ae5ee865907d60bfb9222a269d2d75617fdc9b3f501f50193857b51a57d28c170dc131fdab6a45f8838f2edc1ea8359517639a078f087184", "9d898ab4955b6d359e7c047ebcb55a9e583efa611770bfaf8bc8bfdbfa90a4916119ea5ad77d37fbfe3819d2f188b54741e8333346d66710a06edb9a706d700c", "054f00e73c4345f727f90e874c0c6fd5dca6600c2501f39c95993af99ba2d4d4", [0x1, 0xfffffffffffffff9]})
syz_open_dev$loop(&(0x7f0000000000), 0x20000000000003, 0x40000) (async)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xdea2, 0x2, 0x0, 0x6, 0x12, 0x3c, "019554cf37baa4c1ae5ee865907d60bfb9222a269d2d75617fdc9b3f501f50193857b51a57d28c170dc131fdab6a45f8838f2edc1ea8359517639a078f087184", "9d898ab4955b6d359e7c047ebcb55a9e583efa611770bfaf8bc8bfdbfa90a4916119ea5ad77d37fbfe3819d2f188b54741e8333346d66710a06edb9a706d700c", "054f00e73c4345f727f90e874c0c6fd5dca6600c2501f39c95993af99ba2d4d4", [0x1, 0xfffffffffffffff9]}) (async)

[ 2260.625122][T14385]  ? __fget+0x40c/0x4a0
[ 2260.629247][T14385]  ? fget_many+0x20/0x20
[ 2260.633460][T14385]  ? check_preemption_disabled+0x154/0x330
[ 2260.639236][T14385]  ? debug_smp_processor_id+0x20/0x20
[ 2260.644577][T14385]  ? security_file_ioctl+0x9d/0xb0
[ 2260.649658][T14385]  __x64_sys_ioctl+0xd4/0x110
[ 2260.654305][T14385]  do_syscall_64+0xcb/0x1c0
[ 2260.658779][T14385]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:22 executing program 4:
socket$igmp6(0xa, 0x3, 0x2) (async)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RREMOVE(r1, 0x0, 0x0)

12:02:22 executing program 5:
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000040)) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)

12:02:22 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x2080, 0x20)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f00000001c0)={@id={0x2, 0x0, @d}})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x8008551d, &(0x7f0000000200)={0xefe, 0x1b, [{0x5}, {0xf}, {0x1}, {0x5, 0x1}, {0xf, 0x1}, {0xa, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0xe}, {0x6}, {0x7}, {0xd}, {0xf, 0x1}, {0x4}, {0x8, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0xc}, {0x7}, {0xa}, {0x1}, {0xc, 0x1}, {0x5, 0x1}, {}, {0x4}, {0xf}, {0x5, 0x1}]})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
symlinkat(&(0x7f0000000240)='./file0\x00', r5, &(0x7f00000002c0)='./file0\x00')
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x2080, 0x20) (async)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f00000001c0)={@id={0x2, 0x0, @d}}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x8008551d, &(0x7f0000000200)={0xefe, 0x1b, [{0x5}, {0xf}, {0x1}, {0x5, 0x1}, {0xf, 0x1}, {0xa, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0xe}, {0x6}, {0x7}, {0xd}, {0xf, 0x1}, {0x4}, {0x8, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0xc}, {0x7}, {0xa}, {0x1}, {0xc, 0x1}, {0x5, 0x1}, {}, {0x4}, {0xf}, {0x5, 0x1}]}) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
pipe2$watch_queue(&(0x7f0000000280), 0x80) (async)
symlinkat(&(0x7f0000000240)='./file0\x00', r5, &(0x7f00000002c0)='./file0\x00') (async)

[ 2260.731695][T14418] FAULT_INJECTION: forcing a failure.
[ 2260.731695][T14418] name failslab, interval 1, probability 0, space 0, times 0
[ 2260.746238][T14418] CPU: 0 PID: 14418 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2260.757874][T14418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2260.767928][T14418] Call Trace:
[ 2260.771220][T14418]  dump_stack+0x1d8/0x241
[ 2260.775552][T14418]  ? panic+0x73e/0x73e
[ 2260.779615][T14418]  ? do_vfs_ioctl+0x744/0x1730
[ 2260.784372][T14418]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2260.790178][T14418]  should_fail+0x709/0x870
[ 2260.794586][T14418]  ? setup_fault_attr+0x3d0/0x3d0
[ 2260.799607][T14418]  ? make_kgid+0x215/0x710
[ 2260.804017][T14418]  ? security_inode_alloc+0x24/0x130
[ 2260.809295][T14418]  should_failslab+0x5/0x20
[ 2260.813788][T14418]  kmem_cache_alloc+0x24/0x210
[ 2260.818546][T14418]  security_inode_alloc+0x24/0x130
[ 2260.823649][T14418]  inode_init_always+0x5db/0x800
[ 2260.828578][T14418]  new_inode_pseudo+0x8f/0x210
[ 2260.833338][T14418]  new_inode+0x25/0x1d0
[ 2260.837487][T14418]  ? start_creating+0x183/0x270
[ 2260.842332][T14418]  debugfs_create_dir+0x66/0x380
[ 2260.847259][T14418]  bdi_register_va+0x232/0x5e0
[ 2260.852022][T14418]  bdi_register+0xd1/0x120
[ 2260.856435][T14418]  ? __device_add_disk+0x539/0x1200
[ 2260.861621][T14418]  ? bdi_register_va+0x5e0/0x5e0
[ 2260.866553][T14418]  ? percpu_ref_resurrect+0x113/0x190
[ 2260.871916][T14418]  bdi_register_owner+0x56/0xf0
[ 2260.876757][T14418]  __device_add_disk+0x5b8/0x1200
[ 2260.881779][T14418]  ? device_add_disk+0x30/0x30
[ 2260.886536][T14418]  ? vsprintf+0x30/0x30
[ 2260.890690][T14418]  ? device_initialize+0x1c7/0x3d0
[ 2260.895810][T14418]  ? __alloc_disk_node+0x326/0x380
[ 2260.900913][T14418]  loop_add+0x554/0x710
[ 2260.905065][T14418]  loop_control_ioctl+0x564/0x740
[ 2260.910089][T14418]  ? loop_remove+0xa0/0xa0
[ 2260.914504][T14418]  ? memset+0x1f/0x40
[ 2260.918475][T14418]  ? fsnotify+0x1332/0x13f0
[ 2260.922969][T14418]  ? loop_remove+0xa0/0xa0
[ 2260.927376][T14418]  do_vfs_ioctl+0x744/0x1730
[ 2260.931960][T14418]  ? selinux_file_ioctl+0x723/0x970
[ 2260.937149][T14418]  ? ioctl_preallocate+0x250/0x250
[ 2260.942251][T14418]  ? __fget+0x40c/0x4a0
[ 2260.946400][T14418]  ? fget_many+0x20/0x20
[ 2260.950632][T14418]  ? check_preemption_disabled+0x154/0x330
[ 2260.956433][T14418]  ? debug_smp_processor_id+0x20/0x20
[ 2260.961795][T14418]  ? security_file_ioctl+0x9d/0xb0
[ 2260.966897][T14418]  __x64_sys_ioctl+0xd4/0x110
[ 2260.971576][T14418]  do_syscall_64+0xcb/0x1c0
[ 2260.976076][T14418]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:22 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x2080, 0x20)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f00000001c0)={@id={0x2, 0x0, @d}})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x8008551d, &(0x7f0000000200)={0xefe, 0x1b, [{0x5}, {0xf}, {0x1}, {0x5, 0x1}, {0xf, 0x1}, {0xa, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0xe}, {0x6}, {0x7}, {0xd}, {0xf, 0x1}, {0x4}, {0x8, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0xc}, {0x7}, {0xa}, {0x1}, {0xc, 0x1}, {0x5, 0x1}, {}, {0x4}, {0xf}, {0x5, 0x1}]})
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
symlinkat(&(0x7f0000000240)='./file0\x00', r5, &(0x7f00000002c0)='./file0\x00')
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x2080, 0x20) (async)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f00000001c0)={@id={0x2, 0x0, @d}}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x8008551d, &(0x7f0000000200)={0xefe, 0x1b, [{0x5}, {0xf}, {0x1}, {0x5, 0x1}, {0xf, 0x1}, {0xa, 0x1}, {0xe, 0x1}, {0xd, 0x1}, {0xe}, {0x6}, {0x7}, {0xd}, {0xf, 0x1}, {0x4}, {0x8, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0xc}, {0x7}, {0xa}, {0x1}, {0xc, 0x1}, {0x5, 0x1}, {}, {0x4}, {0xf}, {0x5, 0x1}]}) (async)
connect$inet6(r2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
pipe2$watch_queue(&(0x7f0000000280), 0x80) (async)
symlinkat(&(0x7f0000000240)='./file0\x00', r5, &(0x7f00000002c0)='./file0\x00') (async)

12:02:22 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 72)

[ 2260.989957][T14418] debugfs: out of free dentries, can not create directory '7:0'
12:02:22 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
renameat(r2, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00')
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_type(r0, &(0x7f0000000240), 0x2, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000180)=[&(0x7f0000000100)='-@\xa3+\xa7\x00', &(0x7f0000000140)='.[&!\'\x94\xc8\xfc\x1e_\\\xc1\xc5\x11%2-/\x03'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

12:02:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x27, 0x80000)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={0xffffffffffffffff, 0x5, {0x0, 0x0, 0x0, 0xb86, 0x8, 0x0, 0x5, 0x15, 0x4, "34d757ba24ea6cf9c57eac8399abd6fdbb80097f383e2f0482141e37b1e97952efc9d204c6296d1f1a167daf38e22b0b11da793fb3553ab46f6ef3d8094ffcd6", "5a955df3512e81087f3031da50e6fa2bbf6543b643baa2a103860b7d450b7c7282054fce4157994dd3c210e1edd90e6f51d163d3f958dde773e9a91ab4d0d173", "cd221699e15c915eac0f0921170a7dfc10ee567483ce490f92bb95abdeef3e6b", [0x1, 0x8]}})
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x111040, 0x1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000340)={0x0, {}, 0x0, {}, 0x9, 0x2, 0x0, 0xc, "cb2585801c60f01711d8a86105884d7409bd071815c6e794bd510bf9b6761bf527bfd14855a7b30c3fbad5af14f9300e608e53b7f21f9d6f6359c5da8725556d", "b842387a761be22f8abbeba31480a7aae7ed9f9cc27604c42e4f36cde0266aae", [0xa9b, 0x3]})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@empty, 0x6, 0x0, 0x0, 0xe, 0x0, 0xffd5}, 0x20)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffc0, 0x1000, 0x0, 0x0, 0xc, 0x0, "622b114004fe372eb6e8be8a9fd12c31a5413a52116a82897a753d283ec65f6317225474669921a612706d12571f1946082211b56e7b6c4f82824d05d4150cc0", "ca9ceab839002ba011deea26c3b207fbb488c130ec93502ec2ed5cb0808e44cb40eabafe4cd6f918fbe3652c87f07bd290c23b026c8b608584f268dcd4a1126d", "4002bda1e8699f0c2d358b15b3fe12273b1059f81218d2818e69e8ab25e8ab34", [0xffffffffffffff7f, 0x2]})

[ 2261.076232][T14460] FAULT_INJECTION: forcing a failure.
[ 2261.076232][T14460] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2261.105891][T14460] CPU: 0 PID: 14460 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2261.117538][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2261.127588][T14460] Call Trace:
[ 2261.130880][T14460]  dump_stack+0x1d8/0x241
[ 2261.135212][T14460]  ? panic+0x73e/0x73e
[ 2261.139277][T14460]  ? stack_trace_save+0x132/0x200
[ 2261.144297][T14460]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2261.150097][T14460]  ? stack_trace_snprint+0x170/0x170
[ 2261.155375][T14460]  should_fail+0x709/0x870
[ 2261.159788][T14460]  ? setup_fault_attr+0x3d0/0x3d0
[ 2261.164809][T14460]  ? __kasan_kmalloc+0x131/0x1e0
[ 2261.169740][T14460]  ? kmem_cache_alloc+0xd0/0x210
[ 2261.174671][T14460]  ? inode_init_always+0x5db/0x800
[ 2261.179772][T14460]  ? new_inode_pseudo+0x8f/0x210
[ 2261.184708][T14460]  __alloc_pages_nodemask+0x1b6/0x860
[ 2261.190072][T14460]  ? __x64_sys_ioctl+0xd4/0x110
[ 2261.194910][T14460]  ? do_syscall_64+0xcb/0x1c0
[ 2261.199579][T14460]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 2261.205119][T14460]  ? lockref_get+0x1b3/0x2a0
[ 2261.209826][T14460]  ? asan.module_dtor+0x20/0x20
[ 2261.214679][T14460]  __get_free_pages+0xa/0x30
[ 2261.219264][T14460]  selinux_genfs_get_sid+0x55/0x250
[ 2261.224463][T14460]  inode_doinit_with_dentry+0x87c/0x1020
[ 2261.230093][T14460]  ? sb_finish_set_opts+0x7a0/0x7a0
[ 2261.235301][T14460]  ? current_time+0x1c4/0x310
[ 2261.239973][T14460]  ? atime_needs_update+0x580/0x580
[ 2261.245161][T14460]  security_d_instantiate+0xa5/0x100
[ 2261.250438][T14460]  d_instantiate+0x51/0x90
[ 2261.254850][T14460]  debugfs_create_dir+0x1a1/0x380
[ 2261.259869][T14460]  bdi_register_va+0x232/0x5e0
[ 2261.264627][T14460]  bdi_register+0xd1/0x120
[ 2261.269039][T14460]  ? __device_add_disk+0x539/0x1200
[ 2261.274225][T14460]  ? bdi_register_va+0x5e0/0x5e0
[ 2261.279154][T14460]  ? percpu_ref_resurrect+0x113/0x190
[ 2261.284518][T14460]  bdi_register_owner+0x56/0xf0
[ 2261.289364][T14460]  __device_add_disk+0x5b8/0x1200
[ 2261.294386][T14460]  ? device_add_disk+0x30/0x30
[ 2261.299139][T14460]  ? vsprintf+0x30/0x30
[ 2261.303287][T14460]  ? device_initialize+0x1c7/0x3d0
[ 2261.308387][T14460]  ? __alloc_disk_node+0x326/0x380
[ 2261.313492][T14460]  loop_add+0x554/0x710
[ 2261.317640][T14460]  loop_control_ioctl+0x564/0x740
[ 2261.322658][T14460]  ? loop_remove+0xa0/0xa0
12:02:22 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
read$watch_queue(r2, &(0x7f00000001c0)=""/118, 0x76)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c658f5027009440636ff921775e71bd7b0522f9e127c6141", &(0x7f0000000100)=@udp=r3, 0x4}, 0x20)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r4)

12:02:22 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2040)

12:02:22 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}}, 0x814)
r3 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r3, 0x0, 0x0)

[ 2261.327065][T14460]  ? __lru_cache_add+0x1bf/0x210
[ 2261.331992][T14460]  ? memset+0x1f/0x40
[ 2261.335970][T14460]  ? fsnotify+0x1332/0x13f0
[ 2261.340467][T14460]  ? loop_remove+0xa0/0xa0
[ 2261.344873][T14460]  do_vfs_ioctl+0x744/0x1730
[ 2261.349454][T14460]  ? selinux_file_ioctl+0x723/0x970
[ 2261.354648][T14460]  ? ioctl_preallocate+0x250/0x250
[ 2261.359767][T14460]  ? __fget+0x40c/0x4a0
[ 2261.363921][T14460]  ? fget_many+0x20/0x20
[ 2261.368160][T14460]  ? check_preemption_disabled+0x154/0x330
12:02:22 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0) (async)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}}, 0x814)
r3 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r3, 0x0, 0x0)

12:02:22 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2040)
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2040) (async)

12:02:22 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 73)

[ 2261.373966][T14460]  ? debug_smp_processor_id+0x20/0x20
[ 2261.379335][T14460]  ? security_file_ioctl+0x9d/0xb0
[ 2261.384447][T14460]  __x64_sys_ioctl+0xd4/0x110
[ 2261.389122][T14460]  do_syscall_64+0xcb/0x1c0
[ 2261.393619][T14460]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:22 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0) (async)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
renameat(r2, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_type(r0, &(0x7f0000000240), 0x2, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000180)=[&(0x7f0000000100)='-@\xa3+\xa7\x00', &(0x7f0000000140)='.[&!\'\x94\xc8\xfc\x1e_\\\xc1\xc5\x11%2-/\x03'], 0x1000) (async, rerun: 64)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0) (rerun: 64)

12:02:22 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async, rerun: 64)
read$watch_queue(r2, &(0x7f00000001c0)=""/118, 0x76) (async, rerun: 64)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async, rerun: 64)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c658f5027009440636ff921775e71bd7b0522f9e127c6141", &(0x7f0000000100)=@udp=r3, 0x4}, 0x20) (async, rerun: 64)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r4)

12:02:22 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}}, 0x814)
r3 = socket$igmp6(0xa, 0x3, 0x2)
write$P9_RREMOVE(r3, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan4\x00'}) (async)
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}}, 0x814) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
write$P9_RREMOVE(r3, 0x0, 0x0) (async)

12:02:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x27, 0x80000)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={0xffffffffffffffff, 0x5, {0x0, 0x0, 0x0, 0xb86, 0x8, 0x0, 0x5, 0x15, 0x4, "34d757ba24ea6cf9c57eac8399abd6fdbb80097f383e2f0482141e37b1e97952efc9d204c6296d1f1a167daf38e22b0b11da793fb3553ab46f6ef3d8094ffcd6", "5a955df3512e81087f3031da50e6fa2bbf6543b643baa2a103860b7d450b7c7282054fce4157994dd3c210e1edd90e6f51d163d3f958dde773e9a91ab4d0d173", "cd221699e15c915eac0f0921170a7dfc10ee567483ce490f92bb95abdeef3e6b", [0x1, 0x8]}})
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x111040, 0x1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000340)={0x0, {}, 0x0, {}, 0x9, 0x2, 0x0, 0xc, "cb2585801c60f01711d8a86105884d7409bd071815c6e794bd510bf9b6761bf527bfd14855a7b30c3fbad5af14f9300e608e53b7f21f9d6f6359c5da8725556d", "b842387a761be22f8abbeba31480a7aae7ed9f9cc27604c42e4f36cde0266aae", [0xa9b, 0x3]})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@empty, 0x6, 0x0, 0x0, 0xe, 0x0, 0xffd5}, 0x20)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffc0, 0x1000, 0x0, 0x0, 0xc, 0x0, "622b114004fe372eb6e8be8a9fd12c31a5413a52116a82897a753d283ec65f6317225474669921a612706d12571f1946082211b56e7b6c4f82824d05d4150cc0", "ca9ceab839002ba011deea26c3b207fbb488c130ec93502ec2ed5cb0808e44cb40eabafe4cd6f918fbe3652c87f07bd290c23b026c8b608584f268dcd4a1126d", "4002bda1e8699f0c2d358b15b3fe12273b1059f81218d2818e69e8ab25e8ab34", [0xffffffffffffff7f, 0x2]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
syz_open_dev$loop(&(0x7f00000001c0), 0x27, 0x80000) (async)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={0xffffffffffffffff, 0x5, {0x0, 0x0, 0x0, 0xb86, 0x8, 0x0, 0x5, 0x15, 0x4, "34d757ba24ea6cf9c57eac8399abd6fdbb80097f383e2f0482141e37b1e97952efc9d204c6296d1f1a167daf38e22b0b11da793fb3553ab46f6ef3d8094ffcd6", "5a955df3512e81087f3031da50e6fa2bbf6543b643baa2a103860b7d450b7c7282054fce4157994dd3c210e1edd90e6f51d163d3f958dde773e9a91ab4d0d173", "cd221699e15c915eac0f0921170a7dfc10ee567483ce490f92bb95abdeef3e6b", [0x1, 0x8]}}) (async)
openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x111040, 0x1) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000340)={0x0, {}, 0x0, {}, 0x9, 0x2, 0x0, 0xc, "cb2585801c60f01711d8a86105884d7409bd071815c6e794bd510bf9b6761bf527bfd14855a7b30c3fbad5af14f9300e608e53b7f21f9d6f6359c5da8725556d", "b842387a761be22f8abbeba31480a7aae7ed9f9cc27604c42e4f36cde0266aae", [0xa9b, 0x3]}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@empty, 0x6, 0x0, 0x0, 0xe, 0x0, 0xffd5}, 0x20) (async)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffc0, 0x1000, 0x0, 0x0, 0xc, 0x0, "622b114004fe372eb6e8be8a9fd12c31a5413a52116a82897a753d283ec65f6317225474669921a612706d12571f1946082211b56e7b6c4f82824d05d4150cc0", "ca9ceab839002ba011deea26c3b207fbb488c130ec93502ec2ed5cb0808e44cb40eabafe4cd6f918fbe3652c87f07bd290c23b026c8b608584f268dcd4a1126d", "4002bda1e8699f0c2d358b15b3fe12273b1059f81218d2818e69e8ab25e8ab34", [0xffffffffffffff7f, 0x2]}) (async)

12:02:22 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
read$watch_queue(r2, &(0x7f00000001c0)=""/118, 0x76)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c658f5027009440636ff921775e71bd7b0522f9e127c6141", &(0x7f0000000100)=@udp=r3, 0x4}, 0x20) (async)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r4)

12:02:22 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x2040)

12:02:22 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
renameat(r2, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00') (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
openat$cgroup_type(r0, &(0x7f0000000240), 0x2, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000180)=[&(0x7f0000000100)='-@\xa3+\xa7\x00', &(0x7f0000000140)='.[&!\'\x94\xc8\xfc\x1e_\\\xc1\xc5\x11%2-/\x03'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x4c81, 0x0)

12:02:22 executing program 5:
sendmsg$NFC_CMD_GET_SE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x44004)
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000000)={0x16, 0x6f, 0x1, {0x1, [{0x80, 0x0, 0x3}]}}, 0x16)
write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x80, 0x3, 0x7}, 0x8}}, 0x18)

12:02:22 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x7, 0x4)
getpeername$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x1c)
write$P9_RREMOVE(r0, 0x0, 0x0)

[ 2261.558033][T14513] FAULT_INJECTION: forcing a failure.
[ 2261.558033][T14513] name failslab, interval 1, probability 0, space 0, times 0
[ 2261.573964][T14513] CPU: 1 PID: 14513 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2261.585607][T14513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2261.595663][T14513] Call Trace:
[ 2261.598951][T14513]  dump_stack+0x1d8/0x241
[ 2261.603290][T14513]  ? panic+0x73e/0x73e
[ 2261.607349][T14513]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2261.613147][T14513]  ? do_syscall_64+0xcb/0x1c0
[ 2261.617818][T14513]  should_fail+0x709/0x870
[ 2261.622225][T14513]  ? setup_fault_attr+0x3d0/0x3d0
[ 2261.627253][T14513]  ? stack_trace_save+0x132/0x200
[ 2261.632271][T14513]  ? __device_add_disk+0x5b8/0x1200
[ 2261.637460][T14513]  ? loop_add+0x554/0x710
[ 2261.641789][T14513]  ? __d_alloc+0x2a/0x6a0
[ 2261.646107][T14513]  should_failslab+0x5/0x20
[ 2261.650598][T14513]  kmem_cache_alloc+0x24/0x210
[ 2261.655356][T14513]  __d_alloc+0x2a/0x6a0
[ 2261.659508][T14513]  d_alloc_parallel+0xe6/0x1310
[ 2261.664346][T14513]  ? prep_new_page+0x11b/0x380
[ 2261.669101][T14513]  ? avc_has_perm_noaudit+0x30c/0x400
[ 2261.674461][T14513]  ? bdi_register+0xd1/0x120
[ 2261.679045][T14513]  ? bdi_register_owner+0x56/0xf0
[ 2261.684059][T14513]  ? avc_denied+0x1c0/0x1c0
[ 2261.688559][T14513]  ? d_hash_and_lookup+0x1e0/0x1e0
[ 2261.693657][T14513]  ? free_unref_page_commit+0x11e/0x2a0
[ 2261.699191][T14513]  ? selinux_inode_permission+0x374/0x670
[ 2261.704898][T14513]  ? selinux_inode_permission+0x438/0x670
[ 2261.710608][T14513]  __lookup_slow+0x15a/0x450
[ 2261.715196][T14513]  ? lookup_one_len+0x680/0x680
[ 2261.720050][T14513]  lookup_one_len+0x426/0x680
[ 2261.724722][T14513]  ? try_lookup_one_len+0x650/0x650
[ 2261.729910][T14513]  ? up_write+0xa6/0x270
[ 2261.734145][T14513]  start_creating+0xec/0x270
[ 2261.738724][T14513]  __debugfs_create_file+0x74/0x400
[ 2261.743912][T14513]  ? debugfs_create_dir+0x2e6/0x380
[ 2261.749098][T14513]  bdi_register_va+0x274/0x5e0
[ 2261.753852][T14513]  bdi_register+0xd1/0x120
[ 2261.758269][T14513]  ? __device_add_disk+0x539/0x1200
[ 2261.763456][T14513]  ? bdi_register_va+0x5e0/0x5e0
[ 2261.768387][T14513]  ? percpu_ref_resurrect+0x113/0x190
[ 2261.773749][T14513]  bdi_register_owner+0x56/0xf0
[ 2261.778590][T14513]  __device_add_disk+0x5b8/0x1200
[ 2261.783611][T14513]  ? device_add_disk+0x30/0x30
[ 2261.788368][T14513]  ? vsprintf+0x30/0x30
[ 2261.792516][T14513]  ? device_initialize+0x1c7/0x3d0
[ 2261.797615][T14513]  ? __alloc_disk_node+0x326/0x380
[ 2261.802718][T14513]  loop_add+0x554/0x710
[ 2261.806868][T14513]  loop_control_ioctl+0x564/0x740
[ 2261.811883][T14513]  ? loop_remove+0xa0/0xa0
[ 2261.816290][T14513]  ? __lru_cache_add+0x1bf/0x210
[ 2261.821222][T14513]  ? memset+0x1f/0x40
[ 2261.825203][T14513]  ? fsnotify+0x1332/0x13f0
[ 2261.829702][T14513]  ? loop_remove+0xa0/0xa0
[ 2261.834107][T14513]  do_vfs_ioctl+0x744/0x1730
[ 2261.838689][T14513]  ? selinux_file_ioctl+0x723/0x970
[ 2261.843882][T14513]  ? ioctl_preallocate+0x250/0x250
[ 2261.848989][T14513]  ? __fget+0x40c/0x4a0
[ 2261.853135][T14513]  ? fget_many+0x20/0x20
12:02:23 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 74)

12:02:23 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

[ 2261.857363][T14513]  ? check_preemption_disabled+0x154/0x330
[ 2261.863158][T14513]  ? debug_smp_processor_id+0x20/0x20
[ 2261.868522][T14513]  ? security_file_ioctl+0x9d/0xb0
[ 2261.873624][T14513]  __x64_sys_ioctl+0xd4/0x110
[ 2261.878294][T14513]  do_syscall_64+0xcb/0x1c0
[ 2261.882791][T14513]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300)
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x27, 0x80000)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={0xffffffffffffffff, 0x5, {0x0, 0x0, 0x0, 0xb86, 0x8, 0x0, 0x5, 0x15, 0x4, "34d757ba24ea6cf9c57eac8399abd6fdbb80097f383e2f0482141e37b1e97952efc9d204c6296d1f1a167daf38e22b0b11da793fb3553ab46f6ef3d8094ffcd6", "5a955df3512e81087f3031da50e6fa2bbf6543b643baa2a103860b7d450b7c7282054fce4157994dd3c210e1edd90e6f51d163d3f958dde773e9a91ab4d0d173", "cd221699e15c915eac0f0921170a7dfc10ee567483ce490f92bb95abdeef3e6b", [0x1, 0x8]}})
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x111040, 0x1)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000340)={0x0, {}, 0x0, {}, 0x9, 0x2, 0x0, 0xc, "cb2585801c60f01711d8a86105884d7409bd071815c6e794bd510bf9b6761bf527bfd14855a7b30c3fbad5af14f9300e608e53b7f21f9d6f6359c5da8725556d", "b842387a761be22f8abbeba31480a7aae7ed9f9cc27604c42e4f36cde0266aae", [0xa9b, 0x3]})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@empty, 0x6, 0x0, 0x0, 0xe, 0x0, 0xffd5}, 0x20)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffc0, 0x1000, 0x0, 0x0, 0xc, 0x0, "622b114004fe372eb6e8be8a9fd12c31a5413a52116a82897a753d283ec65f6317225474669921a612706d12571f1946082211b56e7b6c4f82824d05d4150cc0", "ca9ceab839002ba011deea26c3b207fbb488c130ec93502ec2ed5cb0808e44cb40eabafe4cd6f918fbe3652c87f07bd290c23b026c8b608584f268dcd4a1126d", "4002bda1e8699f0c2d358b15b3fe12273b1059f81218d2818e69e8ab25e8ab34", [0xffffffffffffff7f, 0x2]})
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x300) (async)
syz_open_dev$loop(&(0x7f00000001c0), 0x27, 0x80000) (async)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={0xffffffffffffffff, 0x5, {0x0, 0x0, 0x0, 0xb86, 0x8, 0x0, 0x5, 0x15, 0x4, "34d757ba24ea6cf9c57eac8399abd6fdbb80097f383e2f0482141e37b1e97952efc9d204c6296d1f1a167daf38e22b0b11da793fb3553ab46f6ef3d8094ffcd6", "5a955df3512e81087f3031da50e6fa2bbf6543b643baa2a103860b7d450b7c7282054fce4157994dd3c210e1edd90e6f51d163d3f958dde773e9a91ab4d0d173", "cd221699e15c915eac0f0921170a7dfc10ee567483ce490f92bb95abdeef3e6b", [0x1, 0x8]}}) (async)
openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x111040, 0x1) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000340)={0x0, {}, 0x0, {}, 0x9, 0x2, 0x0, 0xc, "cb2585801c60f01711d8a86105884d7409bd071815c6e794bd510bf9b6761bf527bfd14855a7b30c3fbad5af14f9300e608e53b7f21f9d6f6359c5da8725556d", "b842387a761be22f8abbeba31480a7aae7ed9f9cc27604c42e4f36cde0266aae", [0xa9b, 0x3]}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r3, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@empty, 0x6, 0x0, 0x0, 0xe, 0x0, 0xffd5}, 0x20) (async)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffc0, 0x1000, 0x0, 0x0, 0xc, 0x0, "622b114004fe372eb6e8be8a9fd12c31a5413a52116a82897a753d283ec65f6317225474669921a612706d12571f1946082211b56e7b6c4f82824d05d4150cc0", "ca9ceab839002ba011deea26c3b207fbb488c130ec93502ec2ed5cb0808e44cb40eabafe4cd6f918fbe3652c87f07bd290c23b026c8b608584f268dcd4a1126d", "4002bda1e8699f0c2d358b15b3fe12273b1059f81218d2818e69e8ab25e8ab34", [0xffffffffffffff7f, 0x2]}) (async)

12:02:23 executing program 5:
sendmsg$NFC_CMD_GET_SE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x44004) (async)
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000000)={0x16, 0x6f, 0x1, {0x1, [{0x80, 0x0, 0x3}]}}, 0x16) (async)
write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x80, 0x3, 0x7}, 0x8}}, 0x18)

[ 2261.961497][T14525] FAULT_INJECTION: forcing a failure.
[ 2261.961497][T14525] name failslab, interval 1, probability 0, space 0, times 0
[ 2261.977085][T14525] CPU: 1 PID: 14525 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2261.988723][T14525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2261.998769][T14525] Call Trace:
[ 2262.002054][T14525]  dump_stack+0x1d8/0x241
[ 2262.006379][T14525]  ? panic+0x73e/0x73e
[ 2262.010465][T14525]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2262.016281][T14525]  ? __lookup_slow+0x340/0x450
[ 2262.021048][T14525]  should_fail+0x709/0x870
[ 2262.025463][T14525]  ? setup_fault_attr+0x3d0/0x3d0
[ 2262.030485][T14525]  ? lookup_one_len+0x426/0x680
[ 2262.035328][T14525]  ? new_inode_pseudo+0x78/0x210
[ 2262.040264][T14525]  should_failslab+0x5/0x20
[ 2262.044763][T14525]  kmem_cache_alloc+0x24/0x210
[ 2262.049519][T14525]  new_inode_pseudo+0x78/0x210
[ 2262.054277][T14525]  new_inode+0x25/0x1d0
[ 2262.058419][T14525]  ? start_creating+0x183/0x270
[ 2262.063263][T14525]  __debugfs_create_file+0xb6/0x400
[ 2262.068452][T14525]  ? debugfs_create_dir+0x2e6/0x380
[ 2262.073642][T14525]  bdi_register_va+0x274/0x5e0
[ 2262.078393][T14525]  bdi_register+0xd1/0x120
[ 2262.082805][T14525]  ? __device_add_disk+0x539/0x1200
[ 2262.087992][T14525]  ? bdi_register_va+0x5e0/0x5e0
[ 2262.092921][T14525]  ? percpu_ref_resurrect+0x113/0x190
[ 2262.098285][T14525]  bdi_register_owner+0x56/0xf0
[ 2262.103125][T14525]  __device_add_disk+0x5b8/0x1200
[ 2262.108143][T14525]  ? device_add_disk+0x30/0x30
[ 2262.112892][T14525]  ? vsprintf+0x30/0x30
[ 2262.117038][T14525]  ? device_initialize+0x1c7/0x3d0
[ 2262.122140][T14525]  ? __alloc_disk_node+0x326/0x380
[ 2262.127242][T14525]  loop_add+0x554/0x710
[ 2262.131391][T14525]  loop_control_ioctl+0x564/0x740
[ 2262.136414][T14525]  ? loop_remove+0xa0/0xa0
[ 2262.140820][T14525]  ? __lru_cache_add+0x1bf/0x210
[ 2262.145746][T14525]  ? memset+0x1f/0x40
[ 2262.149718][T14525]  ? fsnotify+0x1332/0x13f0
[ 2262.154224][T14525]  ? loop_remove+0xa0/0xa0
[ 2262.158630][T14525]  do_vfs_ioctl+0x744/0x1730
[ 2262.163216][T14525]  ? selinux_file_ioctl+0x723/0x970
[ 2262.168411][T14525]  ? ioctl_preallocate+0x250/0x250
[ 2262.173515][T14525]  ? __fget+0x40c/0x4a0
[ 2262.177749][T14525]  ? fget_many+0x20/0x20
[ 2262.181984][T14525]  ? check_preemption_disabled+0x154/0x330
[ 2262.187780][T14525]  ? debug_smp_processor_id+0x20/0x20
[ 2262.193142][T14525]  ? security_file_ioctl+0x9d/0xb0
[ 2262.198245][T14525]  __x64_sys_ioctl+0xd4/0x110
[ 2262.202912][T14525]  do_syscall_64+0xcb/0x1c0
12:02:23 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x7, 0x4) (async)
getpeername$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x1c) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:23 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 75)

[ 2262.207411][T14525]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2262.220366][T14525] debugfs: out of free dentries, can not create file 'stats'
12:02:23 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)

12:02:23 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x462280, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:23 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x462280, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

[ 2262.294277][T14541] FAULT_INJECTION: forcing a failure.
[ 2262.294277][T14541] name failslab, interval 1, probability 0, space 0, times 0
[ 2262.309304][T14541] CPU: 0 PID: 14541 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2262.321037][T14541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2262.331085][T14541] Call Trace:
[ 2262.334380][T14541]  dump_stack+0x1d8/0x241
[ 2262.338710][T14541]  ? panic+0x73e/0x73e
[ 2262.342773][T14541]  ? do_vfs_ioctl+0x744/0x1730
[ 2262.347526][T14541]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2262.353324][T14541]  should_fail+0x709/0x870
[ 2262.357733][T14541]  ? setup_fault_attr+0x3d0/0x3d0
[ 2262.362748][T14541]  ? make_kgid+0x215/0x710
[ 2262.367156][T14541]  ? security_inode_alloc+0x24/0x130
[ 2262.372431][T14541]  should_failslab+0x5/0x20
[ 2262.376923][T14541]  kmem_cache_alloc+0x24/0x210
[ 2262.381681][T14541]  security_inode_alloc+0x24/0x130
[ 2262.386789][T14541]  inode_init_always+0x5db/0x800
[ 2262.391720][T14541]  new_inode_pseudo+0x8f/0x210
[ 2262.396471][T14541]  new_inode+0x25/0x1d0
[ 2262.400619][T14541]  ? start_creating+0x183/0x270
[ 2262.405465][T14541]  __debugfs_create_file+0xb6/0x400
[ 2262.410654][T14541]  ? debugfs_create_dir+0x2e6/0x380
[ 2262.415842][T14541]  bdi_register_va+0x274/0x5e0
[ 2262.420608][T14541]  bdi_register+0xd1/0x120
[ 2262.425020][T14541]  ? __device_add_disk+0x539/0x1200
[ 2262.430211][T14541]  ? bdi_register_va+0x5e0/0x5e0
[ 2262.435145][T14541]  ? percpu_ref_resurrect+0x113/0x190
[ 2262.440523][T14541]  bdi_register_owner+0x56/0xf0
[ 2262.445368][T14541]  __device_add_disk+0x5b8/0x1200
[ 2262.450389][T14541]  ? device_add_disk+0x30/0x30
[ 2262.455145][T14541]  ? vsprintf+0x30/0x30
[ 2262.459295][T14541]  ? device_initialize+0x1c7/0x3d0
[ 2262.464397][T14541]  ? __alloc_disk_node+0x326/0x380
[ 2262.469501][T14541]  loop_add+0x554/0x710
[ 2262.473654][T14541]  loop_control_ioctl+0x564/0x740
[ 2262.478674][T14541]  ? loop_remove+0xa0/0xa0
[ 2262.483080][T14541]  ? __lru_cache_add+0x1bf/0x210
[ 2262.488010][T14541]  ? memset+0x1f/0x40
[ 2262.491985][T14541]  ? fsnotify+0x1332/0x13f0
[ 2262.496475][T14541]  ? loop_remove+0xa0/0xa0
[ 2262.500882][T14541]  do_vfs_ioctl+0x744/0x1730
[ 2262.505463][T14541]  ? selinux_file_ioctl+0x723/0x970
[ 2262.510649][T14541]  ? ioctl_preallocate+0x250/0x250
[ 2262.515750][T14541]  ? __fget+0x40c/0x4a0
[ 2262.519906][T14541]  ? fget_many+0x20/0x20
[ 2262.524137][T14541]  ? check_preemption_disabled+0x154/0x330
[ 2262.529937][T14541]  ? debug_smp_processor_id+0x20/0x20
[ 2262.535301][T14541]  ? security_file_ioctl+0x9d/0xb0
[ 2262.540403][T14541]  __x64_sys_ioctl+0xd4/0x110
12:02:23 executing program 5:
sendmsg$NFC_CMD_GET_SE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x44004)
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000000)={0x16, 0x6f, 0x1, {0x1, [{0x80, 0x0, 0x3}]}}, 0x16)
write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x80, 0x3, 0x7}, 0x8}}, 0x18)
sendmsg$NFC_CMD_GET_SE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x44004) (async)
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000000)={0x16, 0x6f, 0x1, {0x1, [{0x80, 0x0, 0x3}]}}, 0x16) (async)
write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x80, 0x3, 0x7}, 0x8}}, 0x18) (async)

12:02:23 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x7, 0x4) (async)
getpeername$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x1c) (async)
write$P9_RREMOVE(r0, 0x0, 0x0)

12:02:23 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 76)

12:02:23 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)

[ 2262.545072][T14541]  do_syscall_64+0xcb/0x1c0
[ 2262.549578][T14541]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2262.561060][T14541] debugfs: out of free dentries, can not create file 'stats'
12:02:23 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x462280, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:23 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r2, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)

12:02:23 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
renameat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0xffffffffffffffff, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x3, 0x0, 0x4, 0x8, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@mangle={'mangle\x00', 0x1f, 0x6, 0xee0, 0xd18, 0xf0, 0x210, 0xd18, 0xd18, 0xe10, 0xe10, 0xe10, 0xe10, 0xe10, 0x6, &(0x7f0000000080), {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x3, {0x564d}}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x28e, 0x80000001, 0x8, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@local, 0x3f, 0xd, 0x6}}}, {{@uncond, 0x0, 0x888, 0x8d0, 0x0, {}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x9, 0x2}, {0xffff, 0x3}, {0xffff0001, 0x2}, {0x3, 0x2}, {0x1, 0x1}, {0x80000000, 0x2}, {0x7, 0x1}, {0xfffffffe, 0x2}, {}, {0x8, 0x2}, {0x7, 0x3}], [{0x80000001, 0xfff}, {0xfffffffb, 0x7}, {0x7ff, 0x7}, {0x9, 0x4}, {0x2, 0x8}, {0x184a, 0x7fffffff}, {0x627, 0x2}, {0x5, 0x85}, {0x7, 0x3}, {0x1, 0x7fffffff}, {0x3, 0x7}], 0x0, 0x8}, {[{0x7355, 0x1}, {0x20, 0x3}, {0x14af4a2e, 0x3}, {0x9, 0x1}, {0x6088, 0x3}, {0x8, 0x3}, {0x8, 0x2}, {0x5, 0x2}, {0x0, 0x2}, {0x4, 0x2}, {0x80000001, 0x1}], [{0x9de1, 0x200}, {0x1ba, 0x1000}, {0x2, 0x7}, {0x7, 0xffff}, {0x9, 0x1d}, {0x3, 0xeb}, {0x9, 0x6654}, {0xffffffff, 0xc9}, {0x1, 0x158e}, {0x80000000, 0xc97}, {0xee6c, 0x4}], 0x5}, {[{0x1, 0x3}, {0x7, 0x1}, {0x6, 0x2}, {0x3f, 0x3}, {0x80000001, 0x3}, {0xdff2}, {0x8, 0x3}, {0x5, 0x2}, {0x8001, 0x1}, {0x4, 0x2}, {0x6, 0x2}], [{0x8, 0xc6}, {0x4e29d82, 0x13}, {0xc0000000, 0x1}, {0x1, 0xfffffff9}, {0xfff, 0x9}, {0xffffffff, 0x1ff}, {0x2, 0x6}, {0x5, 0x947}, {0x9, 0x8}, {0xe8, 0x80000000}, {0x7, 0x6}], 0x8, 0x5}, {[{0x3, 0x2}, {0x124}, {0x0, 0x1}, {0x5, 0x1}, {0x88ac}, {0x80, 0x3}, {0x81, 0x2}, {0x7fff, 0x2}, {0x2}, {0x1d08d8b, 0x1}, {0x7, 0x2}], [{0x84b7, 0xfffffffe}, {0x9fc4, 0x3ff}, {0x251f, 0x1ff}, {0x89e, 0x4}, {0x1c0, 0x7}, {0x200, 0x401}, {0x0, 0x40}, {0xa4e, 0x1b66}, {0x4, 0x7}, {0xb1, 0xc5c3}, {0x6, 0x101}], 0x4, 0x1}, {[{0xe3b4, 0x2}, {0x800}, {0xfff}, {0x7}, {0x2, 0x1}, {0x40}, {0x14}, {0x4, 0x3}, {0x38, 0x1}, {0x2, 0x1}, {0x80, 0x3}], [{0x2a, 0x1}, {0x0, 0x3f}, {0x1, 0x81}, {0x2, 0xfffffff9}, {0x7fffffff, 0x10000}, {0x7f, 0x3}, {0x5}, {0xfff, 0x10000}, {0x5, 0x7}, {0x7ff, 0xff}, {0x1, 0x2edb}], 0x7, 0x2}, {[{0x1000, 0x1}, {0x100}, {0x6, 0x3}, {0x4}, {0x800}, {0x6}, {0x1, 0x1}, {0x0, 0x2}, {0x7, 0x2}, {0x5, 0x3}, {0x293, 0x3}], [{0x7d7a, 0x6}, {0x8, 0x5}, {0x4e0d}, {0xfffffff9, 0x7fff}, {0x4, 0x358e}, {0x9, 0x5}, {0x4}, {0x1, 0x3}, {0x7f}, {0x2, 0x6}, {0xfffffff7, 0xffffff64}], 0x4, 0x9}, {[{0xffff}, {0x6, 0x3}, {0x8, 0x1}, {0x1000, 0x1}, {0x9}, {0x9, 0x1}, {0x100}, {}, {0x10001, 0x1}, {0x10000}, {0x3, 0x3}], [{0x0, 0x1}, {0xfff, 0xffff545e}, {0x5, 0x100}, {0x0, 0x10001}, {0x1000000, 0x800}, {0x5, 0x8}, {0x0, 0x8}, {0x7, 0x3f}, {0x3, 0x2}, {0x2, 0x3ff}, {0xb0, 0x7}], 0x1}, {[{0x1, 0x2}, {0x2, 0x1}, {0x6, 0x3}, {0x3f, 0x3}, {0xc46a}, {0x8}, {0x8, 0x3}, {0x585, 0x3}, {0x6}, {0x61a, 0x3}, {0x2, 0x3}], [{0x7, 0x10001}, {0x8, 0x1}, {0x1, 0x5}, {0x7f, 0xffffffff}, {0x1, 0xffff}, {0x7, 0x40}, {0x9b}, {0x8, 0x80}, {0x10000, 0x8}, {0xfffffffb, 0xb38}, {0x0, 0x5}], 0x2}, {[{0x6, 0x2}, {0xfff, 0x2}, {0x2, 0x2}, {0x2, 0x2}, {0x4, 0x3}, {0x200}, {0x3f, 0x6}, {0x7ff}, {0x80, 0x3}, {0xffffffff, 0x2}, {0x3ff, 0x2}], [{0x9, 0x8}, {0x5, 0xfffffffb}, {0x2, 0x8001}, {0x8, 0x6c}, {0x8, 0x7}, {0x7, 0x6}, {0x745, 0x531}, {0xffff00e9, 0x7}, {0x4, 0xfff}, {0x1ff, 0x80}, {0x20, 0x9}], 0x9, 0x8}, {[{0xa}, {0x9, 0x3}, {0xffffffff}, {0x0, 0x2}, {0x8, 0x3}, {0x3f, 0x1}, {0x3, 0x1}, {0x80, 0x3}, {0x9, 0x1}, {0x6, 0x3}, {0x2, 0x3}], [{0x3}, {0x3ff, 0x8}, {0x100, 0x400}, {0x6, 0xfffffff9}, {0x9, 0x7f}, {0x8, 0x54d}, {0x5, 0x80000001}, {0xffffffff, 0x1000}, {0x9, 0x2}, {0x6, 0x2}, {0x7ff, 0x4}], 0x8, 0x5}, {[{0x2}, {0x7c37, 0x3}, {0xffffff73, 0x3}, {0x20000, 0x2}, {0xe86, 0x1}, {0x80, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x9}, {0x5, 0x1}, {0x8, 0x3}], [{0x401, 0x8001}, {0x101, 0x3}, {0x8, 0x400}, {0x9, 0x2}, {0x7fffffff, 0x80}, {0x6}, {0x2, 0xfffff88e}, {0x1, 0x8}, {0x6db7, 0x303}, {0x8, 0x9}, {0x0, 0x2c6}], 0x6, 0x8}], 0x4, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa010100, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x1c, 0xd, 0x7}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d5], 0x7ff, 0x1f, 0x2}}, @common=@rt={{0x138}, {0x9, [0x4, 0x6], 0x8001, 0x10, 0x2, [@private0, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @local, @mcast2, @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x3c}, @private0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @remote, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, @ipv4={'\x00', '\xff\xff', @loopback}], 0x2}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [0xff000000, 0xff, 0xff, 0xff], [0x0, 0xffffff00, 0xffffffff], 'ip6_vti0\x00', 'gre0\x00', {0xff}, {0xff}, 0xc, 0x5, 0x8, 0x70}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xb}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xf40)

12:02:23 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)

12:02:23 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x422e40, 0x0)
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r2, &(0x7f0000000240)='./file0\x00', 0x7)
futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180))

[ 2262.643451][T14574] FAULT_INJECTION: forcing a failure.
[ 2262.643451][T14574] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2262.684870][T14574] CPU: 1 PID: 14574 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2262.696519][T14574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2262.706566][T14574] Call Trace:
[ 2262.709856][T14574]  dump_stack+0x1d8/0x241
[ 2262.714182][T14574]  ? panic+0x73e/0x73e
[ 2262.718247][T14574]  ? stack_trace_save+0x132/0x200
[ 2262.723263][T14574]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2262.729062][T14574]  ? stack_trace_snprint+0x170/0x170
[ 2262.734341][T14574]  should_fail+0x709/0x870
[ 2262.738750][T14574]  ? setup_fault_attr+0x3d0/0x3d0
[ 2262.743765][T14574]  ? __kasan_kmalloc+0x131/0x1e0
[ 2262.748693][T14574]  ? kmem_cache_alloc+0xd0/0x210
[ 2262.753622][T14574]  ? inode_init_always+0x5db/0x800
[ 2262.758725][T14574]  ? new_inode_pseudo+0x8f/0x210
[ 2262.763658][T14574]  __alloc_pages_nodemask+0x1b6/0x860
[ 2262.769025][T14574]  ? __x64_sys_ioctl+0xd4/0x110
[ 2262.773874][T14574]  ? do_syscall_64+0xcb/0x1c0
[ 2262.778553][T14574]  ? gfp_pfmemalloc_allowed+0x120/0x120
[ 2262.784095][T14574]  ? lockref_get+0x1b3/0x2a0
[ 2262.788679][T14574]  ? asan.module_dtor+0x20/0x20
[ 2262.793533][T14574]  __get_free_pages+0xa/0x30
[ 2262.798124][T14574]  selinux_genfs_get_sid+0x55/0x250
[ 2262.803322][T14574]  inode_doinit_with_dentry+0x87c/0x1020
[ 2262.808955][T14574]  ? sb_finish_set_opts+0x7a0/0x7a0
[ 2262.814151][T14574]  ? current_time+0x1c4/0x310
[ 2262.818825][T14574]  ? atime_needs_update+0x580/0x580
[ 2262.824024][T14574]  security_d_instantiate+0xa5/0x100
[ 2262.829310][T14574]  d_instantiate+0x51/0x90
[ 2262.833723][T14574]  __debugfs_create_file+0x256/0x400
[ 2262.839000][T14574]  bdi_register_va+0x274/0x5e0
[ 2262.843755][T14574]  bdi_register+0xd1/0x120
[ 2262.848167][T14574]  ? __device_add_disk+0x539/0x1200
[ 2262.853358][T14574]  ? bdi_register_va+0x5e0/0x5e0
[ 2262.858288][T14574]  ? percpu_ref_resurrect+0x113/0x190
[ 2262.863654][T14574]  bdi_register_owner+0x56/0xf0
[ 2262.868495][T14574]  __device_add_disk+0x5b8/0x1200
[ 2262.873513][T14574]  ? device_add_disk+0x30/0x30
[ 2262.878264][T14574]  ? vsprintf+0x30/0x30
[ 2262.882415][T14574]  ? device_initialize+0x1c7/0x3d0
[ 2262.887520][T14574]  ? __alloc_disk_node+0x326/0x380
[ 2262.892624][T14574]  loop_add+0x554/0x710
[ 2262.896772][T14574]  loop_control_ioctl+0x564/0x740
[ 2262.901791][T14574]  ? loop_remove+0xa0/0xa0
[ 2262.906200][T14574]  ? __lru_cache_add+0x1bf/0x210
[ 2262.911155][T14574]  ? memset+0x1f/0x40
[ 2262.915128][T14574]  ? fsnotify+0x1332/0x13f0
[ 2262.919626][T14574]  ? loop_remove+0xa0/0xa0
[ 2262.924034][T14574]  do_vfs_ioctl+0x744/0x1730
[ 2262.928620][T14574]  ? selinux_file_ioctl+0x723/0x970
12:02:24 executing program 0:
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in=@empty, @in6=@mcast2}}, {{@in6=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000380)=0xe8)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r2, &(0x7f0000000440)="3bf22f7848c2d7f5530e55037a237d82b3bfa28b9f4a6487ccf90f6ec1651e3c01d6af813f084f75737dcbf7295b1d4bd117fcebe30838c44226dffd7684187a6bfead96604372bbeb2823d11e829b0db391b1415affe6b24b398c00b22e0c5819bfa57dbb6910fb066a89948ca2833cfebb7df3308b0584789b690911a75fbef56a19248ae069be9d17ffd3909744acc2646ab4c765470bf65fd19917611e1860af8c59adbde8d17d886f7983c1f02a77743741754698b0fcb20534cc13407d17f3382d69295138f087af3f0d2e97c9e994", &(0x7f0000000540)=@tcp=r3, 0x1}, 0x20)
pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
write$P9_RLERRORu(r4, &(0x7f0000000400)={0x11, 0x7, 0x1, {{0x4, '.^\x8a#'}, 0x740b}}, 0x11)
openat$cgroup_devices(r1, &(0x7f0000000240)='devices.deny\x00', 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
write$9p(r5, &(0x7f00000005c0)="1e02072dbb7391225a99d80c9a4222c4c468640a20c610a30d5b93543f0e88eb7571836506a2b50d5fb2363a6dce5700601eeb8275b237098818c283b4cb1d85e82dbf05ad5ebe566cfdb96c9d6c4a49365b5edb8ec60f6403a80df5976520e4827e6a182ecf6d745b3efa0414ce31638f03208879e6ef0aee85f6536ecf790359e34cdec247e0e73315b4f5ad3472aa0d8ea0ec716dab458905a0935569f0e0892a3bdf254ac9ab95062f4b6ae2fbf3a9a016967bd68ab51ac9fd8f624765f0b3fea1fc88be68437275dcd4414bc364bec8872c558b7904f38d388401b9fa54fc17850ab3d773a95c1fa191ccca", 0xee)
r6 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x400440, 0xf)
write$P9_RATTACH(r6, &(0x7f0000000200)={0x14, 0x69, 0x2, {0x10, 0x1, 0x1}}, 0x14)

12:02:24 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8400008}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)={0x394, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0x130, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd790}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x401}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x874c}, @NL802154_DEVKEY_ATTR_ID={0x4c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_DEVKEY_ATTR_ID={0x5c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3b7d20b8e9357fb}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x200}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0xb8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x20}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x4}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3ff}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_SEC_DEVKEY={0x15c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x40, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x18f}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xf4e}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x800080}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x20}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x34}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x81}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x394}, 0x1, 0x0, 0x0, 0x1}, 0x2000081)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffffff, 0xa042)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x1ff)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002cc2009febf3418f67f12aec00f0a900000000dfd0000000000000000000a5e35bd8d4d8d70de9bb7e6e9932d734171df633b1ad8b8cda02c776e4e7ad4376639c6bcb611cc522897bd27ab6b68277b5b0b67045b4694ee0e1021aa92b9021f70f2a2aa873cef38efcb1b1137b1abc02b48dc20ca99295e30a850fc562f2035bfc9dd9fca03ecdeab99b0a72a28c60b2ccd9152ee3852050983cb33fd9aa897bc3131c8638a5c24e873edceae39dccfa50fabf34eb4d25ddbfb99bf56eae1cf8007168a0604154b2ca18c347f848daa9ff7b75252bc2ded87eb90bc2ac6406cfe002ef443075dbc4889afe24403c0d1c09bc80e2ef3261d2eda9058fa5ece5befadf8324fd66bf257f5c381ff300c30fd454ce87f7e681c47c18669c7050ca60acf476f0a59187cede99c29e31d79f055000387fae77ebf8b44a07"], 0x24}, 0x1, 0x0, 0x0, 0x2c000090}, 0x20008090)

12:02:24 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 77)

12:02:24 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2) (async)
renameat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0xffffffffffffffff, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x3, 0x0, 0x4, 0x8, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@mangle={'mangle\x00', 0x1f, 0x6, 0xee0, 0xd18, 0xf0, 0x210, 0xd18, 0xd18, 0xe10, 0xe10, 0xe10, 0xe10, 0xe10, 0x6, &(0x7f0000000080), {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x3, {0x564d}}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x28e, 0x80000001, 0x8, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@local, 0x3f, 0xd, 0x6}}}, {{@uncond, 0x0, 0x888, 0x8d0, 0x0, {}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x9, 0x2}, {0xffff, 0x3}, {0xffff0001, 0x2}, {0x3, 0x2}, {0x1, 0x1}, {0x80000000, 0x2}, {0x7, 0x1}, {0xfffffffe, 0x2}, {}, {0x8, 0x2}, {0x7, 0x3}], [{0x80000001, 0xfff}, {0xfffffffb, 0x7}, {0x7ff, 0x7}, {0x9, 0x4}, {0x2, 0x8}, {0x184a, 0x7fffffff}, {0x627, 0x2}, {0x5, 0x85}, {0x7, 0x3}, {0x1, 0x7fffffff}, {0x3, 0x7}], 0x0, 0x8}, {[{0x7355, 0x1}, {0x20, 0x3}, {0x14af4a2e, 0x3}, {0x9, 0x1}, {0x6088, 0x3}, {0x8, 0x3}, {0x8, 0x2}, {0x5, 0x2}, {0x0, 0x2}, {0x4, 0x2}, {0x80000001, 0x1}], [{0x9de1, 0x200}, {0x1ba, 0x1000}, {0x2, 0x7}, {0x7, 0xffff}, {0x9, 0x1d}, {0x3, 0xeb}, {0x9, 0x6654}, {0xffffffff, 0xc9}, {0x1, 0x158e}, {0x80000000, 0xc97}, {0xee6c, 0x4}], 0x5}, {[{0x1, 0x3}, {0x7, 0x1}, {0x6, 0x2}, {0x3f, 0x3}, {0x80000001, 0x3}, {0xdff2}, {0x8, 0x3}, {0x5, 0x2}, {0x8001, 0x1}, {0x4, 0x2}, {0x6, 0x2}], [{0x8, 0xc6}, {0x4e29d82, 0x13}, {0xc0000000, 0x1}, {0x1, 0xfffffff9}, {0xfff, 0x9}, {0xffffffff, 0x1ff}, {0x2, 0x6}, {0x5, 0x947}, {0x9, 0x8}, {0xe8, 0x80000000}, {0x7, 0x6}], 0x8, 0x5}, {[{0x3, 0x2}, {0x124}, {0x0, 0x1}, {0x5, 0x1}, {0x88ac}, {0x80, 0x3}, {0x81, 0x2}, {0x7fff, 0x2}, {0x2}, {0x1d08d8b, 0x1}, {0x7, 0x2}], [{0x84b7, 0xfffffffe}, {0x9fc4, 0x3ff}, {0x251f, 0x1ff}, {0x89e, 0x4}, {0x1c0, 0x7}, {0x200, 0x401}, {0x0, 0x40}, {0xa4e, 0x1b66}, {0x4, 0x7}, {0xb1, 0xc5c3}, {0x6, 0x101}], 0x4, 0x1}, {[{0xe3b4, 0x2}, {0x800}, {0xfff}, {0x7}, {0x2, 0x1}, {0x40}, {0x14}, {0x4, 0x3}, {0x38, 0x1}, {0x2, 0x1}, {0x80, 0x3}], [{0x2a, 0x1}, {0x0, 0x3f}, {0x1, 0x81}, {0x2, 0xfffffff9}, {0x7fffffff, 0x10000}, {0x7f, 0x3}, {0x5}, {0xfff, 0x10000}, {0x5, 0x7}, {0x7ff, 0xff}, {0x1, 0x2edb}], 0x7, 0x2}, {[{0x1000, 0x1}, {0x100}, {0x6, 0x3}, {0x4}, {0x800}, {0x6}, {0x1, 0x1}, {0x0, 0x2}, {0x7, 0x2}, {0x5, 0x3}, {0x293, 0x3}], [{0x7d7a, 0x6}, {0x8, 0x5}, {0x4e0d}, {0xfffffff9, 0x7fff}, {0x4, 0x358e}, {0x9, 0x5}, {0x4}, {0x1, 0x3}, {0x7f}, {0x2, 0x6}, {0xfffffff7, 0xffffff64}], 0x4, 0x9}, {[{0xffff}, {0x6, 0x3}, {0x8, 0x1}, {0x1000, 0x1}, {0x9}, {0x9, 0x1}, {0x100}, {}, {0x10001, 0x1}, {0x10000}, {0x3, 0x3}], [{0x0, 0x1}, {0xfff, 0xffff545e}, {0x5, 0x100}, {0x0, 0x10001}, {0x1000000, 0x800}, {0x5, 0x8}, {0x0, 0x8}, {0x7, 0x3f}, {0x3, 0x2}, {0x2, 0x3ff}, {0xb0, 0x7}], 0x1}, {[{0x1, 0x2}, {0x2, 0x1}, {0x6, 0x3}, {0x3f, 0x3}, {0xc46a}, {0x8}, {0x8, 0x3}, {0x585, 0x3}, {0x6}, {0x61a, 0x3}, {0x2, 0x3}], [{0x7, 0x10001}, {0x8, 0x1}, {0x1, 0x5}, {0x7f, 0xffffffff}, {0x1, 0xffff}, {0x7, 0x40}, {0x9b}, {0x8, 0x80}, {0x10000, 0x8}, {0xfffffffb, 0xb38}, {0x0, 0x5}], 0x2}, {[{0x6, 0x2}, {0xfff, 0x2}, {0x2, 0x2}, {0x2, 0x2}, {0x4, 0x3}, {0x200}, {0x3f, 0x6}, {0x7ff}, {0x80, 0x3}, {0xffffffff, 0x2}, {0x3ff, 0x2}], [{0x9, 0x8}, {0x5, 0xfffffffb}, {0x2, 0x8001}, {0x8, 0x6c}, {0x8, 0x7}, {0x7, 0x6}, {0x745, 0x531}, {0xffff00e9, 0x7}, {0x4, 0xfff}, {0x1ff, 0x80}, {0x20, 0x9}], 0x9, 0x8}, {[{0xa}, {0x9, 0x3}, {0xffffffff}, {0x0, 0x2}, {0x8, 0x3}, {0x3f, 0x1}, {0x3, 0x1}, {0x80, 0x3}, {0x9, 0x1}, {0x6, 0x3}, {0x2, 0x3}], [{0x3}, {0x3ff, 0x8}, {0x100, 0x400}, {0x6, 0xfffffff9}, {0x9, 0x7f}, {0x8, 0x54d}, {0x5, 0x80000001}, {0xffffffff, 0x1000}, {0x9, 0x2}, {0x6, 0x2}, {0x7ff, 0x4}], 0x8, 0x5}, {[{0x2}, {0x7c37, 0x3}, {0xffffff73, 0x3}, {0x20000, 0x2}, {0xe86, 0x1}, {0x80, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x9}, {0x5, 0x1}, {0x8, 0x3}], [{0x401, 0x8001}, {0x101, 0x3}, {0x8, 0x400}, {0x9, 0x2}, {0x7fffffff, 0x80}, {0x6}, {0x2, 0xfffff88e}, {0x1, 0x8}, {0x6db7, 0x303}, {0x8, 0x9}, {0x0, 0x2c6}], 0x6, 0x8}], 0x4, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa010100, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x1c, 0xd, 0x7}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d5], 0x7ff, 0x1f, 0x2}}, @common=@rt={{0x138}, {0x9, [0x4, 0x6], 0x8001, 0x10, 0x2, [@private0, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @local, @mcast2, @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x3c}, @private0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @remote, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, @ipv4={'\x00', '\xff\xff', @loopback}], 0x2}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [0xff000000, 0xff, 0xff, 0xff], [0x0, 0xffffff00, 0xffffffff], 'ip6_vti0\x00', 'gre0\x00', {0xff}, {0xff}, 0xc, 0x5, 0x8, 0x70}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xb}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xf40)

[ 2262.933808][T14574]  ? ioctl_preallocate+0x250/0x250
[ 2262.938911][T14574]  ? __fget+0x40c/0x4a0
[ 2262.943060][T14574]  ? fget_many+0x20/0x20
[ 2262.947291][T14574]  ? check_preemption_disabled+0x154/0x330
[ 2262.953091][T14574]  ? debug_smp_processor_id+0x20/0x20
[ 2262.958454][T14574]  ? security_file_ioctl+0x9d/0xb0
[ 2262.963560][T14574]  __x64_sys_ioctl+0xd4/0x110
[ 2262.968241][T14574]  do_syscall_64+0xcb/0x1c0
[ 2262.972743][T14574]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:24 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8400008}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)={0x394, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0x130, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd790}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x401}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x874c}, @NL802154_DEVKEY_ATTR_ID={0x4c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_DEVKEY_ATTR_ID={0x5c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3b7d20b8e9357fb}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x200}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0xb8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x20}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x4}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3ff}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_SEC_DEVKEY={0x15c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x40, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x18f}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xf4e}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x800080}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x20}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x34}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x81}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x394}, 0x1, 0x0, 0x0, 0x1}, 0x2000081)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffffff, 0xa042)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x1ff)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002cc2009febf3418f67f12aec00f0a900000000dfd0000000000000000000a5e35bd8d4d8d70de9bb7e6e9932d734171df633b1ad8b8cda02c776e4e7ad4376639c6bcb611cc522897bd27ab6b68277b5b0b67045b4694ee0e1021aa92b9021f70f2a2aa873cef38efcb1b1137b1abc02b48dc20ca99295e30a850fc562f2035bfc9dd9fca03ecdeab99b0a72a28c60b2ccd9152ee3852050983cb33fd9aa897bc3131c8638a5c24e873edceae39dccfa50fabf34eb4d25ddbfb99bf56eae1cf8007168a0604154b2ca18c347f848daa9ff7b75252bc2ded87eb90bc2ac6406cfe002ef443075dbc4889afe24403c0d1c09bc80e2ef3261d2eda9058fa5ece5befadf8324fd66bf257f5c381ff300c30fd454ce87f7e681c47c18669c7050ca60acf476f0a59187cede99c29e31d79f055000387fae77ebf8b44a07"], 0x24}, 0x1, 0x0, 0x0, 0x2c000090}, 0x20008090)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00'}) (async)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8400008}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)={0x394, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0x130, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd790}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x401}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x874c}, @NL802154_DEVKEY_ATTR_ID={0x4c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_DEVKEY_ATTR_ID={0x5c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3b7d20b8e9357fb}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x200}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0xb8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x20}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x4}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3ff}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_SEC_DEVKEY={0x15c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x40, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x18f}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xf4e}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x800080}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x20}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x34}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x81}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x394}, 0x1, 0x0, 0x0, 0x1}, 0x2000081) (async)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffffff, 0xa042) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x1ff) (async)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002cc2009febf3418f67f12aec00f0a900000000dfd0000000000000000000a5e35bd8d4d8d70de9bb7e6e9932d734171df633b1ad8b8cda02c776e4e7ad4376639c6bcb611cc522897bd27ab6b68277b5b0b67045b4694ee0e1021aa92b9021f70f2a2aa873cef38efcb1b1137b1abc02b48dc20ca99295e30a850fc562f2035bfc9dd9fca03ecdeab99b0a72a28c60b2ccd9152ee3852050983cb33fd9aa897bc3131c8638a5c24e873edceae39dccfa50fabf34eb4d25ddbfb99bf56eae1cf8007168a0604154b2ca18c347f848daa9ff7b75252bc2ded87eb90bc2ac6406cfe002ef443075dbc4889afe24403c0d1c09bc80e2ef3261d2eda9058fa5ece5befadf8324fd66bf257f5c381ff300c30fd454ce87f7e681c47c18669c7050ca60acf476f0a59187cede99c29e31d79f055000387fae77ebf8b44a07"], 0x24}, 0x1, 0x0, 0x0, 0x2c000090}, 0x20008090) (async)

12:02:24 executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r0, 0x0, 0x0) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (async)

12:02:24 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x422e40, 0x0)
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r2, &(0x7f0000000240)='./file0\x00', 0x7) (async)
futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180))

12:02:24 executing program 0:
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in=@empty, @in6=@mcast2}}, {{@in6=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000380)=0xe8) (async)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r2, &(0x7f0000000440)="3bf22f7848c2d7f5530e55037a237d82b3bfa28b9f4a6487ccf90f6ec1651e3c01d6af813f084f75737dcbf7295b1d4bd117fcebe30838c44226dffd7684187a6bfead96604372bbeb2823d11e829b0db391b1415affe6b24b398c00b22e0c5819bfa57dbb6910fb066a89948ca2833cfebb7df3308b0584789b690911a75fbef56a19248ae069be9d17ffd3909744acc2646ab4c765470bf65fd19917611e1860af8c59adbde8d17d886f7983c1f02a77743741754698b0fcb20534cc13407d17f3382d69295138f087af3f0d2e97c9e994", &(0x7f0000000540)=@tcp=r3, 0x1}, 0x20) (async)
pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
write$P9_RLERRORu(r4, &(0x7f0000000400)={0x11, 0x7, 0x1, {{0x4, '.^\x8a#'}, 0x740b}}, 0x11) (async)
openat$cgroup_devices(r1, &(0x7f0000000240)='devices.deny\x00', 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async, rerun: 32)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (rerun: 32)
connect$inet6(r5, 0x0, 0x0) (async)
write$9p(r5, &(0x7f00000005c0)="1e02072dbb7391225a99d80c9a4222c4c468640a20c610a30d5b93543f0e88eb7571836506a2b50d5fb2363a6dce5700601eeb8275b237098818c283b4cb1d85e82dbf05ad5ebe566cfdb96c9d6c4a49365b5edb8ec60f6403a80df5976520e4827e6a182ecf6d745b3efa0414ce31638f03208879e6ef0aee85f6536ecf790359e34cdec247e0e73315b4f5ad3472aa0d8ea0ec716dab458905a0935569f0e0892a3bdf254ac9ab95062f4b6ae2fbf3a9a016967bd68ab51ac9fd8f624765f0b3fea1fc88be68437275dcd4414bc364bec8872c558b7904f38d388401b9fa54fc17850ab3d773a95c1fa191ccca", 0xee) (async)
r6 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x400440, 0xf)
write$P9_RATTACH(r6, &(0x7f0000000200)={0x14, 0x69, 0x2, {0x10, 0x1, 0x1}}, 0x14)

[ 2263.063329][T14604] FAULT_INJECTION: forcing a failure.
[ 2263.063329][T14604] name failslab, interval 1, probability 0, space 0, times 0
[ 2263.087529][T14604] CPU: 0 PID: 14604 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2263.099177][T14604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2263.109228][T14604] Call Trace:
[ 2263.112518][T14604]  dump_stack+0x1d8/0x241
[ 2263.116845][T14604]  ? panic+0x73e/0x73e
[ 2263.120910][T14604]  ? check_preemption_disabled+0x9e/0x330
[ 2263.126622][T14604]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2263.132418][T14604]  ? _raw_spin_lock_bh+0xa3/0x1b0
[ 2263.137433][T14604]  ? debug_smp_processor_id+0x20/0x20
[ 2263.142800][T14604]  ? __debugfs_create_file+0x366/0x400
[ 2263.148252][T14604]  should_fail+0x709/0x870
[ 2263.152659][T14604]  ? bdi_register_va+0x46d/0x5e0
[ 2263.157584][T14604]  ? setup_fault_attr+0x3d0/0x3d0
[ 2263.162598][T14604]  ? bdi_register+0xd1/0x120
[ 2263.167179][T14604]  ? __device_add_disk+0x539/0x1200
[ 2263.172365][T14604]  ? kobj_map+0x74/0x650
[ 2263.176601][T14604]  should_failslab+0x5/0x20
[ 2263.181091][T14604]  __kmalloc+0x51/0x2b0
[ 2263.185240][T14604]  kobj_map+0x74/0x650
[ 2263.189299][T14604]  ? disk_check_events+0x5d0/0x5d0
[ 2263.194411][T14604]  ? kobject_get+0xca/0x110
[ 2263.198915][T14604]  ? exact_match+0x10/0x10
[ 2263.203330][T14604]  __device_add_disk+0x63e/0x1200
[ 2263.208352][T14604]  ? device_add_disk+0x30/0x30
[ 2263.213108][T14604]  ? vsprintf+0x30/0x30
[ 2263.217261][T14604]  ? device_initialize+0x1c7/0x3d0
[ 2263.222365][T14604]  ? __alloc_disk_node+0x326/0x380
[ 2263.227473][T14604]  loop_add+0x554/0x710
[ 2263.231625][T14604]  loop_control_ioctl+0x564/0x740
[ 2263.236642][T14604]  ? loop_remove+0xa0/0xa0
[ 2263.241050][T14604]  ? __lru_cache_add+0x1bf/0x210
[ 2263.245981][T14604]  ? memset+0x1f/0x40
[ 2263.249952][T14604]  ? fsnotify+0x1332/0x13f0
[ 2263.254448][T14604]  ? loop_remove+0xa0/0xa0
[ 2263.258858][T14604]  do_vfs_ioctl+0x744/0x1730
12:02:24 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8400008}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)={0x394, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0x130, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd790}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x401}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x874c}, @NL802154_DEVKEY_ATTR_ID={0x4c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_DEVKEY_ATTR_ID={0x5c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3b7d20b8e9357fb}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x200}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0xb8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x20}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x4}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3ff}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_SEC_DEVKEY={0x15c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x40, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x18f}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xf4e}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x800080}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x20}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x34}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x81}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x394}, 0x1, 0x0, 0x0, 0x1}, 0x2000081)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffffff, 0xa042)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r0)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r4, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x1ff)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002cc2009febf3418f67f12aec00f0a900000000dfd0000000000000000000a5e35bd8d4d8d70de9bb7e6e9932d734171df633b1ad8b8cda02c776e4e7ad4376639c6bcb611cc522897bd27ab6b68277b5b0b67045b4694ee0e1021aa92b9021f70f2a2aa873cef38efcb1b1137b1abc02b48dc20ca99295e30a850fc562f2035bfc9dd9fca03ecdeab99b0a72a28c60b2ccd9152ee3852050983cb33fd9aa897bc3131c8638a5c24e873edceae39dccfa50fabf34eb4d25ddbfb99bf56eae1cf8007168a0604154b2ca18c347f848daa9ff7b75252bc2ded87eb90bc2ac6406cfe002ef443075dbc4889afe24403c0d1c09bc80e2ef3261d2eda9058fa5ece5befadf8324fd66bf257f5c381ff300c30fd454ce87f7e681c47c18669c7050ca60acf476f0a59187cede99c29e31d79f055000387fae77ebf8b44a07"], 0x24}, 0x1, 0x0, 0x0, 0x2c000090}, 0x20008090)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00'}) (async)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8400008}, 0xc, &(0x7f00000004c0)={&(0x7f0000000100)={0x394, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0x130, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd790}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x48, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x401}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x874c}, @NL802154_DEVKEY_ATTR_ID={0x4c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_DEVKEY_ATTR_ID={0x5c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3b7d20b8e9357fb}]}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0x200}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVKEY={0xb8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x20}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x4}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3ff}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_SEC_DEVKEY={0x15c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x9}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x40, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x18f}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xf4e}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x800080}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x20}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x34}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x81}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x394}, 0x1, 0x0, 0x0, 0x1}, 0x2000081) (async)
syz_open_dev$loop(&(0x7f0000000000), 0xffffffffffffffff, 0xa042) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), r0) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) (async)
connect$inet6(r4, 0x0, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x1ff) (async)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="20002cc2009febf3418f67f12aec00f0a900000000dfd0000000000000000000a5e35bd8d4d8d70de9bb7e6e9932d734171df633b1ad8b8cda02c776e4e7ad4376639c6bcb611cc522897bd27ab6b68277b5b0b67045b4694ee0e1021aa92b9021f70f2a2aa873cef38efcb1b1137b1abc02b48dc20ca99295e30a850fc562f2035bfc9dd9fca03ecdeab99b0a72a28c60b2ccd9152ee3852050983cb33fd9aa897bc3131c8638a5c24e873edceae39dccfa50fabf34eb4d25ddbfb99bf56eae1cf8007168a0604154b2ca18c347f848daa9ff7b75252bc2ded87eb90bc2ac6406cfe002ef443075dbc4889afe24403c0d1c09bc80e2ef3261d2eda9058fa5ece5befadf8324fd66bf257f5c381ff300c30fd454ce87f7e681c47c18669c7050ca60acf476f0a59187cede99c29e31d79f055000387fae77ebf8b44a07"], 0x24}, 0x1, 0x0, 0x0, 0x2c000090}, 0x20008090) (async)

12:02:24 executing program 0:
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in=@empty, @in6=@mcast2}}, {{@in6=@empty}, 0x0, @in6=@remote}}, &(0x7f0000000380)=0xe8)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$LOOP_SET_FD(r1, 0x4c00, r0) (async)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r2, &(0x7f0000000440)="3bf22f7848c2d7f5530e55037a237d82b3bfa28b9f4a6487ccf90f6ec1651e3c01d6af813f084f75737dcbf7295b1d4bd117fcebe30838c44226dffd7684187a6bfead96604372bbeb2823d11e829b0db391b1415affe6b24b398c00b22e0c5819bfa57dbb6910fb066a89948ca2833cfebb7df3308b0584789b690911a75fbef56a19248ae069be9d17ffd3909744acc2646ab4c765470bf65fd19917611e1860af8c59adbde8d17d886f7983c1f02a77743741754698b0fcb20534cc13407d17f3382d69295138f087af3f0d2e97c9e994", &(0x7f0000000540)=@tcp=r3, 0x1}, 0x20)
pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
write$P9_RLERRORu(r4, &(0x7f0000000400)={0x11, 0x7, 0x1, {{0x4, '.^\x8a#'}, 0x740b}}, 0x11) (async)
openat$cgroup_devices(r1, &(0x7f0000000240)='devices.deny\x00', 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000)="a3a64c6a9cd4780c21c158f598022f9e127c614126f0988aa8e393552ec7edd81b95", &(0x7f0000000100)=@tcp6, 0x4}, 0x20) (async)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r5, 0x0, 0x0)
write$9p(r5, &(0x7f00000005c0)="1e02072dbb7391225a99d80c9a4222c4c468640a20c610a30d5b93543f0e88eb7571836506a2b50d5fb2363a6dce5700601eeb8275b237098818c283b4cb1d85e82dbf05ad5ebe566cfdb96c9d6c4a49365b5edb8ec60f6403a80df5976520e4827e6a182ecf6d745b3efa0414ce31638f03208879e6ef0aee85f6536ecf790359e34cdec247e0e73315b4f5ad3472aa0d8ea0ec716dab458905a0935569f0e0892a3bdf254ac9ab95062f4b6ae2fbf3a9a016967bd68ab51ac9fd8f624765f0b3fea1fc88be68437275dcd4414bc364bec8872c558b7904f38d388401b9fa54fc17850ab3d773a95c1fa191ccca", 0xee)
r6 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x400440, 0xf)
write$P9_RATTACH(r6, &(0x7f0000000200)={0x14, 0x69, 0x2, {0x10, 0x1, 0x1}}, 0x14)

12:02:24 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
renameat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0xffffffffffffffff, 0x0)
write$P9_RREMOVE(r0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x3, 0x0, 0x4, 0x8, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@mangle={'mangle\x00', 0x1f, 0x6, 0xee0, 0xd18, 0xf0, 0x210, 0xd18, 0xd18, 0xe10, 0xe10, 0xe10, 0xe10, 0xe10, 0x6, &(0x7f0000000080), {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x3, {0x564d}}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x28e, 0x80000001, 0x8, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@local, 0x3f, 0xd, 0x6}}}, {{@uncond, 0x0, 0x888, 0x8d0, 0x0, {}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x9, 0x2}, {0xffff, 0x3}, {0xffff0001, 0x2}, {0x3, 0x2}, {0x1, 0x1}, {0x80000000, 0x2}, {0x7, 0x1}, {0xfffffffe, 0x2}, {}, {0x8, 0x2}, {0x7, 0x3}], [{0x80000001, 0xfff}, {0xfffffffb, 0x7}, {0x7ff, 0x7}, {0x9, 0x4}, {0x2, 0x8}, {0x184a, 0x7fffffff}, {0x627, 0x2}, {0x5, 0x85}, {0x7, 0x3}, {0x1, 0x7fffffff}, {0x3, 0x7}], 0x0, 0x8}, {[{0x7355, 0x1}, {0x20, 0x3}, {0x14af4a2e, 0x3}, {0x9, 0x1}, {0x6088, 0x3}, {0x8, 0x3}, {0x8, 0x2}, {0x5, 0x2}, {0x0, 0x2}, {0x4, 0x2}, {0x80000001, 0x1}], [{0x9de1, 0x200}, {0x1ba, 0x1000}, {0x2, 0x7}, {0x7, 0xffff}, {0x9, 0x1d}, {0x3, 0xeb}, {0x9, 0x6654}, {0xffffffff, 0xc9}, {0x1, 0x158e}, {0x80000000, 0xc97}, {0xee6c, 0x4}], 0x5}, {[{0x1, 0x3}, {0x7, 0x1}, {0x6, 0x2}, {0x3f, 0x3}, {0x80000001, 0x3}, {0xdff2}, {0x8, 0x3}, {0x5, 0x2}, {0x8001, 0x1}, {0x4, 0x2}, {0x6, 0x2}], [{0x8, 0xc6}, {0x4e29d82, 0x13}, {0xc0000000, 0x1}, {0x1, 0xfffffff9}, {0xfff, 0x9}, {0xffffffff, 0x1ff}, {0x2, 0x6}, {0x5, 0x947}, {0x9, 0x8}, {0xe8, 0x80000000}, {0x7, 0x6}], 0x8, 0x5}, {[{0x3, 0x2}, {0x124}, {0x0, 0x1}, {0x5, 0x1}, {0x88ac}, {0x80, 0x3}, {0x81, 0x2}, {0x7fff, 0x2}, {0x2}, {0x1d08d8b, 0x1}, {0x7, 0x2}], [{0x84b7, 0xfffffffe}, {0x9fc4, 0x3ff}, {0x251f, 0x1ff}, {0x89e, 0x4}, {0x1c0, 0x7}, {0x200, 0x401}, {0x0, 0x40}, {0xa4e, 0x1b66}, {0x4, 0x7}, {0xb1, 0xc5c3}, {0x6, 0x101}], 0x4, 0x1}, {[{0xe3b4, 0x2}, {0x800}, {0xfff}, {0x7}, {0x2, 0x1}, {0x40}, {0x14}, {0x4, 0x3}, {0x38, 0x1}, {0x2, 0x1}, {0x80, 0x3}], [{0x2a, 0x1}, {0x0, 0x3f}, {0x1, 0x81}, {0x2, 0xfffffff9}, {0x7fffffff, 0x10000}, {0x7f, 0x3}, {0x5}, {0xfff, 0x10000}, {0x5, 0x7}, {0x7ff, 0xff}, {0x1, 0x2edb}], 0x7, 0x2}, {[{0x1000, 0x1}, {0x100}, {0x6, 0x3}, {0x4}, {0x800}, {0x6}, {0x1, 0x1}, {0x0, 0x2}, {0x7, 0x2}, {0x5, 0x3}, {0x293, 0x3}], [{0x7d7a, 0x6}, {0x8, 0x5}, {0x4e0d}, {0xfffffff9, 0x7fff}, {0x4, 0x358e}, {0x9, 0x5}, {0x4}, {0x1, 0x3}, {0x7f}, {0x2, 0x6}, {0xfffffff7, 0xffffff64}], 0x4, 0x9}, {[{0xffff}, {0x6, 0x3}, {0x8, 0x1}, {0x1000, 0x1}, {0x9}, {0x9, 0x1}, {0x100}, {}, {0x10001, 0x1}, {0x10000}, {0x3, 0x3}], [{0x0, 0x1}, {0xfff, 0xffff545e}, {0x5, 0x100}, {0x0, 0x10001}, {0x1000000, 0x800}, {0x5, 0x8}, {0x0, 0x8}, {0x7, 0x3f}, {0x3, 0x2}, {0x2, 0x3ff}, {0xb0, 0x7}], 0x1}, {[{0x1, 0x2}, {0x2, 0x1}, {0x6, 0x3}, {0x3f, 0x3}, {0xc46a}, {0x8}, {0x8, 0x3}, {0x585, 0x3}, {0x6}, {0x61a, 0x3}, {0x2, 0x3}], [{0x7, 0x10001}, {0x8, 0x1}, {0x1, 0x5}, {0x7f, 0xffffffff}, {0x1, 0xffff}, {0x7, 0x40}, {0x9b}, {0x8, 0x80}, {0x10000, 0x8}, {0xfffffffb, 0xb38}, {0x0, 0x5}], 0x2}, {[{0x6, 0x2}, {0xfff, 0x2}, {0x2, 0x2}, {0x2, 0x2}, {0x4, 0x3}, {0x200}, {0x3f, 0x6}, {0x7ff}, {0x80, 0x3}, {0xffffffff, 0x2}, {0x3ff, 0x2}], [{0x9, 0x8}, {0x5, 0xfffffffb}, {0x2, 0x8001}, {0x8, 0x6c}, {0x8, 0x7}, {0x7, 0x6}, {0x745, 0x531}, {0xffff00e9, 0x7}, {0x4, 0xfff}, {0x1ff, 0x80}, {0x20, 0x9}], 0x9, 0x8}, {[{0xa}, {0x9, 0x3}, {0xffffffff}, {0x0, 0x2}, {0x8, 0x3}, {0x3f, 0x1}, {0x3, 0x1}, {0x80, 0x3}, {0x9, 0x1}, {0x6, 0x3}, {0x2, 0x3}], [{0x3}, {0x3ff, 0x8}, {0x100, 0x400}, {0x6, 0xfffffff9}, {0x9, 0x7f}, {0x8, 0x54d}, {0x5, 0x80000001}, {0xffffffff, 0x1000}, {0x9, 0x2}, {0x6, 0x2}, {0x7ff, 0x4}], 0x8, 0x5}, {[{0x2}, {0x7c37, 0x3}, {0xffffff73, 0x3}, {0x20000, 0x2}, {0xe86, 0x1}, {0x80, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x9}, {0x5, 0x1}, {0x8, 0x3}], [{0x401, 0x8001}, {0x101, 0x3}, {0x8, 0x400}, {0x9, 0x2}, {0x7fffffff, 0x80}, {0x6}, {0x2, 0xfffff88e}, {0x1, 0x8}, {0x6db7, 0x303}, {0x8, 0x9}, {0x0, 0x2c6}], 0x6, 0x8}], 0x4, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa010100, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x1c, 0xd, 0x7}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d5], 0x7ff, 0x1f, 0x2}}, @common=@rt={{0x138}, {0x9, [0x4, 0x6], 0x8001, 0x10, 0x2, [@private0, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @local, @mcast2, @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x3c}, @private0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @remote, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, @ipv4={'\x00', '\xff\xff', @loopback}], 0x2}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [0xff000000, 0xff, 0xff, 0xff], [0x0, 0xffffff00, 0xffffffff], 'ip6_vti0\x00', 'gre0\x00', {0xff}, {0xff}, 0xc, 0x5, 0x8, 0x70}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xb}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xf40)
socket$igmp6(0xa, 0x3, 0x2) (async)
renameat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0xffffffffffffffff, 0x0) (async)
write$P9_RREMOVE(r0, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x3, 0x0, 0x4, 0x8, 0x1}, 0x20) (async)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000100)=@mangle={'mangle\x00', 0x1f, 0x6, 0xee0, 0xd18, 0xf0, 0x210, 0xd18, 0xd18, 0xe10, 0xe10, 0xe10, 0xe10, 0xe10, 0x6, &(0x7f0000000080), {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x3, {0x564d}}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x28e, 0x80000001, 0x8, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv6=@local, 0x3f, 0xd, 0x6}}}, {{@uncond, 0x0, 0x888, 0x8d0, 0x0, {}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x9, 0x2}, {0xffff, 0x3}, {0xffff0001, 0x2}, {0x3, 0x2}, {0x1, 0x1}, {0x80000000, 0x2}, {0x7, 0x1}, {0xfffffffe, 0x2}, {}, {0x8, 0x2}, {0x7, 0x3}], [{0x80000001, 0xfff}, {0xfffffffb, 0x7}, {0x7ff, 0x7}, {0x9, 0x4}, {0x2, 0x8}, {0x184a, 0x7fffffff}, {0x627, 0x2}, {0x5, 0x85}, {0x7, 0x3}, {0x1, 0x7fffffff}, {0x3, 0x7}], 0x0, 0x8}, {[{0x7355, 0x1}, {0x20, 0x3}, {0x14af4a2e, 0x3}, {0x9, 0x1}, {0x6088, 0x3}, {0x8, 0x3}, {0x8, 0x2}, {0x5, 0x2}, {0x0, 0x2}, {0x4, 0x2}, {0x80000001, 0x1}], [{0x9de1, 0x200}, {0x1ba, 0x1000}, {0x2, 0x7}, {0x7, 0xffff}, {0x9, 0x1d}, {0x3, 0xeb}, {0x9, 0x6654}, {0xffffffff, 0xc9}, {0x1, 0x158e}, {0x80000000, 0xc97}, {0xee6c, 0x4}], 0x5}, {[{0x1, 0x3}, {0x7, 0x1}, {0x6, 0x2}, {0x3f, 0x3}, {0x80000001, 0x3}, {0xdff2}, {0x8, 0x3}, {0x5, 0x2}, {0x8001, 0x1}, {0x4, 0x2}, {0x6, 0x2}], [{0x8, 0xc6}, {0x4e29d82, 0x13}, {0xc0000000, 0x1}, {0x1, 0xfffffff9}, {0xfff, 0x9}, {0xffffffff, 0x1ff}, {0x2, 0x6}, {0x5, 0x947}, {0x9, 0x8}, {0xe8, 0x80000000}, {0x7, 0x6}], 0x8, 0x5}, {[{0x3, 0x2}, {0x124}, {0x0, 0x1}, {0x5, 0x1}, {0x88ac}, {0x80, 0x3}, {0x81, 0x2}, {0x7fff, 0x2}, {0x2}, {0x1d08d8b, 0x1}, {0x7, 0x2}], [{0x84b7, 0xfffffffe}, {0x9fc4, 0x3ff}, {0x251f, 0x1ff}, {0x89e, 0x4}, {0x1c0, 0x7}, {0x200, 0x401}, {0x0, 0x40}, {0xa4e, 0x1b66}, {0x4, 0x7}, {0xb1, 0xc5c3}, {0x6, 0x101}], 0x4, 0x1}, {[{0xe3b4, 0x2}, {0x800}, {0xfff}, {0x7}, {0x2, 0x1}, {0x40}, {0x14}, {0x4, 0x3}, {0x38, 0x1}, {0x2, 0x1}, {0x80, 0x3}], [{0x2a, 0x1}, {0x0, 0x3f}, {0x1, 0x81}, {0x2, 0xfffffff9}, {0x7fffffff, 0x10000}, {0x7f, 0x3}, {0x5}, {0xfff, 0x10000}, {0x5, 0x7}, {0x7ff, 0xff}, {0x1, 0x2edb}], 0x7, 0x2}, {[{0x1000, 0x1}, {0x100}, {0x6, 0x3}, {0x4}, {0x800}, {0x6}, {0x1, 0x1}, {0x0, 0x2}, {0x7, 0x2}, {0x5, 0x3}, {0x293, 0x3}], [{0x7d7a, 0x6}, {0x8, 0x5}, {0x4e0d}, {0xfffffff9, 0x7fff}, {0x4, 0x358e}, {0x9, 0x5}, {0x4}, {0x1, 0x3}, {0x7f}, {0x2, 0x6}, {0xfffffff7, 0xffffff64}], 0x4, 0x9}, {[{0xffff}, {0x6, 0x3}, {0x8, 0x1}, {0x1000, 0x1}, {0x9}, {0x9, 0x1}, {0x100}, {}, {0x10001, 0x1}, {0x10000}, {0x3, 0x3}], [{0x0, 0x1}, {0xfff, 0xffff545e}, {0x5, 0x100}, {0x0, 0x10001}, {0x1000000, 0x800}, {0x5, 0x8}, {0x0, 0x8}, {0x7, 0x3f}, {0x3, 0x2}, {0x2, 0x3ff}, {0xb0, 0x7}], 0x1}, {[{0x1, 0x2}, {0x2, 0x1}, {0x6, 0x3}, {0x3f, 0x3}, {0xc46a}, {0x8}, {0x8, 0x3}, {0x585, 0x3}, {0x6}, {0x61a, 0x3}, {0x2, 0x3}], [{0x7, 0x10001}, {0x8, 0x1}, {0x1, 0x5}, {0x7f, 0xffffffff}, {0x1, 0xffff}, {0x7, 0x40}, {0x9b}, {0x8, 0x80}, {0x10000, 0x8}, {0xfffffffb, 0xb38}, {0x0, 0x5}], 0x2}, {[{0x6, 0x2}, {0xfff, 0x2}, {0x2, 0x2}, {0x2, 0x2}, {0x4, 0x3}, {0x200}, {0x3f, 0x6}, {0x7ff}, {0x80, 0x3}, {0xffffffff, 0x2}, {0x3ff, 0x2}], [{0x9, 0x8}, {0x5, 0xfffffffb}, {0x2, 0x8001}, {0x8, 0x6c}, {0x8, 0x7}, {0x7, 0x6}, {0x745, 0x531}, {0xffff00e9, 0x7}, {0x4, 0xfff}, {0x1ff, 0x80}, {0x20, 0x9}], 0x9, 0x8}, {[{0xa}, {0x9, 0x3}, {0xffffffff}, {0x0, 0x2}, {0x8, 0x3}, {0x3f, 0x1}, {0x3, 0x1}, {0x80, 0x3}, {0x9, 0x1}, {0x6, 0x3}, {0x2, 0x3}], [{0x3}, {0x3ff, 0x8}, {0x100, 0x400}, {0x6, 0xfffffff9}, {0x9, 0x7f}, {0x8, 0x54d}, {0x5, 0x80000001}, {0xffffffff, 0x1000}, {0x9, 0x2}, {0x6, 0x2}, {0x7ff, 0x4}], 0x8, 0x5}, {[{0x2}, {0x7c37, 0x3}, {0xffffff73, 0x3}, {0x20000, 0x2}, {0xe86, 0x1}, {0x80, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x9}, {0x5, 0x1}, {0x8, 0x3}], [{0x401, 0x8001}, {0x101, 0x3}, {0x8, 0x400}, {0x9, 0x2}, {0x7fffffff, 0x80}, {0x6}, {0x2, 0xfffff88e}, {0x1, 0x8}, {0x6db7, 0x303}, {0x8, 0x9}, {0x0, 0x2c6}], 0x6, 0x8}], 0x4, 0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private=0xa010100, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x1c, 0xd, 0x7}}}, {{@uncond, 0x0, 0x210, 0x238, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d5], 0x7ff, 0x1f, 0x2}}, @common=@rt={{0x138}, {0x9, [0x4, 0x6], 0x8001, 0x10, 0x2, [@private0, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @local, @mcast2, @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x3c}, @private0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @remote, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, @ipv4={'\x00', '\xff\xff', @loopback}], 0x2}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, [0xff000000, 0xff, 0xff, 0xff], [0x0, 0xffffff00, 0xffffffff], 'ip6_vti0\x00', 'gre0\x00', {0xff}, {0xff}, 0xc, 0x5, 0x8, 0x70}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xb}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xf40) (async)

12:02:24 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0) (fail_nth: 78)

[ 2263.263444][T14604]  ? selinux_file_ioctl+0x723/0x970
[ 2263.268632][T14604]  ? ioctl_preallocate+0x250/0x250
[ 2263.273741][T14604]  ? __fget+0x40c/0x4a0
[ 2263.277888][T14604]  ? fget_many+0x20/0x20
[ 2263.282121][T14604]  ? check_preemption_disabled+0x154/0x330
[ 2263.287945][T14604]  ? debug_smp_processor_id+0x20/0x20
[ 2263.293310][T14604]  ? security_file_ioctl+0x9d/0xb0
[ 2263.298410][T14604]  __x64_sys_ioctl+0xd4/0x110
[ 2263.303078][T14604]  do_syscall_64+0xcb/0x1c0
[ 2263.307574][T14604]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
12:02:24 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xde, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x8, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3}, 0x48)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000240)="a3a64c6a9cd47c614126f0988aa8e393552e32e1d81b9591a36cf0ea9e2528f1c25a3d3498973d9472817cc287a41ffc19641eddcc8a0396eb6ff18567fdff792752e4cb7f366f4c8ffe756cae19d3c75a099431ae80c3395d547836a2f7e5175d49acae38429f4c58149b34ce70f1add7c88cf22f93160950ef3339a9c426012baaf456a6e56a78d3ce47026b2a", &(0x7f0000000000)=@tcp6, 0x4}, 0x20)

12:02:24 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0) (async)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0) (async)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000200), 0x422e40, 0x0)
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r2, &(0x7f0000000240)='./file0\x00', 0x7)
futimesat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180))

12:02:24 executing program 5:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f0000000080)=0x1e)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3ff}, 0x1c)

[ 2263.401175][T14653] FAULT_INJECTION: forcing a failure.
[ 2263.401175][T14653] name failslab, interval 1, probability 0, space 0, times 0
[ 2263.418245][T14653] CPU: 1 PID: 14653 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2263.429885][T14653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2263.439934][T14653] Call Trace:
[ 2263.443228][T14653]  dump_stack+0x1d8/0x241
[ 2263.447554][T14653]  ? panic+0x73e/0x73e
[ 2263.451616][T14653]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[ 2263.457416][T14653]  ? __kasan_kmalloc+0x1a5/0x1e0
[ 2263.462344][T14653]  ? loop_add+0x554/0x710
[ 2263.466665][T14653]  ? __kasan_kmalloc+0x131/0x1e0
[ 2263.471592][T14653]  ? kobj_map+0x74/0x650
[ 2263.475825][T14653]  ? __device_add_disk+0x63e/0x1200
[ 2263.481015][T14653]  should_fail+0x709/0x870
[ 2263.485421][T14653]  ? setup_fault_attr+0x3d0/0x3d0
[ 2263.490437][T14653]  ? kobject_set_name_vargs+0x5d/0x110
[ 2263.495889][T14653]  should_failslab+0x5/0x20
[ 2263.500387][T14653]  __kmalloc_track_caller+0x4f/0x280
[ 2263.505665][T14653]  kstrdup_const+0x51/0x90
[ 2263.510076][T14653]  kobject_set_name_vargs+0x5d/0x110
[ 2263.515354][T14653]  dev_set_name+0xd1/0x120
[ 2263.519763][T14653]  ? get_device+0x30/0x30
[ 2263.524080][T14653]  ? kobj_map+0x61f/0x650
[ 2263.528405][T14653]  __device_add_disk+0x6c3/0x1200
[ 2263.533420][T14653]  ? device_add_disk+0x30/0x30
[ 2263.538178][T14653]  ? device_initialize+0x1c7/0x3d0
[ 2263.543283][T14653]  ? __alloc_disk_node+0x326/0x380
12:02:24 executing program 4:
socket$igmp6(0xa, 0x3, 0x2)

[ 2263.548390][T14653]  loop_add+0x554/0x710
[ 2263.552537][T14653]  loop_control_ioctl+0x564/0x740
[ 2263.557556][T14653]  ? loop_remove+0xa0/0xa0
[ 2263.561965][T14653]  ? __lru_cache_add+0x1bf/0x210
[ 2263.566891][T14653]  ? memset+0x1f/0x40
[ 2263.570860][T14653]  ? fsnotify+0x1332/0x13f0
[ 2263.575358][T14653]  ? loop_remove+0xa0/0xa0
[ 2263.579762][T14653]  do_vfs_ioctl+0x744/0x1730
[ 2263.584341][T14653]  ? selinux_file_ioctl+0x723/0x970
[ 2263.589527][T14653]  ? ioctl_preallocate+0x250/0x250
[ 2263.594638][T14653]  ? __fget+0x40c/0x4a0
12:02:24 executing program 1:
write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000240)={0x7, 0x4d, 0x1}, 0x7)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x800100000000003, 0x300)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000100)={r0, 0x7, {0x0, 0x0, 0x0, 0xc35, 0x0, 0x0, 0xa, 0x9, 0x0, "b934f3ad6a83135d869ccbb8a416ead7ffa844005f7d56b6246658db46df56c7736f385114db96def8958639825f1ec9b2e13c7074bafd4f767e5944f9bc3293", "38cb21f5ff8ef7fc2a379bd04f24249929790e05f0607298fa4e9c45106eb89742efdc2004997e707e0821ab572fa696194918cfe1b03aea4c9aaea30bab9284", "82727208b99f16d338b6c4bed0d1d63c02deedc59ae020127c522b9b7d2142c6", [0x5, 0x3]}})
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000040)={0x0, {}, 0x0, {}, 0xfffffff7, 0x1, 0x17, 0x4, "37cbeb08d6f8ed0a86adc67a100489828eac91adde489c1670bfbc3f3413fd0f572f234214169565f4fe37623a68a75e0ccacf487d567973d86be80c3ce343c4", "434406e70e33842b52a3f2b87155e86a20b394bdc14707e9cf85d80d86d5301f", [0xc32, 0x7]})
write$P9_RSTATFS(0xffffffffffffffff, &(0x7f0000000280)={0x43, 0x9, 0x2, {0x0, 0x7, 0x7fff, 0x33, 0x0, 0x9, 0x7, 0x6, 0xa60e}}, 0x43)

[ 2263.598794][T14653]  ? fget_many+0x20/0x20
[ 2263.603031][T14653]  ? check_preemption_disabled+0x154/0x330
[ 2263.608830][T14653]  ? debug_smp_processor_id+0x20/0x20
[ 2263.614195][T14653]  ? security_file_ioctl+0x9d/0xb0
[ 2263.619304][T14653]  __x64_sys_ioctl+0xd4/0x110
[ 2263.623973][T14653]  do_syscall_64+0xcb/0x1c0
[ 2263.628478][T14653]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2263.641568][T14653] kobject_add_internal failed for queue (error: -2 parent: (null))
[ 2263.649784][T14653] ------------[ cut here ]------------
[ 2263.655255][T14653] WARNING: CPU: 1 PID: 14653 at fs/sysfs/file.c:328 sysfs_create_files+0x215/0x4a0
[ 2263.664597][T14653] Modules linked in:
[ 2263.668488][T14653] CPU: 1 PID: 14653 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2263.680094][T14653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2263.690158][T14653] RIP: 0010:sysfs_create_files+0x215/0x4a0
[ 2263.695956][T14653] Code: 24 04 48 b9 00 00 00 00 00 fc ff df 48 8b 54 24 08 4c 8b 74 24 20 eb 2b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 e8 8b 1c ab ff <0f> 0b c7 44 24 04 ea ff ff ff 48 b9 00 00 00 00 00 fc ff df 48 8b
[ 2263.715554][T14653] RSP: 0018:ffff8881eb2a7920 EFLAGS: 00010246
[ 2263.721612][T14653] RAX: ffffffff81ba2f11 RBX: ffff8881cf6c00a0 RCX: 0000000000040000
[ 2263.729575][T14653] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2263.737539][T14653] RBP: ffff8881eb2a79f0 R08: ffffffff843e6101 R09: ffffed103de0c684
[ 2263.745500][T14653] R10: ffffed103de0c684 R11: 1ffff1103de0c683 R12: 0000000000000000
[ 2263.753466][T14653] R13: ffffffff84fd7060 R14: ffff8881cf6c0070 R15: ffffffff85e45820
[ 2263.761431][T14653] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2263.770348][T14653] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2263.776921][T14653] CR2: 00007fce6db6b988 CR3: 00000001e1269000 CR4: 00000000003406e0
[ 2263.784895][T14653] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2263.792861][T14653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2263.800823][T14653] Call Trace:
[ 2263.804113][T14653]  ? sysfs_create_file_ns+0x2a0/0x2a0
[ 2263.809478][T14653]  ? kobject_get+0xca/0x110
[ 2263.813976][T14653]  __device_add_disk+0x92b/0x1200
[ 2263.818994][T14653]  ? device_add_disk+0x30/0x30
[ 2263.823751][T14653]  ? device_initialize+0x1c7/0x3d0
[ 2263.828855][T14653]  ? __alloc_disk_node+0x326/0x380
[ 2263.833961][T14653]  loop_add+0x554/0x710
[ 2263.838115][T14653]  loop_control_ioctl+0x564/0x740
[ 2263.843139][T14653]  ? loop_remove+0xa0/0xa0
[ 2263.847545][T14653]  ? __lru_cache_add+0x1bf/0x210
[ 2263.852471][T14653]  ? memset+0x1f/0x40
[ 2263.856441][T14653]  ? fsnotify+0x1332/0x13f0
[ 2263.860933][T14653]  ? loop_remove+0xa0/0xa0
[ 2263.865361][T14653]  do_vfs_ioctl+0x744/0x1730
[ 2263.869943][T14653]  ? selinux_file_ioctl+0x723/0x970
[ 2263.875130][T14653]  ? ioctl_preallocate+0x250/0x250
[ 2263.880232][T14653]  ? __fget+0x40c/0x4a0
[ 2263.884377][T14653]  ? fget_many+0x20/0x20
[ 2263.888609][T14653]  ? check_preemption_disabled+0x154/0x330
[ 2263.894402][T14653]  ? debug_smp_processor_id+0x20/0x20
[ 2263.899769][T14653]  ? security_file_ioctl+0x9d/0xb0
[ 2263.904869][T14653]  __x64_sys_ioctl+0xd4/0x110
[ 2263.909541][T14653]  do_syscall_64+0xcb/0x1c0
[ 2263.914035][T14653]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2263.919910][T14653] ---[ end trace 9fb896c1b706f714 ]---
[ 2263.928008][T14653] ------------[ cut here ]------------
[ 2263.933510][T14653] kernfs: can not remove 'events', no directory
[ 2263.940091][T14653] WARNING: CPU: 1 PID: 14653 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90
[ 2263.949794][T14653] Modules linked in:
[ 2263.953692][T14653] CPU: 1 PID: 14653 Comm: syz-executor.2 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2263.965300][T14653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2263.975368][T14653] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90
[ 2263.981517][T14653] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 00 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7
[ 2264.001116][T14653] RSP: 0018:ffff8881eb2a7900 EFLAGS: 00010246
[ 2264.007263][T14653] RAX: 3db58aaa3053ea00 RBX: 0000000000000000 RCX: 0000000000040000
[ 2264.015227][T14653] RDX: ffffc90001d52000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2264.023193][T14653] RBP: ffff8881eb2a79f0 R08: ffffffff814e3a77 R09: ffffed103edeaa08
[ 2264.031257][T14653] R10: ffffed103edeaa08 R11: 1ffff1103edeaa07 R12: ffffffff85e45820
[ 2264.039226][T14653] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff84fd7120
[ 2264.047194][T14653] FS:  00007f5fe0796700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 2264.056115][T14653] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2264.062694][T14653] CR2: 00007fce6db6b988 CR3: 00000001e1269000 CR4: 00000000003406e0
[ 2264.070663][T14653] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2264.078627][T14653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2264.086590][T14653] Call Trace:
[ 2264.089886][T14653]  sysfs_create_files+0x40a/0x4a0
[ 2264.094912][T14653]  ? sysfs_create_file_ns+0x2a0/0x2a0
[ 2264.100279][T14653]  ? kobject_get+0xca/0x110
[ 2264.104776][T14653]  __device_add_disk+0x92b/0x1200
[ 2264.109801][T14653]  ? device_add_disk+0x30/0x30
[ 2264.114562][T14653]  ? device_initialize+0x1c7/0x3d0
[ 2264.119674][T14653]  ? __alloc_disk_node+0x326/0x380
[ 2264.124778][T14653]  loop_add+0x554/0x710
[ 2264.128925][T14653]  loop_control_ioctl+0x564/0x740
[ 2264.133943][T14653]  ? loop_remove+0xa0/0xa0
[ 2264.138352][T14653]  ? __lru_cache_add+0x1bf/0x210
[ 2264.143279][T14653]  ? memset+0x1f/0x40
[ 2264.147254][T14653]  ? fsnotify+0x1332/0x13f0
[ 2264.151744][T14653]  ? loop_remove+0xa0/0xa0
[ 2264.156150][T14653]  do_vfs_ioctl+0x744/0x1730
[ 2264.160731][T14653]  ? selinux_file_ioctl+0x723/0x970
[ 2264.165921][T14653]  ? ioctl_preallocate+0x250/0x250
[ 2264.171021][T14653]  ? __fget+0x40c/0x4a0
[ 2264.175190][T14653]  ? fget_many+0x20/0x20
[ 2264.179424][T14653]  ? check_preemption_disabled+0x154/0x330
[ 2264.185224][T14653]  ? debug_smp_processor_id+0x20/0x20
[ 2264.190592][T14653]  ? security_file_ioctl+0x9d/0xb0
[ 2264.195702][T14653]  __x64_sys_ioctl+0xd4/0x110
[ 2264.200371][T14653]  do_syscall_64+0xcb/0x1c0
12:02:25 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
connect$inet6(r1, 0x0, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000000200)={0x7, 0x4d, 0x1}, 0x7)
execveat(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[&(0x7f0000000080)='\x00'], &(0x7f0000000140)=[&(0x7f0000000100)='-@\xa3+\xa7\x00'], 0x1000)
r2 = syz_open_dev$vcsu(&(0x7f0000000000), 0x10001, 0x240002)
getpeername$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x1c)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c81, 0x0)

12:02:25 executing program 2:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r0, 0x4c80, 0x0)

[ 2264.204870][T14653]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2264.210756][T14653] ---[ end trace 9fb896c1b706f715 ]---
[ 2264.218920][T14653] loop0: failed to create sysfs files for events
[ 2264.229747][T14658] ------------[ cut here ]------------
[ 2264.245483][T14658] kernfs: can not remove 'events', no directory
[ 2264.267390][T14658] WARNING: CPU: 0 PID: 14658 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90
[ 2264.277195][T14658] Modules linked in:
[ 2264.281095][T14658] CPU: 0 PID: 14658 Comm: syz-executor.0 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2264.292705][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2264.302769][T14658] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90
[ 2264.308914][T14658] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 00 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7
[ 2264.328509][T14658] RSP: 0018:ffff8881eb407a20 EFLAGS: 00010246
[ 2264.334567][T14658] RAX: 8baccd5a498a4b00 RBX: 0000000000000000 RCX: 0000000000040000
[ 2264.342529][T14658] RDX: ffffc90000f4b000 RSI: 0000000000011e3a RDI: 0000000000011e3b
[ 2264.350492][T14658] RBP: ffffffff85e45820 R08: ffffffff814e3a77 R09: ffffed103edcaa08
[ 2264.358455][T14658] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000000
[ 2264.366418][T14658] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd7120
[ 2264.374381][T14658] FS:  00007fdebbe2d700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2264.383299][T14658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2264.389874][T14658] CR2: 00005555565f1728 CR3: 00000001d14b8000 CR4: 00000000003406f0
[ 2264.397841][T14658] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2264.405804][T14658] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2264.413761][T14658] Call Trace:
[ 2264.417059][T14658]  sysfs_remove_files+0x99/0xf0
[ 2264.421902][T14658]  del_gendisk+0x26e/0xbf0
[ 2264.426310][T14658]  ? device_add_disk_no_queue_reg+0x20/0x20
[ 2264.432193][T14658]  loop_remove+0x42/0xa0
[ 2264.436425][T14658]  loop_control_ioctl+0x67f/0x740
[ 2264.441441][T14658]  ? loop_remove+0xa0/0xa0
[ 2264.445847][T14658]  ? loop_remove+0xa0/0xa0
[ 2264.450253][T14658]  do_vfs_ioctl+0x744/0x1730
[ 2264.454834][T14658]  ? selinux_file_ioctl+0x723/0x970
[ 2264.460018][T14658]  ? ioctl_preallocate+0x250/0x250
[ 2264.465127][T14658]  ? __fget+0x40c/0x4a0
[ 2264.469270][T14658]  ? fget_many+0x20/0x20
[ 2264.473499][T14658]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 2264.479039][T14658]  ? security_file_ioctl+0x9d/0xb0
[ 2264.484144][T14658]  __x64_sys_ioctl+0xd4/0x110
[ 2264.488809][T14658]  do_syscall_64+0xcb/0x1c0
[ 2264.493303][T14658]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2264.499180][T14658] ---[ end trace 9fb896c1b706f716 ]---
[ 2264.551111][T14658] ------------[ cut here ]------------
[ 2264.556646][T14658] kernfs: can not remove 'events_async', no directory
[ 2264.563788][T14658] WARNING: CPU: 0 PID: 14658 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90
[ 2264.573492][T14658] Modules linked in:
[ 2264.577385][T14658] CPU: 0 PID: 14658 Comm: syz-executor.0 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2264.588993][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2264.599064][T14658] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90
[ 2264.605210][T14658] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 00 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7
[ 2264.624805][T14658] RSP: 0018:ffff8881eb407a20 EFLAGS: 00010246
[ 2264.630866][T14658] RAX: 8baccd5a498a4b00 RBX: 0000000000000000 RCX: 0000000000040000
[ 2264.638829][T14658] RDX: ffffc90000f4b000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2264.646794][T14658] RBP: ffffffff85e45820 R08: ffffffff814e3a77 R09: ffffed103edcaa08
[ 2264.654761][T14658] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000000
[ 2264.662724][T14658] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd71c0
[ 2264.670790][T14658] FS:  00007fdebbe2d700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2264.679708][T14658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2264.686285][T14658] CR2: 00005555565f1728 CR3: 00000001d14b8000 CR4: 00000000003406f0
[ 2264.694252][T14658] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2264.702215][T14658] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2264.710180][T14658] Call Trace:
[ 2264.713465][T14658]  sysfs_remove_files+0x99/0xf0
[ 2264.718312][T14658]  del_gendisk+0x26e/0xbf0
[ 2264.722720][T14658]  ? device_add_disk_no_queue_reg+0x20/0x20
[ 2264.728610][T14658]  loop_remove+0x42/0xa0
[ 2264.732841][T14658]  loop_control_ioctl+0x67f/0x740
[ 2264.737854][T14658]  ? loop_remove+0xa0/0xa0
[ 2264.742259][T14658]  ? loop_remove+0xa0/0xa0
[ 2264.746667][T14658]  do_vfs_ioctl+0x744/0x1730
[ 2264.751250][T14658]  ? selinux_file_ioctl+0x723/0x970
[ 2264.756438][T14658]  ? ioctl_preallocate+0x250/0x250
[ 2264.761536][T14658]  ? __fget+0x40c/0x4a0
[ 2264.765683][T14658]  ? fget_many+0x20/0x20
[ 2264.769915][T14658]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 2264.775451][T14658]  ? security_file_ioctl+0x9d/0xb0
[ 2264.780551][T14658]  __x64_sys_ioctl+0xd4/0x110
[ 2264.785219][T14658]  do_syscall_64+0xcb/0x1c0
[ 2264.789717][T14658]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2264.795597][T14658] ---[ end trace 9fb896c1b706f717 ]---
[ 2264.803179][T14658] ------------[ cut here ]------------
[ 2264.808699][T14658] kernfs: can not remove 'events_poll_msecs', no directory
[ 2264.815998][T14658] WARNING: CPU: 0 PID: 14658 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90
[ 2264.825696][T14658] Modules linked in:
[ 2264.829593][T14658] CPU: 0 PID: 14658 Comm: syz-executor.0 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2264.841209][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2264.851371][T14658] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90
[ 2264.857512][T14658] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 00 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7
[ 2264.877111][T14658] RSP: 0018:ffff8881eb407a20 EFLAGS: 00010246
[ 2264.883165][T14658] RAX: 8baccd5a498a4b00 RBX: 0000000000000000 RCX: 0000000000040000
[ 2264.891129][T14658] RDX: ffffc90000f4b000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2264.899094][T14658] RBP: ffffffff85e45820 R08: ffffffff814e3a77 R09: ffffed103edc52b2
[ 2264.907056][T14658] R10: ffffed103edc52b2 R11: 1ffff1103edc52b1 R12: 0000000000000000
[ 2264.915022][T14658] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd71e0
[ 2264.922987][T14658] FS:  00007fdebbe2d700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2264.931905][T14658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2264.938480][T14658] CR2: 00005555565f1728 CR3: 00000001d14b8000 CR4: 00000000003406f0
[ 2264.946449][T14658] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2264.955366][T14658] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2264.963325][T14658] Call Trace:
[ 2264.966610][T14658]  sysfs_remove_files+0x99/0xf0
[ 2264.971451][T14658]  del_gendisk+0x26e/0xbf0
[ 2264.975858][T14658]  ? device_add_disk_no_queue_reg+0x20/0x20
[ 2264.981738][T14658]  loop_remove+0x42/0xa0
[ 2264.985971][T14658]  loop_control_ioctl+0x67f/0x740
[ 2264.991002][T14658]  ? loop_remove+0xa0/0xa0
[ 2264.995405][T14658]  ? loop_remove+0xa0/0xa0
[ 2264.999806][T14658]  do_vfs_ioctl+0x744/0x1730
[ 2265.004381][T14658]  ? selinux_file_ioctl+0x723/0x970
[ 2265.009565][T14658]  ? ioctl_preallocate+0x250/0x250
[ 2265.014659][T14658]  ? __fget+0x40c/0x4a0
[ 2265.018802][T14658]  ? fget_many+0x20/0x20
[ 2265.023027][T14658]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 2265.028560][T14658]  ? security_file_ioctl+0x9d/0xb0
[ 2265.033659][T14658]  __x64_sys_ioctl+0xd4/0x110
[ 2265.038328][T14658]  do_syscall_64+0xcb/0x1c0
[ 2265.042821][T14658]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2265.048702][T14658] ---[ end trace 9fb896c1b706f718 ]---
[ 2265.056545][T14658] ------------[ cut here ]------------
[ 2265.062105][T14658] kernfs: can not remove 'bdi', no directory
[ 2265.068534][T14658] WARNING: CPU: 0 PID: 14658 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0x61/0x90
[ 2265.078233][T14658] Modules linked in:
[ 2265.082124][T14658] CPU: 0 PID: 14658 Comm: syz-executor.0 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2265.093726][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2265.103783][T14658] RIP: 0010:kernfs_remove_by_name_ns+0x61/0x90
[ 2265.109923][T14658] Code: 48 89 c3 e8 61 79 ab ff 48 89 df e8 e9 ee ff ff 31 db eb 29 e8 50 79 ab ff 48 c7 c7 00 0d e8 84 4c 89 fe 31 c0 e8 4f 52 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 31 79 ab ff bb fe ff ff ff 48 c7 c7
[ 2265.129527][T14658] RSP: 0018:ffff8881eb407a60 EFLAGS: 00010246
[ 2265.135583][T14658] RAX: 8baccd5a498a4b00 RBX: 0000000000000000 RCX: 0000000000040000
[ 2265.143543][T14658] RDX: ffffc90000f4b000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2265.151502][T14658] RBP: ffff8881eb407b68 R08: ffffffff814e3a77 R09: ffffed103edcaa08
[ 2265.159462][T14658] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: ffff8881cf6c0000
[ 2265.167417][T14658] R13: ffff8881cf6c04e8 R14: 0000000000000000 R15: ffffffff84fd6c80
[ 2265.175383][T14658] FS:  00007fdebbe2d700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2265.184309][T14658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2265.190887][T14658] CR2: 00005555565f1728 CR3: 00000001d14b8000 CR4: 00000000003406f0
[ 2265.198849][T14658] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2265.206812][T14658] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2265.214771][T14658] Call Trace:
[ 2265.218057][T14658]  del_gendisk+0x593/0xbf0
[ 2265.222466][T14658]  ? device_add_disk_no_queue_reg+0x20/0x20
[ 2265.228354][T14658]  loop_remove+0x42/0xa0
[ 2265.232583][T14658]  loop_control_ioctl+0x67f/0x740
[ 2265.237596][T14658]  ? loop_remove+0xa0/0xa0
[ 2265.242088][T14658]  ? loop_remove+0xa0/0xa0
[ 2265.246506][T14658]  do_vfs_ioctl+0x744/0x1730
[ 2265.251096][T14658]  ? selinux_file_ioctl+0x723/0x970
[ 2265.256291][T14658]  ? ioctl_preallocate+0x250/0x250
[ 2265.261391][T14658]  ? __fget+0x40c/0x4a0
[ 2265.265537][T14658]  ? fget_many+0x20/0x20
[ 2265.269768][T14658]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 2265.275304][T14658]  ? security_file_ioctl+0x9d/0xb0
[ 2265.280404][T14658]  __x64_sys_ioctl+0xd4/0x110
[ 2265.285075][T14658]  do_syscall_64+0xcb/0x1c0
[ 2265.289571][T14658]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2265.295445][T14658] ---[ end trace 9fb896c1b706f719 ]---
[ 2265.303264][T14658] kasan: CONFIG_KASAN_INLINE enabled
[ 2265.308609][T14658] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 2265.316720][T14658] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 2265.323648][T14658] CPU: 0 PID: 14658 Comm: syz-executor.0 Tainted: G        W         5.4.219-syzkaller-00013-g4a947285bcca #0
[ 2265.335254][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 2265.345317][T14658] RIP: 0010:strlen+0x2a/0x60
[ 2265.349895][T14658] Code: 41 57 41 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 90 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
[ 2265.369493][T14658] RSP: 0018:ffff8881eb4079c0 EFLAGS: 00010246
[ 2265.375544][T14658] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[ 2265.383505][T14658] RDX: ffffc90000f4b000 RSI: 000000000003ffff RDI: 0000000000000000
[ 2265.391463][T14658] RBP: 0000000000000000 R08: ffffffff81b9a329 R09: ffffed103d680f3d
[ 2265.399429][T14658] R10: ffffed103d680f3d R11: 1ffff1103d680f3c R12: ffffffffffffffff
[ 2265.407388][T14658] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
[ 2265.415350][T14658] FS:  00007fdebbe2d700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2265.424270][T14658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2265.430841][T14658] CR2: 00005555565f1728 CR3: 00000001d14b8000 CR4: 00000000003406f0
[ 2265.438803][T14658] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2265.446764][T14658] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2265.454725][T14658] Call Trace:
[ 2265.458010][T14658]  kernfs_name_hash+0x1e/0x220
[ 2265.462769][T14658]  kernfs_find_ns+0x6b/0x260
[ 2265.467349][T14658]  kernfs_remove_by_name_ns+0x32/0x90
[ 2265.472711][T14658]  del_gendisk+0x98a/0xbf0
[ 2265.477120][T14658]  ? device_add_disk_no_queue_reg+0x20/0x20
[ 2265.483008][T14658]  loop_remove+0x42/0xa0
[ 2265.487240][T14658]  loop_control_ioctl+0x67f/0x740
[ 2265.492253][T14658]  ? loop_remove+0xa0/0xa0
[ 2265.496665][T14658]  ? loop_remove+0xa0/0xa0
[ 2265.501073][T14658]  do_vfs_ioctl+0x744/0x1730
[ 2265.505650][T14658]  ? selinux_file_ioctl+0x723/0x970
[ 2265.510843][T14658]  ? ioctl_preallocate+0x250/0x250
[ 2265.515942][T14658]  ? __fget+0x40c/0x4a0
[ 2265.520089][T14658]  ? fget_many+0x20/0x20
[ 2265.524317][T14658]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 2265.529853][T14658]  ? security_file_ioctl+0x9d/0xb0
[ 2265.534954][T14658]  __x64_sys_ioctl+0xd4/0x110
[ 2265.539619][T14658]  do_syscall_64+0xcb/0x1c0
[ 2265.544108][T14658]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 2265.549984][T14658] Modules linked in:
[ 2265.556085][T14658] ---[ end trace 9fb896c1b706f71a ]---
[ 2265.561624][T14658] RIP: 0010:strlen+0x2a/0x60
[ 2265.566237][T14658] Code: 41 57 41 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 90 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
[ 2265.586452][T14658] RSP: 0018:ffff8881eb4079c0 EFLAGS: 00010246
[ 2265.592767][T14658] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[ 2265.600964][T14658] RDX: ffffc90000f4b000 RSI: 000000000003ffff RDI: 0000000000000000
[ 2265.609151][T14658] RBP: 0000000000000000 R08: ffffffff81b9a329 R09: ffffed103d680f3d
[ 2265.617165][T14658] R10: ffffed103d680f3d R11: 1ffff1103d680f3c R12: ffffffffffffffff
[ 2265.625423][T14658] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
[ 2265.633699][T14658] FS:  00007fdebbe2d700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 2265.643164][T14658] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2265.649961][T14658] CR2: 00005555565f1728 CR3: 00000001d14b8000 CR4: 00000000003406f0
[ 2265.658149][T14658] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2265.666162][T14658] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2265.674396][T14658] Kernel panic - not syncing: Fatal exception
[ 2265.680514][T14658] Kernel Offset: disabled
[ 2265.684822][T14658] Rebooting in 86400 seconds..