&(0x7f0000000280)={r9, 0xd89}, &(0x7f00000002c0)=0x8) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) r11 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r12 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r12) r13 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r13, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r13, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r12, 0x84, 0x1, &(0x7f00000000c0)={r14, 0xb21}, 0x14) setsockopt$inet_sctp6_SCTP_MAXSEG(r11, 0x84, 0xd, &(0x7f0000000300)=@assoc_value={r14}, 0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000000c0)={r10, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000040)={r10, 0x80, 0x9, 0x5c7, 0x7ff, 0x61}, &(0x7f00000000c0)=0x14) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r15, 0x5, 0x38fe}, 0xc) [ 1146.577990] ? __raw_spin_lock_init+0x2d/0x100 [ 1146.582662] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1146.582681] tty_ioctl+0x8f7/0x1320 [ 1146.582690] ? hci_uart_tty_poll+0x10/0x10 [ 1146.582702] ? tty_vhangup+0x30/0x30 [ 1146.582723] ? __might_sleep+0x93/0xb0 [ 1146.602446] ? __fget+0x210/0x370 [ 1146.605902] ? tty_vhangup+0x30/0x30 [ 1146.609614] do_vfs_ioctl+0x7ae/0x1060 [ 1146.613507] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1146.618267] ? lock_downgrade+0x740/0x740 [ 1146.622421] ? ioctl_preallocate+0x1c0/0x1c0 [ 1146.627097] ? __fget+0x237/0x370 [ 1146.630561] ? security_file_ioctl+0x89/0xb0 [ 1146.634976] SyS_ioctl+0x8f/0xc0 [ 1146.638345] ? do_vfs_ioctl+0x1060/0x1060 [ 1146.642503] do_syscall_64+0x1e8/0x640 [ 1146.646518] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1146.646949] audit: type=1400 audit(1572608285.083:154): avc: denied { create } for pid=5081 comm="syz-executor.1" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1 [ 1146.651368] entry_SYSCALL_64_after_hwframe+0x42/0xb7 11:38:05 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, 0x0}, 0x0) [ 1146.651378] RIP: 0033:0x459f49 [ 1146.651384] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1146.651396] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1146.651403] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1146.651409] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1146.651414] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1146.651419] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1146.661580] Bluetooth: Can't register HCI device 11:38:05 executing program 2 (fault-call:2 fault-nth:21): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1146.752229] FAULT_INJECTION: forcing a failure. [ 1146.752229] name failslab, interval 1, probability 0, space 0, times 0 [ 1146.774491] CPU: 0 PID: 5115 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1146.781523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.781529] Call Trace: [ 1146.781544] dump_stack+0x138/0x197 [ 1146.781565] should_fail.cold+0x10f/0x159 [ 1146.781583] should_failslab+0xdb/0x130 [ 1146.781596] kmem_cache_alloc_trace+0x2e9/0x790 [ 1146.781616] apply_wqattrs_prepare+0x16d/0x960 [ 1146.781639] apply_workqueue_attrs_locked+0xa7/0x120 [ 1146.781653] apply_workqueue_attrs+0x31/0x50 [ 1146.781666] __alloc_workqueue_key+0x78d/0xec0 [ 1146.781674] ? pointer+0xb10/0xb10 [ 1146.781693] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1146.781707] ? ida_remove+0x230/0x230 [ 1146.781717] ? __lockdep_init_map+0x10c/0x570 [ 1146.781734] hci_register_dev+0x1a7/0x810 [ 1146.781750] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1146.781765] tty_ioctl+0x8f7/0x1320 [ 1146.805501] ? hci_uart_tty_poll+0x10/0x10 [ 1146.805517] ? tty_vhangup+0x30/0x30 [ 1146.805541] ? __might_sleep+0x93/0xb0 [ 1146.805551] ? __fget+0x210/0x370 [ 1146.805571] ? tty_vhangup+0x30/0x30 [ 1146.878149] do_vfs_ioctl+0x7ae/0x1060 [ 1146.882023] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1146.886759] ? lock_downgrade+0x740/0x740 [ 1146.890891] ? ioctl_preallocate+0x1c0/0x1c0 [ 1146.895280] ? __fget+0x237/0x370 [ 1146.898719] ? security_file_ioctl+0x89/0xb0 [ 1146.903112] SyS_ioctl+0x8f/0xc0 [ 1146.906460] ? do_vfs_ioctl+0x1060/0x1060 [ 1146.910591] do_syscall_64+0x1e8/0x640 [ 1146.914458] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1146.919291] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1146.924465] RIP: 0033:0x459f49 [ 1146.927636] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1146.935326] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1146.942585] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 11:38:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCGIDLE(r2, 0x8010743f, &(0x7f0000000000)) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0xffffffffffffff3b, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}, 0x1}], 0x3, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) 11:38:05 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, 0x0}, 0x0) [ 1146.949835] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1146.957096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1146.964364] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1146.974302] Bluetooth: Can't register HCI device [ 1147.012094] FAULT_INJECTION: forcing a failure. [ 1147.012094] name failslab, interval 1, probability 0, space 0, times 0 [ 1147.027889] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1147.054562] CPU: 1 PID: 5122 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1147.061512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1147.061517] Call Trace: [ 1147.061536] dump_stack+0x138/0x197 [ 1147.061556] should_fail.cold+0x10f/0x159 [ 1147.061572] should_failslab+0xdb/0x130 [ 1147.061588] kmem_cache_alloc+0x2d7/0x780 [ 1147.061602] ? find_held_lock+0x35/0x130 [ 1147.061614] ? sysfs_do_create_link_sd.isra.0+0x82/0x120 [ 1147.061627] __kernfs_new_node+0x70/0x420 [ 1147.061642] kernfs_new_node+0x80/0xf0 [ 1147.061653] kernfs_create_link+0x2c/0x170 [ 1147.061663] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1147.061674] sysfs_create_link+0x65/0xc0 [ 1147.081460] device_add+0x447/0x1490 [ 1147.081479] ? device_private_init+0x190/0x190 [ 1147.081497] hci_register_dev+0x2d9/0x810 [ 1147.081507] ? __raw_spin_lock_init+0x2d/0x100 [ 1147.081525] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1147.089616] tty_ioctl+0x8f7/0x1320 [ 1147.089626] ? hci_uart_tty_poll+0x10/0x10 [ 1147.089638] ? tty_vhangup+0x30/0x30 [ 1147.089658] ? __might_sleep+0x93/0xb0 [ 1147.099115] ? __fget+0x210/0x370 [ 1147.099135] ? tty_vhangup+0x30/0x30 [ 1147.099145] do_vfs_ioctl+0x7ae/0x1060 [ 1147.099157] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1147.107151] ? lock_downgrade+0x740/0x740 [ 1147.107166] ? ioctl_preallocate+0x1c0/0x1c0 [ 1147.107178] ? __fget+0x237/0x370 [ 1147.107196] ? security_file_ioctl+0x89/0xb0 [ 1147.116668] SyS_ioctl+0x8f/0xc0 [ 1147.116679] ? do_vfs_ioctl+0x1060/0x1060 [ 1147.116694] do_syscall_64+0x1e8/0x640 [ 1147.116702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1147.116720] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1147.124446] RIP: 0033:0x459f49 [ 1147.124453] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1147.124465] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1147.124471] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1147.124478] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1147.124483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1147.124490] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1147.160305] Bluetooth: Can't register HCI device [ 1149.130204] Bluetooth: hci1 command 0x1003 tx timeout [ 1149.135503] Bluetooth: hci1 sending frame failed (-49) [ 1149.200149] net_ratelimit: 20 callbacks suppressed [ 1149.200153] protocol 88fb is buggy, dev hsr_slave_0 [ 1149.210174] protocol 88fb is buggy, dev hsr_slave_1 [ 1149.680168] protocol 88fb is buggy, dev hsr_slave_0 [ 1149.685305] protocol 88fb is buggy, dev hsr_slave_1 [ 1149.690546] protocol 88fb is buggy, dev hsr_slave_0 [ 1149.695587] protocol 88fb is buggy, dev hsr_slave_1 [ 1150.480132] protocol 88fb is buggy, dev hsr_slave_0 [ 1150.485193] protocol 88fb is buggy, dev hsr_slave_1 [ 1150.490333] protocol 88fb is buggy, dev hsr_slave_0 [ 1150.495363] protocol 88fb is buggy, dev hsr_slave_1 [ 1151.200201] Bluetooth: hci1 command 0x1001 tx timeout [ 1151.205498] Bluetooth: hci1 sending frame failed (-49) [ 1153.280180] Bluetooth: hci1 command 0x1009 tx timeout [ 1154.640268] net_ratelimit: 20 callbacks suppressed [ 1154.640272] protocol 88fb is buggy, dev hsr_slave_0 [ 1154.650355] protocol 88fb is buggy, dev hsr_slave_1 [ 1154.655486] protocol 88fb is buggy, dev hsr_slave_0 [ 1154.660556] protocol 88fb is buggy, dev hsr_slave_1 [ 1154.960224] protocol 88fb is buggy, dev hsr_slave_0 [ 1154.965361] protocol 88fb is buggy, dev hsr_slave_1 [ 1155.440177] protocol 88fb is buggy, dev hsr_slave_0 [ 1155.445276] protocol 88fb is buggy, dev hsr_slave_1 [ 1155.920203] protocol 88fb is buggy, dev hsr_slave_0 [ 1155.925285] protocol 88fb is buggy, dev hsr_slave_1 11:38:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) rt_sigsuspend(&(0x7f0000000000)={0x6}, 0x8) 11:38:16 executing program 0 (fault-call:2 fault-nth:7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:38:16 executing program 2 (fault-call:2 fault-nth:22): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:38:16 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={0x0}}, 0x0) 11:38:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x10001, 0x20001) r2 = geteuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) r9 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r10) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r13) r14 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r15) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r16) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r17) r18 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r18, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r19) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000440), &(0x7f0000000480)=0x0, &(0x7f00000004c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r22) r23 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r23, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r24) fsetxattr$system_posix_acl(r1, &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000000500)=ANY=[@ANYBLOB="02000000010003000000000002000400", @ANYRES32=r2, @ANYBLOB="02000200", @ANYRES32=r3, @ANYBLOB="02000200", @ANYRES32=r4, @ANYBLOB="02000200", @ANYRES32=r6, @ANYBLOB="02002baf", @ANYRES32=r8, @ANYBLOB="02000b00", @ANYRES32=r10, @ANYBLOB="02000000", @ANYRES32=r11, @ANYBLOB="040004f4ca00000018004200", @ANYRES32=r12, @ANYBLOB="08000400", @ANYRES32=r13, @ANYBLOB="08000200", @ANYRES32=r15, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r16, @ANYBLOB="08000100", @ANYRES32=r17, @ANYBLOB="08000500", @ANYRES32=r19, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r20, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r21, @ANYBLOB="08000600", @ANYRES32=r22, @ANYBLOB="08000100", @ANYRES32=r24, @ANYBLOB="10000700000000002000030000000000"], 0xac, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:38:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000380)) ptrace$setregset(0x4205, r2, 0x6, &(0x7f0000000000)={&(0x7f0000000100)="50bc83631d2b264aa327972e1cf62dd951b71745f0a036bfcf39dd34ab4e2d68b0964414ee2af4b6eeb29087c0fb2f74217a48a9f08b5037b3542bc79d936a75ef9243f83a77c7c1df44b19811798b71f4b4cc5295a8b91c82bd91a0e382329b25e4caeda84c0cd1855b07932d37fc68", 0x70}) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r3, &(0x7f00000017c0), 0x331, 0x0) [ 1157.658967] FAULT_INJECTION: forcing a failure. [ 1157.658967] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.678394] CPU: 1 PID: 5151 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1157.685347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.694703] Call Trace: [ 1157.697298] dump_stack+0x138/0x197 [ 1157.700946] should_fail.cold+0x10f/0x159 [ 1157.705101] should_failslab+0xdb/0x130 [ 1157.709066] kmem_cache_alloc_trace+0x2e9/0x790 [ 1157.713724] apply_wqattrs_prepare+0x16d/0x960 [ 1157.718293] apply_workqueue_attrs_locked+0xa7/0x120 [ 1157.723417] apply_workqueue_attrs+0x31/0x50 [ 1157.727814] __alloc_workqueue_key+0x78d/0xec0 [ 1157.732379] ? pointer+0xb10/0xb10 [ 1157.735906] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1157.740914] ? ida_remove+0x230/0x230 [ 1157.744697] ? __lockdep_init_map+0x10c/0x570 [ 1157.749182] hci_register_dev+0x1a7/0x810 [ 1157.753332] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1157.757649] tty_ioctl+0x8f7/0x1320 [ 1157.761266] ? hci_uart_tty_poll+0x10/0x10 [ 1157.765479] ? tty_vhangup+0x30/0x30 [ 1157.769180] ? __might_sleep+0x93/0xb0 [ 1157.773051] ? __fget+0x210/0x370 [ 1157.776496] ? tty_vhangup+0x30/0x30 [ 1157.780189] do_vfs_ioctl+0x7ae/0x1060 [ 1157.784066] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1157.788810] ? lock_downgrade+0x740/0x740 [ 1157.792937] ? ioctl_preallocate+0x1c0/0x1c0 [ 1157.797344] ? __fget+0x237/0x370 [ 1157.800804] ? security_file_ioctl+0x89/0xb0 [ 1157.805213] SyS_ioctl+0x8f/0xc0 [ 1157.808572] ? do_vfs_ioctl+0x1060/0x1060 [ 1157.812717] do_syscall_64+0x1e8/0x640 [ 1157.816599] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1157.821440] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1157.826609] RIP: 0033:0x459f49 [ 1157.829779] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1157.837465] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1157.844714] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1157.852146] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 11:38:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDADDIO(r2, 0x400455c8, 0x8000000000000000) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 11:38:16 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={0x0}}, 0x0) 11:38:16 executing program 0 (fault-call:2 fault-nth:8): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1157.859525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1157.866775] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1157.880008] Bluetooth: Can't register HCI device [ 1157.891834] FAULT_INJECTION: forcing a failure. [ 1157.891834] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.938499] Bluetooth: hci0: Frame reassembly failed (-84) [ 1157.966950] CPU: 0 PID: 5153 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1157.973903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.983257] Call Trace: 11:38:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1157.985857] dump_stack+0x138/0x197 [ 1157.989495] should_fail.cold+0x10f/0x159 [ 1157.993654] should_failslab+0xdb/0x130 [ 1157.997730] __kmalloc_track_caller+0x2ec/0x790 [ 1158.002412] ? __down_trylock_console_sem+0x71/0x200 [ 1158.007518] ? kstrdup_const+0x48/0x60 [ 1158.011410] kstrdup+0x3a/0x70 [ 1158.014607] kstrdup_const+0x48/0x60 [ 1158.018328] __kernfs_new_node+0x2f/0x420 [ 1158.022474] ? vprintk_func+0x65/0x159 [ 1158.026357] kernfs_new_node+0x80/0xf0 [ 1158.030231] kernfs_create_dir_ns+0x41/0x140 [ 1158.034722] sysfs_create_dir_ns+0xbe/0x1d0 [ 1158.039068] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1158.044676] kobject_add+0x11f/0x180 [ 1158.048371] ? kset_create_and_add+0x180/0x180 [ 1158.052936] ? mutex_unlock+0xd/0x10 [ 1158.056636] device_add+0x383/0x1490 [ 1158.060339] ? device_initialize+0x430/0x430 [ 1158.064748] ? device_private_init+0x190/0x190 [ 1158.069323] ? up_write+0x1a/0x60 [ 1158.072761] hci_register_dev+0x2d9/0x810 [ 1158.076895] ? __raw_spin_lock_init+0x2d/0x100 [ 1158.081482] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1158.085799] tty_ioctl+0x8f7/0x1320 [ 1158.089413] ? hci_uart_tty_poll+0x10/0x10 [ 1158.093667] ? tty_vhangup+0x30/0x30 [ 1158.097370] ? __might_sleep+0x93/0xb0 [ 1158.101243] ? __fget+0x210/0x370 [ 1158.104716] ? tty_vhangup+0x30/0x30 [ 1158.108416] do_vfs_ioctl+0x7ae/0x1060 [ 1158.112285] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1158.117021] ? lock_downgrade+0x740/0x740 [ 1158.121163] ? ioctl_preallocate+0x1c0/0x1c0 [ 1158.125559] ? __fget+0x237/0x370 [ 1158.129000] ? security_file_ioctl+0x89/0xb0 [ 1158.133392] SyS_ioctl+0x8f/0xc0 [ 1158.136738] ? do_vfs_ioctl+0x1060/0x1060 [ 1158.140877] do_syscall_64+0x1e8/0x640 [ 1158.144752] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1158.149584] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1158.154770] RIP: 0033:0x459f49 [ 1158.157946] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1158.165640] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1158.172901] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1158.180156] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 11:38:16 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={0x0}}, 0x0) [ 1158.187416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1158.194677] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1158.206179] kobject_add_internal failed for hci2 (error: -12 parent: bluetooth) [ 1158.214477] Bluetooth: Can't register HCI device [ 1158.214706] FAULT_INJECTION: forcing a failure. [ 1158.214706] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.231447] CPU: 0 PID: 5173 Comm: syz-executor.0 Not tainted 4.14.151 #0 11:38:16 executing program 2 (fault-call:2 fault-nth:23): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1158.238388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.247735] Call Trace: [ 1158.250326] dump_stack+0x138/0x197 [ 1158.253956] should_fail.cold+0x10f/0x159 [ 1158.258096] should_failslab+0xdb/0x130 [ 1158.264058] kmem_cache_alloc_node+0x287/0x780 [ 1158.268629] alloc_unbound_pwq+0x486/0xbc0 [ 1158.272862] apply_wqattrs_prepare+0x355/0x960 [ 1158.277438] apply_workqueue_attrs_locked+0xa7/0x120 [ 1158.282524] apply_workqueue_attrs+0x31/0x50 [ 1158.286915] __alloc_workqueue_key+0x78d/0xec0 [ 1158.291485] ? pointer+0xb10/0xb10 [ 1158.295028] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1158.300044] ? ida_remove+0x230/0x230 [ 1158.303833] ? __lockdep_init_map+0x10c/0x570 [ 1158.308401] hci_register_dev+0x1a7/0x810 [ 1158.312544] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1158.316857] tty_ioctl+0x8f7/0x1320 [ 1158.320462] ? hci_uart_tty_poll+0x10/0x10 [ 1158.324685] ? tty_vhangup+0x30/0x30 [ 1158.328385] ? __might_sleep+0x93/0xb0 [ 1158.332266] ? __fget+0x210/0x370 [ 1158.335725] ? tty_vhangup+0x30/0x30 [ 1158.339428] do_vfs_ioctl+0x7ae/0x1060 [ 1158.343298] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1158.348035] ? lock_downgrade+0x740/0x740 [ 1158.352173] ? ioctl_preallocate+0x1c0/0x1c0 [ 1158.356569] ? __fget+0x237/0x370 [ 1158.360011] ? security_file_ioctl+0x89/0xb0 [ 1158.364409] SyS_ioctl+0x8f/0xc0 [ 1158.367765] ? do_vfs_ioctl+0x1060/0x1060 [ 1158.371908] do_syscall_64+0x1e8/0x640 [ 1158.375792] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1158.380653] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1158.385831] RIP: 0033:0x459f49 [ 1158.389016] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1158.396704] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1158.403953] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1158.411208] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1158.418467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1158.425716] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1158.441266] Bluetooth: Can't register HCI device [ 1158.525062] FAULT_INJECTION: forcing a failure. [ 1158.525062] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.551736] CPU: 1 PID: 5181 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1158.558778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.568233] Call Trace: [ 1158.570816] dump_stack+0x138/0x197 [ 1158.570837] should_fail.cold+0x10f/0x159 [ 1158.570853] should_failslab+0xdb/0x130 [ 1158.570865] kmem_cache_alloc+0x2d7/0x780 [ 1158.586856] __kernfs_new_node+0x70/0x420 [ 1158.591015] kernfs_new_node+0x80/0xf0 [ 1158.594911] kernfs_create_dir_ns+0x41/0x140 [ 1158.599326] internal_create_group+0xea/0x7b0 [ 1158.603815] ? kernfs_put+0x35e/0x490 [ 1158.607605] sysfs_create_group+0x20/0x30 [ 1158.611737] dpm_sysfs_add+0x26/0x1b0 [ 1158.615539] device_add+0x968/0x1490 [ 1158.619234] ? device_private_init+0x190/0x190 [ 1158.623809] hci_register_dev+0x2d9/0x810 [ 1158.627950] ? __raw_spin_lock_init+0x2d/0x100 [ 1158.632530] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1158.636846] tty_ioctl+0x8f7/0x1320 [ 1158.640453] ? hci_uart_tty_poll+0x10/0x10 [ 1158.644679] ? tty_vhangup+0x30/0x30 [ 1158.648380] ? __might_sleep+0x93/0xb0 [ 1158.652369] ? __fget+0x210/0x370 [ 1158.655803] ? tty_vhangup+0x30/0x30 [ 1158.659497] do_vfs_ioctl+0x7ae/0x1060 [ 1158.663366] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1158.668100] ? lock_downgrade+0x740/0x740 [ 1158.672259] ? ioctl_preallocate+0x1c0/0x1c0 [ 1158.676649] ? __fget+0x237/0x370 [ 1158.680083] ? security_file_ioctl+0x89/0xb0 [ 1158.684471] SyS_ioctl+0x8f/0xc0 [ 1158.687822] ? do_vfs_ioctl+0x1060/0x1060 [ 1158.691954] do_syscall_64+0x1e8/0x640 [ 1158.695819] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1158.700646] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1158.705811] RIP: 0033:0x459f49 [ 1158.708976] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1158.716805] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1158.724054] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1158.731305] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1158.738646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1158.745893] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1158.754428] Bluetooth: Can't register HCI device [ 1160.000097] Bluetooth: hci0 command 0x1003 tx timeout [ 1160.005403] Bluetooth: hci0 sending frame failed (-49) [ 1160.240143] net_ratelimit: 22 callbacks suppressed [ 1160.240148] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.250171] protocol 88fb is buggy, dev hsr_slave_1 [ 1160.255236] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.260315] protocol 88fb is buggy, dev hsr_slave_1 [ 1160.560161] Bluetooth: hci2 command 0x1003 tx timeout [ 1160.565466] Bluetooth: hci2 sending frame failed (-49) [ 1160.880100] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.885166] protocol 88fb is buggy, dev hsr_slave_1 [ 1160.890277] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.895302] protocol 88fb is buggy, dev hsr_slave_1 [ 1161.200131] protocol 88fb is buggy, dev hsr_slave_0 [ 1161.205231] protocol 88fb is buggy, dev hsr_slave_1 [ 1162.080136] Bluetooth: hci0 command 0x1001 tx timeout [ 1162.085426] Bluetooth: hci0 sending frame failed (-49) [ 1162.640195] Bluetooth: hci2 command 0x1001 tx timeout [ 1162.645527] Bluetooth: hci2 sending frame failed (-49) [ 1164.160125] Bluetooth: hci0 command 0x1009 tx timeout [ 1164.720146] Bluetooth: hci2 command 0x1009 tx timeout [ 1165.360168] net_ratelimit: 22 callbacks suppressed [ 1165.360172] protocol 88fb is buggy, dev hsr_slave_0 [ 1165.370274] protocol 88fb is buggy, dev hsr_slave_1 [ 1165.840182] protocol 88fb is buggy, dev hsr_slave_0 [ 1165.845251] protocol 88fb is buggy, dev hsr_slave_1 [ 1166.480163] protocol 88fb is buggy, dev hsr_slave_0 [ 1166.485246] protocol 88fb is buggy, dev hsr_slave_1 [ 1166.490435] protocol 88fb is buggy, dev hsr_slave_0 [ 1166.495463] protocol 88fb is buggy, dev hsr_slave_1 [ 1167.120178] protocol 88fb is buggy, dev hsr_slave_0 [ 1167.125258] protocol 88fb is buggy, dev hsr_slave_1 11:38:27 executing program 0 (fault-call:2 fault-nth:9): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:38:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x80000, 0x0) ioctl$TCFLSH(r2, 0x540b, 0x9511) r3 = getpid() sched_setscheduler(r3, 0x0, &(0x7f0000000380)) fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x3, r3}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) r5 = getpid() sched_setscheduler(r5, 0x0, &(0x7f0000000380)) ptrace$getregs(0xd5908a216eca6b48, r5, 0x80, &(0x7f0000000140)=""/66) 11:38:27 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x0, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:38:27 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x301000, 0x0) accept$ax25(r1, &(0x7f0000000140)={{0x3, @bcast}, [@bcast, @remote, @remote, @remote, @bcast, @bcast, @rose, @null]}, &(0x7f00000001c0)=0x48) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_open_dev$rtc(&(0x7f00000000c0)='/dev/rtc#\x00', 0x1, 0x8000) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x1, 0x2) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x5) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:38:27 executing program 2 (fault-call:2 fault-nth:24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:38:27 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x0, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1168.527749] FAULT_INJECTION: forcing a failure. [ 1168.527749] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.546817] FAULT_INJECTION: forcing a failure. [ 1168.546817] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.558777] CPU: 0 PID: 5191 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1168.565719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1168.575293] Call Trace: [ 1168.575314] dump_stack+0x138/0x197 [ 1168.575333] should_fail.cold+0x10f/0x159 [ 1168.575349] should_failslab+0xdb/0x130 [ 1168.575361] kmem_cache_alloc+0x2d7/0x780 [ 1168.575372] ? kernfs_find_and_get_ns+0x4b/0x60 [ 1168.575387] __kernfs_new_node+0x70/0x420 [ 1168.575397] ? lock_downgrade+0x740/0x740 [ 1168.575409] kernfs_new_node+0x80/0xf0 [ 1168.575421] __kernfs_create_file+0x46/0x323 [ 1168.575433] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1168.575446] sysfs_add_file+0x4f/0x60 [ 1168.585789] sysfs_merge_group+0xe2/0x210 [ 1168.585806] dpm_sysfs_add+0x121/0x1b0 [ 1168.585821] device_add+0x968/0x1490 [ 1168.593927] ? device_private_init+0x190/0x190 [ 1168.602812] hci_register_dev+0x2d9/0x810 [ 1168.602825] ? __raw_spin_lock_init+0x2d/0x100 [ 1168.602841] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1168.602855] tty_ioctl+0x8f7/0x1320 [ 1168.602864] ? hci_uart_tty_poll+0x10/0x10 [ 1168.602875] ? tty_vhangup+0x30/0x30 [ 1168.602894] ? __might_sleep+0x93/0xb0 [ 1168.602902] ? __fget+0x210/0x370 [ 1168.602918] ? tty_vhangup+0x30/0x30 [ 1168.611005] do_vfs_ioctl+0x7ae/0x1060 [ 1168.611018] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1168.611030] ? lock_downgrade+0x740/0x740 [ 1168.611042] ? ioctl_preallocate+0x1c0/0x1c0 [ 1168.611054] ? __fget+0x237/0x370 [ 1168.611070] ? security_file_ioctl+0x89/0xb0 [ 1168.611082] SyS_ioctl+0x8f/0xc0 [ 1168.611091] ? do_vfs_ioctl+0x1060/0x1060 [ 1168.611104] do_syscall_64+0x1e8/0x640 [ 1168.611112] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1168.611130] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1168.722490] RIP: 0033:0x459f49 [ 1168.725676] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1168.733378] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1168.740643] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1168.747909] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1168.755171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1168.764258] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1168.771544] CPU: 1 PID: 5189 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1168.778476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1168.778480] Call Trace: [ 1168.778496] dump_stack+0x138/0x197 [ 1168.778516] should_fail.cold+0x10f/0x159 [ 1168.790438] should_failslab+0xdb/0x130 [ 1168.790451] __kmalloc+0x2f0/0x7a0 [ 1168.790464] ? wait_for_completion+0x420/0x420 [ 1168.790475] ? pwq_adjust_max_active+0x372/0x560 [ 1168.790486] ? __alloc_workqueue_key+0x114/0xec0 [ 1168.794602] Bluetooth: Can't register HCI device [ 1168.798271] __alloc_workqueue_key+0x114/0xec0 [ 1168.798280] ? pointer+0xb10/0xb10 [ 1168.798298] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1168.805805] ? ida_remove+0x230/0x230 [ 1168.805817] ? __lockdep_init_map+0x10c/0x570 [ 1168.805835] hci_register_dev+0x209/0x810 [ 1168.815290] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1168.815306] tty_ioctl+0x8f7/0x1320 [ 1168.815317] ? hci_uart_tty_poll+0x10/0x10 [ 1168.824797] ? tty_vhangup+0x30/0x30 [ 1168.824820] ? __might_sleep+0x93/0xb0 [ 1168.824831] ? __fget+0x210/0x370 [ 1168.850339] ? tty_vhangup+0x30/0x30 [ 1168.850352] do_vfs_ioctl+0x7ae/0x1060 [ 1168.850364] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1168.850375] ? lock_downgrade+0x740/0x740 [ 1168.850386] ? ioctl_preallocate+0x1c0/0x1c0 [ 1168.850398] ? __fget+0x237/0x370 [ 1168.850416] ? security_file_ioctl+0x89/0xb0 [ 1168.858341] SyS_ioctl+0x8f/0xc0 [ 1168.858351] ? do_vfs_ioctl+0x1060/0x1060 [ 1168.858365] do_syscall_64+0x1e8/0x640 [ 1168.858374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1168.858392] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1168.858401] RIP: 0033:0x459f49 11:38:27 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000100)=""/159) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0xc) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) 11:38:27 executing program 2 (fault-call:2 fault-nth:25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1168.858407] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1168.858418] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1168.858425] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1168.949163] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1168.956416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1168.963669] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:38:27 executing program 0 (fault-call:2 fault-nth:10): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1169.007928] Bluetooth: Can't register HCI device [ 1169.057798] FAULT_INJECTION: forcing a failure. [ 1169.057798] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.076996] CPU: 1 PID: 5211 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1169.083985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.083994] Call Trace: [ 1169.095931] dump_stack+0x138/0x197 [ 1169.099572] should_fail.cold+0x10f/0x159 [ 1169.103726] should_failslab+0xdb/0x130 [ 1169.103741] kmem_cache_alloc+0x2d7/0x780 [ 1169.103753] ? wait_for_completion+0x420/0x420 [ 1169.103773] __kernfs_new_node+0x70/0x420 [ 1169.103788] kernfs_new_node+0x80/0xf0 [ 1169.103800] __kernfs_create_file+0x46/0x323 [ 1169.103812] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1169.103825] sysfs_add_file+0x4f/0x60 [ 1169.137355] sysfs_merge_group+0xe2/0x210 [ 1169.141515] dpm_sysfs_add+0x121/0x1b0 [ 1169.145171] FAULT_INJECTION: forcing a failure. [ 1169.145171] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.145406] device_add+0x968/0x1490 [ 1169.160282] ? device_private_init+0x190/0x190 [ 1169.164872] hci_register_dev+0x2d9/0x810 [ 1169.169014] ? __raw_spin_lock_init+0x2d/0x100 [ 1169.173596] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1169.177922] tty_ioctl+0x8f7/0x1320 [ 1169.181553] ? hci_uart_tty_poll+0x10/0x10 [ 1169.185782] ? tty_vhangup+0x30/0x30 [ 1169.189498] ? __might_sleep+0x93/0xb0 [ 1169.193388] ? __fget+0x210/0x370 [ 1169.196843] ? tty_vhangup+0x30/0x30 [ 1169.200549] do_vfs_ioctl+0x7ae/0x1060 [ 1169.204440] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1169.209202] ? lock_downgrade+0x740/0x740 [ 1169.213349] ? ioctl_preallocate+0x1c0/0x1c0 [ 1169.217753] ? __fget+0x237/0x370 [ 1169.221208] ? security_file_ioctl+0x89/0xb0 [ 1169.225616] SyS_ioctl+0x8f/0xc0 [ 1169.228985] ? do_vfs_ioctl+0x1060/0x1060 [ 1169.233136] do_syscall_64+0x1e8/0x640 [ 1169.237015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1169.241855] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1169.247050] RIP: 0033:0x459f49 [ 1169.250231] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1169.257934] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1169.265196] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1169.272459] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1169.279720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1169.286980] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1169.294264] CPU: 0 PID: 5218 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1169.301211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.301215] Call Trace: [ 1169.301231] dump_stack+0x138/0x197 [ 1169.301248] should_fail.cold+0x10f/0x159 [ 1169.301264] should_failslab+0xdb/0x130 [ 1169.301276] __kmalloc+0x2f0/0x7a0 [ 1169.301289] ? wait_for_completion+0x420/0x420 [ 1169.313191] ? pwq_adjust_max_active+0x372/0x560 [ 1169.313202] ? __alloc_workqueue_key+0x114/0xec0 [ 1169.313217] __alloc_workqueue_key+0x114/0xec0 [ 1169.317299] Bluetooth: Can't register HCI device [ 1169.320965] ? pointer+0xb10/0xb10 [ 1169.320985] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1169.321000] ? ida_remove+0x230/0x230 [ 1169.321010] ? __lockdep_init_map+0x10c/0x570 [ 1169.321027] hci_register_dev+0x209/0x810 [ 1169.328518] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1169.328533] tty_ioctl+0x8f7/0x1320 [ 1169.328542] ? hci_uart_tty_poll+0x10/0x10 [ 1169.337861] ? tty_vhangup+0x30/0x30 [ 1169.337881] ? __might_sleep+0x93/0xb0 [ 1169.337891] ? __fget+0x210/0x370 [ 1169.347195] ? tty_vhangup+0x30/0x30 [ 1169.347205] do_vfs_ioctl+0x7ae/0x1060 [ 1169.347217] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1169.408281] ? lock_downgrade+0x740/0x740 [ 1169.412412] ? ioctl_preallocate+0x1c0/0x1c0 [ 1169.416802] ? __fget+0x237/0x370 [ 1169.420272] ? security_file_ioctl+0x89/0xb0 [ 1169.424675] SyS_ioctl+0x8f/0xc0 [ 1169.428022] ? do_vfs_ioctl+0x1060/0x1060 [ 1169.432159] do_syscall_64+0x1e8/0x640 [ 1169.436029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1169.440874] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1169.446131] RIP: 0033:0x459f49 [ 1169.449302] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1169.456993] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1169.464249] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1169.471507] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1169.478758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1169.486008] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:38:28 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x0, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:38:28 executing program 2 (fault-call:2 fault-nth:26): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:38:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000100), &(0x7f0000000140)=0x8) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_X86_SET_MCE(r4, 0x4040ae9e, &(0x7f0000000340)={0xa880000000000000, 0x4000, 0x8, 0x5, 0x19}) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1169.508524] Bluetooth: Can't register HCI device 11:38:28 executing program 0 (fault-call:2 fault-nth:11): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:38:28 executing program 4 (fault-call:5 fault-nth:0): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1169.575764] FAULT_INJECTION: forcing a failure. [ 1169.575764] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.599442] CPU: 1 PID: 5224 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1169.606507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.606514] Call Trace: [ 1169.618471] dump_stack+0x138/0x197 [ 1169.622113] should_fail.cold+0x10f/0x159 [ 1169.626273] should_failslab+0xdb/0x130 [ 1169.626701] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1169.630250] kmem_cache_alloc+0x2d7/0x780 [ 1169.630263] ? wait_for_completion+0x420/0x420 [ 1169.630281] __kernfs_new_node+0x70/0x420 [ 1169.630295] kernfs_new_node+0x80/0xf0 [ 1169.643005] __kernfs_create_file+0x46/0x323 [ 1169.643021] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1169.643035] sysfs_add_file+0x4f/0x60 [ 1169.643046] sysfs_merge_group+0xe2/0x210 [ 1169.643060] dpm_sysfs_add+0x121/0x1b0 [ 1169.643076] device_add+0x968/0x1490 [ 1169.660063] ? device_private_init+0x190/0x190 [ 1169.660084] hci_register_dev+0x2d9/0x810 [ 1169.660093] ? __raw_spin_lock_init+0x2d/0x100 [ 1169.660109] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1169.668549] tty_ioctl+0x8f7/0x1320 [ 1169.668560] ? hci_uart_tty_poll+0x10/0x10 [ 1169.668573] ? tty_vhangup+0x30/0x30 [ 1169.668594] ? __might_sleep+0x93/0xb0 [ 1169.676617] ? __fget+0x210/0x370 [ 1169.676640] ? tty_vhangup+0x30/0x30 [ 1169.676651] do_vfs_ioctl+0x7ae/0x1060 [ 1169.676663] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1169.676675] ? lock_downgrade+0x740/0x740 [ 1169.676686] ? ioctl_preallocate+0x1c0/0x1c0 [ 1169.676698] ? __fget+0x237/0x370 [ 1169.676717] ? security_file_ioctl+0x89/0xb0 [ 1169.676730] SyS_ioctl+0x8f/0xc0 [ 1169.676740] ? do_vfs_ioctl+0x1060/0x1060 [ 1169.676753] do_syscall_64+0x1e8/0x640 [ 1169.676763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1169.676781] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1169.676791] RIP: 0033:0x459f49 [ 1169.685056] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1169.685069] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1169.685076] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1169.685082] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1169.685088] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1169.685094] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1169.699880] FAULT_INJECTION: forcing a failure. [ 1169.699880] name failslab, interval 1, probability 0, space 0, times 0 [ 1169.716965] CPU: 1 PID: 5230 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1169.721558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.721563] Call Trace: [ 1169.721579] dump_stack+0x138/0x197 [ 1169.721599] should_fail.cold+0x10f/0x159 [ 1169.721616] should_failslab+0xdb/0x130 [ 1169.721629] __kmalloc+0x2f0/0x7a0 [ 1169.721638] ? __lock_is_held+0xb6/0x140 [ 1169.721652] ? apply_wqattrs_prepare+0xad/0x960 [ 1169.721665] apply_wqattrs_prepare+0xad/0x960 11:38:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x0, @my=0x0}, 0x10, 0x100000) recvmmsg(r7, &(0x7f0000007180), 0x40000000000001f, 0x0, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') r9 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x3f5083) ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000100)={0x3, @pix_mp={0x1, 0x401, 0x0, 0x7, 0x3, [{0x8e2, 0x3}, {0x3, 0x7}, {0x709d6930, 0x1ff}, {0x51, 0x2f16}, {0x0, 0x81}, {0x3, 0x5}, {0x4, 0xfffffe00}, {0x5, 0x9}], 0x8, 0x1, 0x1, 0x0, 0x2}}) preadv(r8, &(0x7f00000017c0), 0x331, 0x0) [ 1169.721686] apply_workqueue_attrs_locked+0xa7/0x120 [ 1169.721697] apply_workqueue_attrs+0x31/0x50 [ 1169.721708] __alloc_workqueue_key+0x78d/0xec0 [ 1169.721717] ? pointer+0xb10/0xb10 [ 1169.721735] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1169.721749] ? ida_remove+0x230/0x230 [ 1169.721757] ? __lockdep_init_map+0x10c/0x570 [ 1169.721773] hci_register_dev+0x209/0x810 [ 1169.721788] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1169.721801] tty_ioctl+0x8f7/0x1320 [ 1169.721809] ? hci_uart_tty_poll+0x10/0x10 [ 1169.721819] ? tty_vhangup+0x30/0x30 [ 1169.721838] ? __might_sleep+0x93/0xb0 [ 1169.721848] ? __fget+0x210/0x370 [ 1169.742458] ? tty_vhangup+0x30/0x30 [ 1169.750193] do_vfs_ioctl+0x7ae/0x1060 [ 1169.750206] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1169.750217] ? lock_downgrade+0x740/0x740 [ 1169.750228] ? ioctl_preallocate+0x1c0/0x1c0 [ 1169.750240] ? __fget+0x237/0x370 [ 1169.750258] ? security_file_ioctl+0x89/0xb0 [ 1169.758272] SyS_ioctl+0x8f/0xc0 [ 1169.758283] ? do_vfs_ioctl+0x1060/0x1060 [ 1169.758297] do_syscall_64+0x1e8/0x640 [ 1169.758306] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1169.758322] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1169.768316] RIP: 0033:0x459f49 [ 1169.768322] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1169.768334] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1169.768341] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1169.768347] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1169.768353] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1169.768361] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1169.841163] Bluetooth: Can't register HCI device [ 1169.883490] Bluetooth: Can't register HCI device [ 1170.076733] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1170.091183] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1170.720088] Bluetooth: hci3 command 0x1003 tx timeout [ 1170.725498] Bluetooth: hci3 sending frame failed (-49) [ 1170.800162] net_ratelimit: 18 callbacks suppressed [ 1170.800166] protocol 88fb is buggy, dev hsr_slave_0 [ 1170.810241] protocol 88fb is buggy, dev hsr_slave_1 [ 1170.815321] protocol 88fb is buggy, dev hsr_slave_0 [ 1170.820398] protocol 88fb is buggy, dev hsr_slave_1 [ 1171.520118] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.525211] protocol 88fb is buggy, dev hsr_slave_1 [ 1171.530344] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.535499] protocol 88fb is buggy, dev hsr_slave_1 [ 1171.600146] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.605243] protocol 88fb is buggy, dev hsr_slave_1 [ 1172.800145] Bluetooth: hci3 command 0x1001 tx timeout [ 1172.805458] Bluetooth: hci3 sending frame failed (-49) [ 1174.880153] Bluetooth: hci3 command 0x1009 tx timeout [ 1176.240202] net_ratelimit: 24 callbacks suppressed [ 1176.245322] protocol 88fb is buggy, dev hsr_slave_0 [ 1176.250539] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.040168] protocol 88fb is buggy, dev hsr_slave_0 [ 1177.045254] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.050362] protocol 88fb is buggy, dev hsr_slave_0 [ 1177.055398] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.760159] protocol 88fb is buggy, dev hsr_slave_0 [ 1177.765265] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.770380] protocol 88fb is buggy, dev hsr_slave_0 [ 1177.775412] protocol 88fb is buggy, dev hsr_slave_1 11:38:37 executing program 2 (fault-call:2 fault-nth:27): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:38:37 executing program 0 (fault-call:2 fault-nth:12): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:38:37 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) connect(r0, &(0x7f0000000380)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x1, 0x0, {0xa, 0x4e24, 0x0, @mcast2, 0x7f}}}, 0xffffffffffffff40) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="000000000008ff000000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:38:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000000c0)={r4, 0xb21}, 0x14) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={r4, 0x100, 0x3b, 0x642b1553, 0x7f25, 0x7}, 0x14) 11:38:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000100)={'syz1', "dd3d5047d08ab6a5d26f40ff33cabafda859ea7977138379ae8f94accf59975bab524802d67427aacfbaf595ab177a55ae0622c43658795267d1812ff0a1ae2bbc6016a91d23815c46344b3aaf0883103104c0694f5085099ebe7bce4e839359678ecd4cb74974c40c47725d486ae4d8bb6c508c55db4ed667b258ac0226b7da41ffeb0e70cabe56b725f23dc734b8190b1560edcfe96f002e1d6b57894b4f68bf01d68fca01e3181e62e3c78edf329428483269e1dc0755689a6aff0ceb30a019f302b5d0ecb2f8321ea878263c1712c2cf037b396d223ca35432e02b4864b4857d59"}, 0xe7) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r6, &(0x7f00000017c0), 0x331, 0x0) 11:38:37 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/commit_pending_bools\x00', 0x1, 0x0) getsockopt$X25_QBITINCL(r3, 0x106, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0x4) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x4, &(0x7f00000004c0)={&(0x7f0000000140)={0x30, r5, 0x805, 0x0, 0x0, {{}, 0x0, 0x6, 0x0, {0x5}}}, 0x30}}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r5, 0x2, 0x70bd2c, 0x25dfdbfd, {{}, 0x0, 0x4101, 0x0, {0x1c, 0x17, {0x1a, 0x3, @l2={'eth', 0x3a, 'syzkaller1\x00'}}}}, ["", "", "", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x40080) [ 1178.782121] FAULT_INJECTION: forcing a failure. [ 1178.782121] name failslab, interval 1, probability 0, space 0, times 0 [ 1178.794982] CPU: 1 PID: 5254 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1178.801939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1178.811301] Call Trace: [ 1178.813906] dump_stack+0x138/0x197 [ 1178.817551] should_fail.cold+0x10f/0x159 [ 1178.819465] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1178.821727] should_failslab+0xdb/0x130 [ 1178.821743] kmem_cache_alloc_trace+0x2e9/0x790 [ 1178.821758] ? apply_wqattrs_prepare+0xad/0x960 [ 1178.821771] apply_wqattrs_prepare+0xe1/0x960 [ 1178.821792] apply_workqueue_attrs_locked+0xa7/0x120 [ 1178.834326] apply_workqueue_attrs+0x31/0x50 [ 1178.834340] __alloc_workqueue_key+0x78d/0xec0 [ 1178.834350] ? pointer+0xb10/0xb10 [ 1178.834367] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1178.834380] ? ida_remove+0x230/0x230 [ 1178.843693] ? __lockdep_init_map+0x10c/0x570 11:38:37 executing program 0 (fault-call:2 fault-nth:13): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1178.843714] hci_register_dev+0x209/0x810 [ 1178.843731] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1178.843745] tty_ioctl+0x8f7/0x1320 [ 1178.843754] ? hci_uart_tty_poll+0x10/0x10 [ 1178.843764] ? tty_vhangup+0x30/0x30 [ 1178.843783] ? __might_sleep+0x93/0xb0 [ 1178.853354] ? __fget+0x210/0x370 [ 1178.853376] ? tty_vhangup+0x30/0x30 [ 1178.853387] do_vfs_ioctl+0x7ae/0x1060 [ 1178.853400] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1178.853411] ? lock_downgrade+0x740/0x740 [ 1178.853422] ? ioctl_preallocate+0x1c0/0x1c0 [ 1178.853439] ? __fget+0x237/0x370 [ 1178.853456] ? security_file_ioctl+0x89/0xb0 [ 1178.853469] SyS_ioctl+0x8f/0xc0 [ 1178.853479] ? do_vfs_ioctl+0x1060/0x1060 [ 1178.853492] do_syscall_64+0x1e8/0x640 [ 1178.853502] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1178.862477] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1178.862487] RIP: 0033:0x459f49 [ 1178.862493] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1178.862504] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1178.862510] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1178.862516] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1178.862522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1178.862528] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1178.864763] Bluetooth: Can't register HCI device [ 1178.888470] FAULT_INJECTION: forcing a failure. [ 1178.888470] name failslab, interval 1, probability 0, space 0, times 0 [ 1178.918922] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pig=5265 comm=syz-executor.5 [ 1179.043111] CPU: 0 PID: 5258 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1179.050062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.059411] Call Trace: [ 1179.062002] dump_stack+0x138/0x197 [ 1179.064092] Bluetooth: hci2: Frame reassembly failed (-84) [ 1179.065632] should_fail.cold+0x10f/0x159 [ 1179.065649] should_failslab+0xdb/0x130 [ 1179.065663] kmem_cache_alloc+0x2d7/0x780 [ 1179.065674] ? wait_for_completion+0x420/0x420 [ 1179.065692] __kernfs_new_node+0x70/0x420 [ 1179.073289] Bluetooth: hci2: Frame reassembly failed (-84) [ 1179.075439] kernfs_new_node+0x80/0xf0 [ 1179.075453] __kernfs_create_file+0x46/0x323 [ 1179.075467] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1179.075483] sysfs_add_file+0x4f/0x60 [ 1179.075494] sysfs_merge_group+0xe2/0x210 [ 1179.075507] dpm_sysfs_add+0x121/0x1b0 [ 1179.087291] FAULT_INJECTION: forcing a failure. [ 1179.087291] name failslab, interval 1, probability 0, space 0, times 0 [ 1179.088190] device_add+0x968/0x1490 [ 1179.088210] ? device_private_init+0x190/0x190 [ 1179.088230] hci_register_dev+0x2d9/0x810 [ 1179.088240] ? __raw_spin_lock_init+0x2d/0x100 [ 1179.088255] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1179.155168] tty_ioctl+0x8f7/0x1320 [ 1179.158790] ? hci_uart_tty_poll+0x10/0x10 [ 1179.163023] ? tty_vhangup+0x30/0x30 [ 1179.166743] ? __might_sleep+0x93/0xb0 [ 1179.170627] ? __fget+0x210/0x370 [ 1179.174110] ? tty_vhangup+0x30/0x30 [ 1179.177816] do_vfs_ioctl+0x7ae/0x1060 [ 1179.181706] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1179.186459] ? lock_downgrade+0x740/0x740 [ 1179.190613] ? ioctl_preallocate+0x1c0/0x1c0 [ 1179.195021] ? __fget+0x237/0x370 [ 1179.198481] ? security_file_ioctl+0x89/0xb0 [ 1179.202892] SyS_ioctl+0x8f/0xc0 [ 1179.206268] ? do_vfs_ioctl+0x1060/0x1060 [ 1179.210422] do_syscall_64+0x1e8/0x640 [ 1179.214315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1179.219170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1179.224362] RIP: 0033:0x459f49 [ 1179.227550] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1179.235258] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1179.242527] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1179.249795] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1179.257081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1179.264383] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1179.272220] CPU: 1 PID: 5268 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1179.279163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.288520] Call Trace: [ 1179.291113] dump_stack+0x138/0x197 [ 1179.294750] should_fail.cold+0x10f/0x159 [ 1179.294766] should_failslab+0xdb/0x130 [ 1179.294780] kmem_cache_alloc_trace+0x2e9/0x790 [ 1179.302887] apply_wqattrs_prepare+0x16d/0x960 [ 1179.302908] apply_workqueue_attrs_locked+0xa7/0x120 [ 1179.302919] apply_workqueue_attrs+0x31/0x50 [ 1179.302932] __alloc_workqueue_key+0x78d/0xec0 [ 1179.302941] ? pointer+0xb10/0xb10 [ 1179.302958] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1179.312173] ? ida_remove+0x230/0x230 [ 1179.312184] ? __lockdep_init_map+0x10c/0x570 [ 1179.312202] hci_register_dev+0x209/0x810 [ 1179.312225] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1179.321697] tty_ioctl+0x8f7/0x1320 [ 1179.321707] ? hci_uart_tty_poll+0x10/0x10 [ 1179.321718] ? tty_vhangup+0x30/0x30 [ 1179.321740] ? __might_sleep+0x93/0xb0 [ 1179.329823] ? __fget+0x210/0x370 [ 1179.329842] ? tty_vhangup+0x30/0x30 [ 1179.329853] do_vfs_ioctl+0x7ae/0x1060 [ 1179.329865] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1179.338657] ? lock_downgrade+0x740/0x740 [ 1179.338670] ? ioctl_preallocate+0x1c0/0x1c0 [ 1179.338682] ? __fget+0x237/0x370 [ 1179.338700] ? security_file_ioctl+0x89/0xb0 [ 1179.347308] SyS_ioctl+0x8f/0xc0 [ 1179.347319] ? do_vfs_ioctl+0x1060/0x1060 [ 1179.347335] do_syscall_64+0x1e8/0x640 [ 1179.355374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1179.355394] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1179.355408] RIP: 0033:0x459f49 [ 1179.363318] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1179.363330] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1179.363336] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1179.363343] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1179.363348] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1179.363356] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:38:38 executing program 2 (fault-call:2 fault-nth:28): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1179.487173] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1179.525005] Bluetooth: Can't register HCI device [ 1179.530883] Bluetooth: Can't register HCI device 11:38:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, 0x0}) sched_setattr(r0, &(0x7f0000000000)={0xfffffd49, 0x2, 0x1, 0x0, 0x5, 0x4df8, 0xffffffffffffffff}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) 11:38:38 executing program 0 (fault-call:2 fault-nth:14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:38:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/\x84\x00', 0x408600, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1179.660968] FAULT_INJECTION: forcing a failure. [ 1179.660968] name failslab, interval 1, probability 0, space 0, times 0 [ 1179.698959] CPU: 0 PID: 5277 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1179.705927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.715288] Call Trace: [ 1179.717896] dump_stack+0x138/0x197 [ 1179.717912] FAULT_INJECTION: forcing a failure. [ 1179.717912] name failslab, interval 1, probability 0, space 0, times 0 [ 1179.721526] should_fail.cold+0x10f/0x159 [ 1179.721544] should_failslab+0xdb/0x130 [ 1179.721559] kmem_cache_alloc_trace+0x2e9/0x790 [ 1179.721576] ? devm_device_remove_groups+0x50/0x50 [ 1179.721591] kobject_uevent_env+0x378/0xc23 [ 1179.721607] ? wait_for_completion+0x420/0x420 [ 1179.759368] kobject_uevent+0x20/0x26 [ 1179.763186] device_add+0xa3e/0x1490 [ 1179.766915] ? device_private_init+0x190/0x190 [ 1179.771510] hci_register_dev+0x2d9/0x810 [ 1179.775662] ? __raw_spin_lock_init+0x2d/0x100 [ 1179.780284] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1179.784617] tty_ioctl+0x8f7/0x1320 [ 1179.788248] ? hci_uart_tty_poll+0x10/0x10 [ 1179.792485] ? tty_vhangup+0x30/0x30 [ 1179.796212] ? __might_sleep+0x93/0xb0 [ 1179.800100] ? __fget+0x210/0x370 [ 1179.803564] ? tty_vhangup+0x30/0x30 [ 1179.807282] do_vfs_ioctl+0x7ae/0x1060 [ 1179.811170] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1179.816009] ? lock_downgrade+0x740/0x740 [ 1179.820155] ? ioctl_preallocate+0x1c0/0x1c0 [ 1179.824563] ? __fget+0x237/0x370 [ 1179.828023] ? security_file_ioctl+0x89/0xb0 [ 1179.832441] SyS_ioctl+0x8f/0xc0 [ 1179.835806] ? do_vfs_ioctl+0x1060/0x1060 [ 1179.839957] do_syscall_64+0x1e8/0x640 [ 1179.843846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1179.848698] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1179.853884] RIP: 0033:0x459f49 [ 1179.857069] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1179.864780] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1179.872053] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1179.879322] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1179.886606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1179.893877] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:38:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000000c0)={r4, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={r4, 0xb0, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x6, @empty, 0x4}, @in={0x2, 0x4e21, @rand_addr=0xfff}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e21, @multicast1}, @in6={0xa, 0x4e22, 0x8, @mcast2, 0x400}, @in6={0xa, 0x4e22, 0x53a, @local, 0x100}, @in6={0xa, 0x4e20, 0x4, @loopback, 0x10000}, @in={0x2, 0x4e24, @multicast1}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000001c0)={r5, 0xb3, "0e2910799a29f53104055a55ee059b77be49fc68bf96b0a0574fb7438706f7b1924ddc5ea88ea37b83307fb9bd98f678d169eaec31b7c2376dc7b83f51779015a30bfcd22f87773b5eff26685791079ae6436a3ea824ad4733ab9a9380bd9f868b39e1f9af2784332df81d2833ff3649142ce86b4a7d3c04bd1f986c7b2c6778264a86afd91411d229653f0de1b2fb51f695d2a4ec26ff4a4a7374797ecad5349dfdb384ae50964b6600e48ff3716dac005c2b"}, &(0x7f0000000280)=0xbb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1179.905822] CPU: 1 PID: 5283 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1179.912777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.922135] Call Trace: [ 1179.924730] dump_stack+0x138/0x197 [ 1179.928363] should_fail.cold+0x10f/0x159 [ 1179.928380] should_failslab+0xdb/0x130 [ 1179.928392] kmem_cache_alloc_node+0x287/0x780 [ 1179.928411] alloc_unbound_pwq+0x486/0xbc0 [ 1179.928428] apply_wqattrs_prepare+0x355/0x960 [ 1179.928446] apply_workqueue_attrs_locked+0xa7/0x120 [ 1179.928457] apply_workqueue_attrs+0x31/0x50 [ 1179.936559] __alloc_workqueue_key+0x78d/0xec0 [ 1179.936569] ? pointer+0xb10/0xb10 [ 1179.936585] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1179.936599] ? ida_remove+0x230/0x230 [ 1179.936611] ? __lockdep_init_map+0x10c/0x570 [ 1179.936628] hci_register_dev+0x209/0x810 [ 1179.936644] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1179.945425] tty_ioctl+0x8f7/0x1320 [ 1179.945436] ? hci_uart_tty_poll+0x10/0x10 [ 1179.945447] ? tty_vhangup+0x30/0x30 [ 1179.945467] ? __might_sleep+0x93/0xb0 [ 1179.945476] ? __fget+0x210/0x370 [ 1179.945492] ? tty_vhangup+0x30/0x30 [ 1179.945503] do_vfs_ioctl+0x7ae/0x1060 [ 1179.952722] Bluetooth: Unknown HCI packet type 5e [ 1179.955175] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1179.955187] ? lock_downgrade+0x740/0x740 [ 1179.955200] ? ioctl_preallocate+0x1c0/0x1c0 [ 1179.959803] Bluetooth: Unknown HCI packet type 43 [ 1179.964188] ? __fget+0x237/0x370 [ 1179.964206] ? security_file_ioctl+0x89/0xb0 [ 1179.964220] SyS_ioctl+0x8f/0xc0 [ 1179.964229] ? do_vfs_ioctl+0x1060/0x1060 [ 1179.964242] do_syscall_64+0x1e8/0x640 [ 1179.964252] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1179.964269] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1179.964278] RIP: 0033:0x459f49 [ 1179.964285] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 [ 1179.972805] ORIG_RAX: 0000000000000010 [ 1179.981061] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1179.981065] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1179.981069] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1179.981074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1179.981079] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1180.094100] Bluetooth: Can't register HCI device [ 1180.108396] Bluetooth: Unknown HCI packet type 5e [ 1180.143131] Bluetooth: Unknown HCI packet type 50 [ 1180.148318] Bluetooth: Unknown HCI packet type 5e [ 1180.158458] Bluetooth: Unknown HCI packet type 40 11:38:38 executing program 0 (fault-call:2 fault-nth:15): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1180.235555] FAULT_INJECTION: forcing a failure. [ 1180.235555] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.246988] CPU: 0 PID: 5296 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1180.253933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.263298] Call Trace: [ 1180.265903] dump_stack+0x138/0x197 [ 1180.269551] should_fail.cold+0x10f/0x159 [ 1180.273738] should_failslab+0xdb/0x130 [ 1180.277727] __kmalloc_track_caller+0x2ec/0x790 [ 1180.282403] ? mntput_no_expire+0x5a5/0x850 [ 1180.286739] ? kstrdup_const+0x48/0x60 [ 1180.290635] kstrdup+0x3a/0x70 [ 1180.293837] kstrdup_const+0x48/0x60 [ 1180.297557] kvasprintf_const+0xf7/0x170 [ 1180.301650] kobject_set_name_vargs+0x5b/0x150 [ 1180.306243] dev_set_name+0xa4/0xc0 [ 1180.309875] ? device_initialize+0x430/0x430 [ 1180.314285] ? start_creating+0x13a/0x1b0 [ 1180.318442] hci_register_dev+0x2d1/0x810 [ 1180.322601] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1180.326938] tty_ioctl+0x8f7/0x1320 [ 1180.330568] ? hci_uart_tty_poll+0x10/0x10 [ 1180.334804] ? tty_vhangup+0x30/0x30 [ 1180.338534] ? __might_sleep+0x93/0xb0 [ 1180.342423] ? __fget+0x210/0x370 [ 1180.345891] ? tty_vhangup+0x30/0x30 [ 1180.349610] do_vfs_ioctl+0x7ae/0x1060 [ 1180.353500] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1180.358253] ? lock_downgrade+0x740/0x740 [ 1180.362410] ? ioctl_preallocate+0x1c0/0x1c0 [ 1180.366822] ? __fget+0x237/0x370 [ 1180.370283] ? security_file_ioctl+0x89/0xb0 [ 1180.374698] SyS_ioctl+0x8f/0xc0 [ 1180.378068] ? do_vfs_ioctl+0x1060/0x1060 [ 1180.382223] do_syscall_64+0x1e8/0x640 [ 1180.386115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1180.390968] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1180.396158] RIP: 0033:0x459f49 [ 1180.399343] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1180.407054] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1180.414325] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1180.421597] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1180.428867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 11:38:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) [ 1180.436146] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1180.475572] Bluetooth: Can't register HCI device 11:38:39 executing program 0 (fault-call:2 fault-nth:16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1180.564471] FAULT_INJECTION: forcing a failure. [ 1180.564471] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.576033] CPU: 1 PID: 5302 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1180.582979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.592351] Call Trace: [ 1180.594953] dump_stack+0x138/0x197 [ 1180.598600] should_fail.cold+0x10f/0x159 [ 1180.602767] should_failslab+0xdb/0x130 [ 1180.606757] __kmalloc_track_caller+0x2ec/0x790 [ 1180.611431] ? mntput_no_expire+0x5a5/0x850 [ 1180.615757] ? kstrdup_const+0x48/0x60 [ 1180.619648] kstrdup+0x3a/0x70 [ 1180.622846] kstrdup_const+0x48/0x60 [ 1180.626582] kvasprintf_const+0xf7/0x170 [ 1180.630659] kobject_set_name_vargs+0x5b/0x150 [ 1180.635248] dev_set_name+0xa4/0xc0 [ 1180.638985] ? device_initialize+0x430/0x430 [ 1180.643404] ? start_creating+0x13a/0x1b0 [ 1180.647561] hci_register_dev+0x2d1/0x810 [ 1180.651716] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1180.656047] tty_ioctl+0x8f7/0x1320 [ 1180.659675] ? hci_uart_tty_poll+0x10/0x10 [ 1180.663915] ? tty_vhangup+0x30/0x30 [ 1180.667640] ? __might_sleep+0x93/0xb0 [ 1180.671528] ? __fget+0x210/0x370 [ 1180.674991] ? tty_vhangup+0x30/0x30 [ 1180.678706] do_vfs_ioctl+0x7ae/0x1060 [ 1180.682597] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1180.687357] ? lock_downgrade+0x740/0x740 [ 1180.691512] ? ioctl_preallocate+0x1c0/0x1c0 [ 1180.695925] ? __fget+0x237/0x370 [ 1180.699389] ? security_file_ioctl+0x89/0xb0 [ 1180.703797] SyS_ioctl+0x8f/0xc0 [ 1180.707182] ? do_vfs_ioctl+0x1060/0x1060 [ 1180.711334] do_syscall_64+0x1e8/0x640 [ 1180.715223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1180.720074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1180.725260] RIP: 0033:0x459f49 [ 1180.728446] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1180.736158] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1180.743428] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1180.750698] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1180.757967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1180.765236] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1180.774592] Bluetooth: Can't register HCI device 11:38:39 executing program 0 (fault-call:2 fault-nth:17): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1180.890405] FAULT_INJECTION: forcing a failure. [ 1180.890405] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.907087] CPU: 0 PID: 5309 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1180.914048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.923407] Call Trace: [ 1180.926012] dump_stack+0x138/0x197 [ 1180.929660] should_fail.cold+0x10f/0x159 [ 1180.933828] should_failslab+0xdb/0x130 [ 1180.937831] kmem_cache_alloc_trace+0x2e9/0x790 [ 1180.942510] ? kfree_const+0x3b/0x50 [ 1180.946236] ? rcu_read_lock_sched_held+0x110/0x130 [ 1180.951259] ? kfree+0x20a/0x270 [ 1180.954640] device_private_init+0x4a/0x190 [ 1180.958974] device_add+0xd1a/0x1490 [ 1180.962699] ? device_initialize+0x430/0x430 [ 1180.967115] ? device_private_init+0x190/0x190 [ 1180.971706] hci_register_dev+0x2d9/0x810 [ 1180.975871] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1180.980200] tty_ioctl+0x8f7/0x1320 [ 1180.983830] ? hci_uart_tty_poll+0x10/0x10 [ 1180.988085] ? tty_vhangup+0x30/0x30 [ 1180.991816] ? __might_sleep+0x93/0xb0 [ 1180.995705] ? __fget+0x210/0x370 [ 1180.999185] ? tty_vhangup+0x30/0x30 [ 1181.002901] do_vfs_ioctl+0x7ae/0x1060 [ 1181.006797] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1181.011556] ? lock_downgrade+0x740/0x740 [ 1181.015709] ? ioctl_preallocate+0x1c0/0x1c0 [ 1181.020124] ? __fget+0x237/0x370 [ 1181.023586] ? security_file_ioctl+0x89/0xb0 [ 1181.028001] SyS_ioctl+0x8f/0xc0 [ 1181.031385] ? do_vfs_ioctl+0x1060/0x1060 [ 1181.035541] do_syscall_64+0x1e8/0x640 [ 1181.039432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1181.044376] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1181.049566] RIP: 0033:0x459f49 [ 1181.052752] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1181.060468] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1181.067743] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1181.075016] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1181.082288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 11:38:39 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x100, 0x0) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) r3 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'veth1\x00', 0xa747735d403613bb}) [ 1181.089570] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1181.117243] Bluetooth: Can't register HCI device [ 1181.120083] Bluetooth: hci2 command 0x1003 tx timeout [ 1181.130237] Bluetooth: hci2 sending frame failed (-49) [ 1181.280140] net_ratelimit: 16 callbacks suppressed [ 1181.280146] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.290264] protocol 88fb is buggy, dev hsr_slave_1 [ 1181.295404] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.300512] protocol 88fb is buggy, dev hsr_slave_1 [ 1181.920197] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.925327] protocol 88fb is buggy, dev hsr_slave_1 [ 1181.930527] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.935710] protocol 88fb is buggy, dev hsr_slave_1 [ 1181.941004] Bluetooth: hci0 command 0x1003 tx timeout [ 1181.946298] Bluetooth: hci0 sending frame failed (-49) [ 1182.000141] protocol 88fb is buggy, dev hsr_slave_0 [ 1182.005231] protocol 88fb is buggy, dev hsr_slave_1 [ 1183.200307] Bluetooth: hci2 command 0x1001 tx timeout [ 1183.205601] Bluetooth: hci2 sending frame failed (-49) [ 1184.000108] Bluetooth: hci0 command 0x1001 tx timeout [ 1184.005483] Bluetooth: hci0 sending frame failed (-49) [ 1185.280167] Bluetooth: hci2 command 0x1009 tx timeout [ 1186.080480] Bluetooth: hci0 command 0x1009 tx timeout [ 1186.640169] net_ratelimit: 24 callbacks suppressed [ 1186.645182] protocol 88fb is buggy, dev hsr_slave_0 [ 1186.650268] protocol 88fb is buggy, dev hsr_slave_1 [ 1187.520164] protocol 88fb is buggy, dev hsr_slave_0 [ 1187.525247] protocol 88fb is buggy, dev hsr_slave_1 [ 1187.530361] protocol 88fb is buggy, dev hsr_slave_0 [ 1187.535388] protocol 88fb is buggy, dev hsr_slave_1 [ 1188.160128] protocol 88fb is buggy, dev hsr_slave_0 [ 1188.165185] protocol 88fb is buggy, dev hsr_slave_1 [ 1188.170319] protocol 88fb is buggy, dev hsr_slave_0 [ 1188.175351] protocol 88fb is buggy, dev hsr_slave_1 11:38:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x13) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:38:48 executing program 0 (fault-call:2 fault-nth:18): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1189.658149] FAULT_INJECTION: forcing a failure. [ 1189.658149] name failslab, interval 1, probability 0, space 0, times 0 [ 1189.670155] CPU: 1 PID: 5321 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1189.677102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1189.686455] Call Trace: [ 1189.686474] dump_stack+0x138/0x197 [ 1189.686492] should_fail.cold+0x10f/0x159 [ 1189.686506] should_failslab+0xdb/0x130 [ 1189.686518] kmem_cache_alloc+0x2d7/0x780 [ 1189.686526] ? memcpy+0x46/0x50 [ 1189.686537] ? kstrdup+0x5a/0x70 [ 1189.686553] __kernfs_new_node+0x70/0x420 [ 1189.686562] ? vprintk_func+0x65/0x159 [ 1189.686576] kernfs_new_node+0x80/0xf0 [ 1189.686589] kernfs_create_dir_ns+0x41/0x140 [ 1189.686599] sysfs_create_dir_ns+0xbe/0x1d0 [ 1189.686611] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1189.696950] kobject_add+0x11f/0x180 [ 1189.696961] ? kset_create_and_add+0x180/0x180 [ 1189.746068] ? mutex_unlock+0xd/0x10 [ 1189.749800] device_add+0x383/0x1490 [ 1189.753526] ? device_initialize+0x430/0x430 [ 1189.757952] ? device_private_init+0x190/0x190 [ 1189.762550] hci_register_dev+0x2d9/0x810 [ 1189.766715] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1189.771051] tty_ioctl+0x8f7/0x1320 [ 1189.774685] ? hci_uart_tty_poll+0x10/0x10 [ 1189.778926] ? tty_vhangup+0x30/0x30 [ 1189.782655] ? __might_sleep+0x93/0xb0 [ 1189.786549] ? __fget+0x210/0x370 [ 1189.790018] ? tty_vhangup+0x30/0x30 [ 1189.793733] do_vfs_ioctl+0x7ae/0x1060 [ 1189.797626] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1189.802386] ? lock_downgrade+0x740/0x740 [ 1189.806543] ? ioctl_preallocate+0x1c0/0x1c0 [ 1189.810957] ? __fget+0x237/0x370 [ 1189.814421] ? security_file_ioctl+0x89/0xb0 [ 1189.818835] SyS_ioctl+0x8f/0xc0 [ 1189.822203] ? do_vfs_ioctl+0x1060/0x1060 [ 1189.826365] do_syscall_64+0x1e8/0x640 [ 1189.830257] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1189.835117] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1189.840310] RIP: 0033:0x459f49 [ 1189.843501] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1189.851213] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1189.858488] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1189.865759] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1189.873034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1189.880307] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1189.889386] kobject_add_internal failed for hci1 (error: -12 parent: bluetooth) [ 1189.897526] Bluetooth: Can't register HCI device 11:38:48 executing program 2 (fault-call:2 fault-nth:29): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:38:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_MCAST_LEAVE_GROUP(r3, 0x29, 0x2d, &(0x7f0000000100)={0xfffffffe, {{0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x8}}}, 0x88) preadv(r2, &(0x7f00000017c0), 0x331, 0x0) 11:38:48 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x40, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x3, &(0x7f00000000c0)=[{}, {}, {0x0}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r7, 0xc010641d, &(0x7f0000000300)={r8, &(0x7f0000000400)=""/164}) 11:38:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x7f) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_open_pts(r3, 0x404200) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:38:48 executing program 0 (fault-call:2 fault-nth:19): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1190.327095] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1190.351388] FAULT_INJECTION: forcing a failure. [ 1190.351388] name failslab, interval 1, probability 0, space 0, times 0 [ 1190.363064] CPU: 0 PID: 5337 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1190.370019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1190.379384] Call Trace: [ 1190.381983] dump_stack+0x138/0x197 [ 1190.385631] should_fail.cold+0x10f/0x159 [ 1190.389786] should_failslab+0xdb/0x130 [ 1190.393762] kmem_cache_alloc+0x47/0x780 [ 1190.397823] ? save_stack_trace+0x16/0x20 [ 1190.397834] ? save_stack+0x45/0xd0 [ 1190.397842] ? kasan_kmalloc+0xce/0xf0 [ 1190.397851] ? kasan_slab_alloc+0xf/0x20 [ 1190.397864] ? kmem_cache_alloc+0x12e/0x780 [ 1190.397877] ? __kernfs_new_node+0x70/0x420 [ 1190.422168] ? kernfs_new_node+0x80/0xf0 [ 1190.426233] ? kernfs_create_dir_ns+0x41/0x140 [ 1190.430808] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 1190.436419] idr_get_free_cmn+0x563/0x8d0 [ 1190.440560] idr_alloc_cmn+0x10e/0x210 [ 1190.444434] ? __fprop_inc_percpu_max+0x1e0/0x1e0 [ 1190.449261] ? perf_trace_lock+0x500/0x500 [ 1190.453483] idr_alloc_cyclic+0xd0/0x1e2 [ 1190.457530] ? ida_simple_remove+0x60/0x60 [ 1190.461752] __kernfs_new_node+0xe4/0x420 [ 1190.466132] kernfs_new_node+0x80/0xf0 [ 1190.470008] kernfs_create_dir_ns+0x41/0x140 [ 1190.474425] sysfs_create_dir_ns+0xbe/0x1d0 [ 1190.478737] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1190.484266] kobject_add+0x11f/0x180 [ 1190.487972] ? kset_create_and_add+0x180/0x180 [ 1190.492550] ? mutex_unlock+0xd/0x10 [ 1190.496269] device_add+0x383/0x1490 [ 1190.499970] ? device_initialize+0x430/0x430 [ 1190.504366] ? device_private_init+0x190/0x190 [ 1190.508938] hci_register_dev+0x2d9/0x810 [ 1190.513075] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1190.517382] tty_ioctl+0x8f7/0x1320 [ 1190.520990] ? hci_uart_tty_poll+0x10/0x10 [ 1190.525207] ? tty_vhangup+0x30/0x30 [ 1190.528911] ? __might_sleep+0x93/0xb0 [ 1190.532784] ? __fget+0x210/0x370 [ 1190.536226] ? tty_vhangup+0x30/0x30 [ 1190.539919] do_vfs_ioctl+0x7ae/0x1060 [ 1190.543793] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1190.548536] ? lock_downgrade+0x740/0x740 [ 1190.552665] ? ioctl_preallocate+0x1c0/0x1c0 [ 1190.557072] ? __fget+0x237/0x370 [ 1190.560512] ? security_file_ioctl+0x89/0xb0 [ 1190.564909] SyS_ioctl+0x8f/0xc0 [ 1190.568259] ? do_vfs_ioctl+0x1060/0x1060 [ 1190.572393] do_syscall_64+0x1e8/0x640 [ 1190.576262] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1190.581092] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1190.586262] RIP: 0033:0x459f49 [ 1190.589432] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1190.597126] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1190.604377] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1190.611631] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1190.618883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1190.626136] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1190.646031] FAULT_INJECTION: forcing a failure. [ 1190.646031] name failslab, interval 1, probability 0, space 0, times 0 [ 1190.715936] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1190.752235] CPU: 0 PID: 5333 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1190.759198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1190.768559] Call Trace: [ 1190.771155] dump_stack+0x138/0x197 [ 1190.774796] should_fail.cold+0x10f/0x159 [ 1190.778961] should_failslab+0xdb/0x130 [ 1190.782944] kmem_cache_alloc_trace+0x2e9/0x790 [ 1190.787637] ? devm_device_remove_groups+0x50/0x50 [ 1190.792571] kobject_uevent_env+0x378/0xc23 [ 1190.796895] ? wait_for_completion+0x420/0x420 [ 1190.801487] kobject_uevent+0x20/0x26 [ 1190.805292] device_add+0xa3e/0x1490 [ 1190.809014] ? device_private_init+0x190/0x190 11:38:49 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x2, 0x600280) sync() ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f00000000c0)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xe) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0xa55d3bab2066af8d, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/igmp\x00') ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000280)) write$P9_RATTACH(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x69, 0x1, {0x40, 0x4, 0x5}}, 0x14) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x80, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = dup2(r2, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) openat$cgroup_ro(r5, &(0x7f0000000180)='cpuacct.usage_sys\x00', 0x0, 0x0) [ 1190.813622] hci_register_dev+0x2d9/0x810 [ 1190.817769] ? __raw_spin_lock_init+0x2d/0x100 [ 1190.822358] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1190.826683] tty_ioctl+0x8f7/0x1320 [ 1190.830326] ? hci_uart_tty_poll+0x10/0x10 [ 1190.834561] ? tty_vhangup+0x30/0x30 [ 1190.838280] ? __might_sleep+0x93/0xb0 [ 1190.842165] ? __fget+0x210/0x370 [ 1190.845624] ? tty_vhangup+0x30/0x30 [ 1190.849333] do_vfs_ioctl+0x7ae/0x1060 [ 1190.853212] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1190.853224] ? lock_downgrade+0x740/0x740 [ 1190.853234] ? ioctl_preallocate+0x1c0/0x1c0 [ 1190.853246] ? __fget+0x237/0x370 [ 1190.853263] ? security_file_ioctl+0x89/0xb0 [ 1190.853275] SyS_ioctl+0x8f/0xc0 [ 1190.853285] ? do_vfs_ioctl+0x1060/0x1060 [ 1190.853298] do_syscall_64+0x1e8/0x640 [ 1190.853307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1190.877789] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1190.877798] RIP: 0033:0x459f49 [ 1190.885796] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1190.885808] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1190.895805] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1190.895816] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1190.895821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1190.895829] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:38:49 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='\x99\f\x00\x00\x01\x00\x00\x00w\x00', 0x520, 0x400) ioctl$USBDEVFS_CONNECTINFO(r1, 0x40085511, &(0x7f00000000c0)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000100)=""/101) r2 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r2, &(0x7f0000ffc000/0x4000)=nil, 0x800004000) shmctl$SHM_UNLOCK(r2, 0xc) 11:38:49 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r4, 0x105}, 0x14}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800010}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0xc4, r4, 0x400, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xc}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2d}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3c}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x52}}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_SERVICE={0x50, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, [], 0xa}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40}, 0x1) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:38:49 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x400, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = semget$private(0x0, 0x1, 0x0) semop(r1, &(0x7f0000000080)=[{0x0, 0x2}, {}], 0x2) semop(r1, &(0x7f0000000000)=[{0x0, 0xffffffff}], 0x1) semtimedop(r1, &(0x7f0000000040)=[{0x0, 0x20}], 0x1, 0x0) r2 = semget$private(0x0, 0x1, 0x0) semop(r2, &(0x7f0000000080)=[{0x0, 0x2}, {}], 0x2) semop(r2, &(0x7f0000000000)=[{0x0, 0xffffffff}], 0x1) semtimedop(r2, &(0x7f0000000040)=[{0x0, 0x20}], 0x1, 0x0) semop(r2, &(0x7f0000000300)=[{0x3, 0x7ff, 0x1000}], 0x1) semctl$GETNCNT(r1, 0x0, 0xe, &(0x7f0000000000)=""/51) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000140), r5, 0x0, 0x1, 0x4}}, 0x20) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r6, &(0x7f0000000380)=@hci, 0x80) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r6, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r9}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) fsetxattr$security_selinux(r6, &(0x7f0000000180)='security.selinux\x00', &(0x7f00000001c0)='system_u:object_r:hald_mac_exec_t:s0\x00', 0x25, 0x7) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x1, {0xa, 0x4e20, 0xfff, @ipv4={[], [], @empty}, 0xcfe4}, r5}}, 0x38) 11:38:49 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/llc\x00') openat$cgroup_type(r3, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead) 11:38:49 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x8a}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:38:50 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=""/77, &(0x7f0000000080)=0x4d) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000300)=0x20, 0x4) r2 = socket(0x10, 0x803, 0x0) r3 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000400)='vegas\x00', 0x6) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000140)={r4}) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x20000000) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r8}, 0x10, &(0x7f0000000600)={&(0x7f0000000440)=ANY=[@ANYBLOB="000000000000ab51cafa8ad362ecfc00"/25, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) [ 1191.407065] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1191.407065] The task syz-executor.3 (5364) triggered the difference, watch for misbehavior. [ 1191.448480] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1191.500848] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1191.562796] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1191.680140] net_ratelimit: 16 callbacks suppressed [ 1191.680145] protocol 88fb is buggy, dev hsr_slave_0 [ 1191.690222] protocol 88fb is buggy, dev hsr_slave_1 [ 1191.695344] protocol 88fb is buggy, dev hsr_slave_0 [ 1191.700444] protocol 88fb is buggy, dev hsr_slave_1 [ 1192.101372] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1192.330106] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.335245] protocol 88fb is buggy, dev hsr_slave_1 [ 1192.340389] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.345452] protocol 88fb is buggy, dev hsr_slave_1 [ 1192.410121] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.415251] protocol 88fb is buggy, dev hsr_slave_1 [ 1192.720150] Bluetooth: hci1 command 0x1003 tx timeout [ 1192.725540] Bluetooth: hci1 sending frame failed (-49) [ 1193.050219] Bluetooth: hci0 command 0x1003 tx timeout [ 1193.061510] Bluetooth: hci0 sending frame failed (-49) [ 1194.800163] Bluetooth: hci1 command 0x1001 tx timeout [ 1194.805478] Bluetooth: hci1 sending frame failed (-49) [ 1195.120228] Bluetooth: hci0 command 0x1001 tx timeout [ 1195.125547] Bluetooth: hci0 sending frame failed (-49) [ 1196.880147] Bluetooth: hci1 command 0x1009 tx timeout [ 1197.120178] net_ratelimit: 24 callbacks suppressed [ 1197.125267] protocol 88fb is buggy, dev hsr_slave_0 [ 1197.130368] protocol 88fb is buggy, dev hsr_slave_1 [ 1197.200180] Bluetooth: hci0 command 0x1009 tx timeout [ 1197.920247] protocol 88fb is buggy, dev hsr_slave_0 [ 1197.925316] protocol 88fb is buggy, dev hsr_slave_1 [ 1197.930454] protocol 88fb is buggy, dev hsr_slave_0 [ 1197.935624] protocol 88fb is buggy, dev hsr_slave_1 [ 1198.560168] protocol 88fb is buggy, dev hsr_slave_0 [ 1198.565270] protocol 88fb is buggy, dev hsr_slave_1 [ 1198.571027] protocol 88fb is buggy, dev hsr_slave_0 [ 1198.576093] protocol 88fb is buggy, dev hsr_slave_1 11:38:59 executing program 2 (fault-call:2 fault-nth:30): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:38:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/\x00', 0x100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x3) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYBLOB="0000000000180000000000562635fefe00588dab960000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_TIOCOUTQ(r6, 0x5411, &(0x7f0000000000)) 11:38:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f00000001c0)=""/252, &(0x7f0000000000)=0xfc) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f00000000c0)="00c30df4a53dc953226abfce50e7a0d62491ff72ec3f11ec4f6d31bd02c58485193312f78175e51e8a3236aaba0d1d2764cf76d22f87d65f9e71a93e19aa908f073c4348242776ce4731097c9c41455be363c1b78faaa431b645e8d9395ac33a9e20d4f0a0aad732277fcb02a2bc78f25c8b3857dea1a2080e9c69ef26d5444b587d6fb005a27e44b44d8be121a6068d994331b3edc26098638a44fce3e530603281e08a8210c3ad0a6b0ded5f42d5ada5b7aff38ca171f6953b524c67b7c11ab7ac2a6597d72e075342c22fa6ba5462b25801d08da916f1a6045756f9c6b89c165638510c38c9a4c0fed7f00f06068ea666c7f92292a02a387c500c6fd2f7cf") ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:38:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x4000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x90140, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_DBG_S_REGISTER(r6, 0x4038564f, &(0x7f0000001200)={{0x1, @name="8a8ed451e439152b240fd7cd09022107a5a6aa9ebf95b9b7794fa2b822da7aae"}, 0x8, 0x800, 0x5}) write$FUSE_OPEN(r4, &(0x7f0000000000)={0x51, 0x288c967c3349783b, 0x5, {0x0, 0x4976e3e68a124903}}, 0x20) r7 = socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$bt_BT_CHANNEL_POLICY(r7, 0x112, 0xa, &(0x7f00000000c0)=0x16, &(0x7f0000000100)=0x4) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$DRM_IOCTL_ADD_CTX(r9, 0xc0086420, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r2, 0xc010641d, &(0x7f00000011c0)={r10, &(0x7f00000001c0)=""/4096}) 11:38:59 executing program 1: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f00000002c0)=0x10000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r2, 0x3) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000140)={0x10000, 0x0, [], {0x0, @bt={0x4c68, 0x7fff, 0x1, 0x1, 0x7, 0x2, 0x1, 0x4, 0x8, 0xff, 0x800, 0x2, 0x6581, 0x8d, 0x1, 0xb}}}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x8000, 0x0, 0x1, 0x3}) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000100)={0x7fffffff, r3, 0x0, 0x5}) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r5, &(0x7f0000000240)="892bf7", 0xfffffffffffffe33) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r6, &(0x7f00000017c0), 0x331, 0x0) 11:38:59 executing program 0 (fault-call:2 fault-nth:20): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1201.174548] audit: type=1400 audit(1572608339.813:155): avc: denied { getopt } for pid=5383 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 11:38:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) creat(&(0x7f0000000140)='\x00', 0x8) creat(&(0x7f0000000000)='./file0\x00', 0xae) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x10000013) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1201.228867] FAULT_INJECTION: forcing a failure. [ 1201.228867] name failslab, interval 1, probability 0, space 0, times 0 [ 1201.253602] CPU: 0 PID: 5397 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1201.257437] FAULT_INJECTION: forcing a failure. [ 1201.257437] name failslab, interval 1, probability 0, space 0, times 0 [ 1201.260554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.260560] Call Trace: [ 1201.260577] dump_stack+0x138/0x197 [ 1201.260598] should_fail.cold+0x10f/0x159 [ 1201.260617] should_failslab+0xdb/0x130 [ 1201.260637] __kmalloc+0x2f0/0x7a0 [ 1201.298937] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1201.304395] ? kobject_uevent_env+0x378/0xc23 [ 1201.308884] ? rcu_read_lock_sched_held+0x110/0x130 [ 1201.313895] ? kobject_get_path+0xbb/0x1a0 [ 1201.318132] kobject_get_path+0xbb/0x1a0 [ 1201.322189] ? devm_device_remove_groups+0x50/0x50 [ 1201.327114] kobject_uevent_env+0x39c/0xc23 [ 1201.331432] ? wait_for_completion+0x420/0x420 [ 1201.336018] kobject_uevent+0x20/0x26 [ 1201.339821] device_add+0xa3e/0x1490 [ 1201.343537] ? device_private_init+0x190/0x190 [ 1201.348217] hci_register_dev+0x2d9/0x810 [ 1201.352356] ? __raw_spin_lock_init+0x2d/0x100 [ 1201.356937] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1201.361257] tty_ioctl+0x8f7/0x1320 [ 1201.364885] ? hci_uart_tty_poll+0x10/0x10 [ 1201.369123] ? tty_vhangup+0x30/0x30 [ 1201.372841] ? __might_sleep+0x93/0xb0 [ 1201.376719] ? __fget+0x210/0x370 [ 1201.380170] ? tty_vhangup+0x30/0x30 [ 1201.383878] do_vfs_ioctl+0x7ae/0x1060 [ 1201.387761] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1201.392510] ? lock_downgrade+0x740/0x740 [ 1201.396663] ? ioctl_preallocate+0x1c0/0x1c0 [ 1201.401065] ? __fget+0x237/0x370 [ 1201.404534] ? security_file_ioctl+0x89/0xb0 [ 1201.408944] SyS_ioctl+0x8f/0xc0 [ 1201.412309] ? do_vfs_ioctl+0x1060/0x1060 [ 1201.416454] do_syscall_64+0x1e8/0x640 [ 1201.420336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1201.425190] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1201.430372] RIP: 0033:0x459f49 [ 1201.433555] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1201.441260] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1201.448521] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1201.455785] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1201.463048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1201.470312] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1201.477596] CPU: 1 PID: 5398 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1201.484533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.493883] Call Trace: [ 1201.496465] dump_stack+0x138/0x197 [ 1201.500104] should_fail.cold+0x10f/0x159 [ 1201.504265] should_failslab+0xdb/0x130 [ 1201.508243] kmem_cache_alloc+0x2d7/0x780 [ 1201.512396] ? save_trace+0x290/0x290 [ 1201.512412] __kernfs_new_node+0x70/0x420 [ 1201.512425] kernfs_new_node+0x80/0xf0 [ 1201.512436] __kernfs_create_file+0x46/0x323 [ 1201.512449] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1201.512465] sysfs_create_file_ns+0x8e/0xb0 [ 1201.512481] device_create_file+0xd7/0x110 [ 1201.520421] ? acpi_bind_one+0x770/0x770 [ 1201.520433] device_add+0x3be/0x1490 [ 1201.520443] ? device_initialize+0x430/0x430 [ 1201.520456] ? device_private_init+0x190/0x190 [ 1201.520474] hci_register_dev+0x2d9/0x810 [ 1201.520491] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1201.520507] tty_ioctl+0x8f7/0x1320 [ 1201.520518] ? hci_uart_tty_poll+0x10/0x10 [ 1201.528790] ? tty_vhangup+0x30/0x30 11:39:00 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="00000000400000000004000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000002100000000005deca2c94acb507247cc3684d1523426a929384a26451e764ffcd8185ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}, 0x1, 0x0, 0x0, 0x40060484}, 0x0) 11:39:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x0, 0x404000) ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f00000000c0)=0x80000000) [ 1201.528811] ? __might_sleep+0x93/0xb0 [ 1201.528821] ? __fget+0x210/0x370 [ 1201.528838] ? tty_vhangup+0x30/0x30 [ 1201.528848] do_vfs_ioctl+0x7ae/0x1060 [ 1201.528860] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1201.570821] ? lock_downgrade+0x740/0x740 [ 1201.578738] ? ioctl_preallocate+0x1c0/0x1c0 [ 1201.578753] ? __fget+0x237/0x370 [ 1201.586064] ? security_file_ioctl+0x89/0xb0 [ 1201.586078] SyS_ioctl+0x8f/0xc0 [ 1201.608584] Bluetooth: Unknown HCI packet type 5e [ 1201.610531] ? do_vfs_ioctl+0x1060/0x1060 11:39:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x10000, 0x0) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f00000000c0)={0x81, 0x1, 0xff}) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1201.610547] do_syscall_64+0x1e8/0x640 [ 1201.610555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1201.610574] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1201.610583] RIP: 0033:0x459f49 [ 1201.610588] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1201.610600] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1201.610606] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1201.610612] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1201.610617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1201.610625] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1201.615984] Bluetooth: Unknown HCI packet type 43 11:39:00 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x80000) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xffffffffffffff8d) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) fsetxattr$security_selinux(r5, &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:lib_t:s0\x00', 0x1b, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:39:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f00000000c0)="e228795fa6176d3e726bd97fc3bbf7bfafff4b3b3511f2cc09f10f4c368d35c9a98780fb69208bbe900a0998f6eb23ab81b8844501a617f35ae6759d64fbf6602947e022b6e6ad985010b19a7259a25679fe2bacf1dd31437004db5c0eb1682cd6458dd96fbae46d516e1097599cfba3bcc9447f16630918469bd9883db34f836fdfac6636932ff3d947f0b909d9681e4a997ddaf1c37bb18d5de1e786a95326e8") [ 1201.749011] Bluetooth: hci2: Frame reassembly failed (-84) [ 1201.772293] Bluetooth: Unknown HCI packet type 5e [ 1201.778272] Bluetooth: Can't register HCI device [ 1201.786575] Bluetooth: Unknown HCI packet type 50 [ 1201.816409] Bluetooth: Unknown HCI packet type 5e [ 1201.822640] Bluetooth: Unknown HCI packet type 40 [ 1201.836832] audit: type=1400 audit(1572608340.473:156): avc: denied { relabelto } for pid=5424 comm="syz-executor.4" name="NETLINK" dev="sockfs" ino=141641 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=netlink_route_socket permissive=1 [ 1202.720154] net_ratelimit: 20 callbacks suppressed [ 1202.720160] protocol 88fb is buggy, dev hsr_slave_0 [ 1202.730168] protocol 88fb is buggy, dev hsr_slave_1 [ 1202.735235] protocol 88fb is buggy, dev hsr_slave_0 [ 1202.740316] protocol 88fb is buggy, dev hsr_slave_1 [ 1202.800094] protocol 88fb is buggy, dev hsr_slave_0 [ 1202.805190] protocol 88fb is buggy, dev hsr_slave_1 [ 1203.520120] protocol 88fb is buggy, dev hsr_slave_0 [ 1203.525241] protocol 88fb is buggy, dev hsr_slave_1 [ 1203.600141] Bluetooth: hci0 command 0x1003 tx timeout [ 1203.605469] Bluetooth: hci0 sending frame failed (-49) [ 1203.770104] Bluetooth: hci2 command 0x1003 tx timeout [ 1203.775465] Bluetooth: hci2 sending frame failed (-49) [ 1204.160147] protocol 88fb is buggy, dev hsr_slave_0 [ 1204.165261] protocol 88fb is buggy, dev hsr_slave_1 [ 1205.680199] Bluetooth: hci0 command 0x1001 tx timeout [ 1205.685475] Bluetooth: hci0 sending frame failed (-49) [ 1205.840143] Bluetooth: hci2 command 0x1001 tx timeout [ 1205.845476] Bluetooth: hci2 sending frame failed (-49) [ 1207.760159] Bluetooth: hci0 command 0x1009 tx timeout [ 1207.920139] Bluetooth: hci2 command 0x1009 tx timeout [ 1208.320203] net_ratelimit: 22 callbacks suppressed [ 1208.325185] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.330266] protocol 88fb is buggy, dev hsr_slave_1 [ 1208.335400] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.340434] protocol 88fb is buggy, dev hsr_slave_1 [ 1208.960154] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.965270] protocol 88fb is buggy, dev hsr_slave_1 [ 1208.970375] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.975413] protocol 88fb is buggy, dev hsr_slave_1 [ 1209.040182] protocol 88fb is buggy, dev hsr_slave_0 [ 1209.045263] protocol 88fb is buggy, dev hsr_slave_1 11:39:10 executing program 2 (fault-call:2 fault-nth:31): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:39:10 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000000)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, &(0x7f0000000100)=0x1, 0x4) 11:39:10 executing program 0 (fault-call:2 fault-nth:21): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:39:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x200e) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a9ada2c61f397d29384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c6eedd6a6f6c0b6cfcc4725cac384"], 0x80}}, 0x0) 11:39:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x80080, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 11:39:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000040)=0x1, 0x4) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="fb52a47be0b04e4546000d000000000100000000000000000000005deca2c93c39940c031f2e7f7297844acb507247cc3684d1523426a929384a26451e7a4ffcd89b1be7b0263ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2fe5d0476daf00e3f8921763d0ac5d9af9b23f86a9ffed8aebda47a0aa33bb9e45fe857a8acadb6c0725124ad3bf194ffd8967bba3f46f3f321cd1997ff1a4"], 0x80}}, 0x0) 11:39:10 executing program 5: exit(0x3) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 11:39:10 executing program 3: syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0x1, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x101000, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000100)={0x8, 0x380f997f}) ioctl$TIOCSCTTY(r1, 0x540e, 0xfffffffffffffff8) r4 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x282db2ee8d8833a0) syz_open_pts(r4, 0x202200) [ 1212.089314] FAULT_INJECTION: forcing a failure. [ 1212.089314] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.106962] FAULT_INJECTION: forcing a failure. [ 1212.106962] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.133032] CPU: 1 PID: 5447 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1212.139980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1212.149335] Call Trace: [ 1212.151936] dump_stack+0x138/0x197 [ 1212.155580] should_fail.cold+0x10f/0x159 [ 1212.159732] should_failslab+0xdb/0x130 [ 1212.159748] kmem_cache_alloc+0x2d7/0x780 [ 1212.159760] ? find_held_lock+0x35/0x130 [ 1212.159772] ? sysfs_do_create_link_sd.isra.0+0x82/0x120 [ 1212.177359] __kernfs_new_node+0x70/0x420 [ 1212.181514] kernfs_new_node+0x80/0xf0 [ 1212.185400] kernfs_create_link+0x2c/0x170 11:39:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, &(0x7f0000000040)=0x10) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000000c0)={r4, 0xb21}, 0x14) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={r4, 0x3f}, 0x8) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1212.189636] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1212.194917] sysfs_create_link+0x65/0xc0 [ 1212.198984] device_add+0x447/0x1490 [ 1212.202712] ? device_private_init+0x190/0x190 [ 1212.207297] hci_register_dev+0x2d9/0x810 [ 1212.211453] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1212.216212] tty_ioctl+0x8f7/0x1320 [ 1212.219847] ? hci_uart_tty_poll+0x10/0x10 [ 1212.224080] ? tty_vhangup+0x30/0x30 [ 1212.227803] ? __might_sleep+0x93/0xb0 [ 1212.231697] ? __fget+0x210/0x370 [ 1212.235158] ? tty_vhangup+0x30/0x30 [ 1212.238877] do_vfs_ioctl+0x7ae/0x1060 [ 1212.242767] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1212.247523] ? lock_downgrade+0x740/0x740 [ 1212.251676] ? ioctl_preallocate+0x1c0/0x1c0 [ 1212.256087] ? __fget+0x237/0x370 [ 1212.259568] ? security_file_ioctl+0x89/0xb0 [ 1212.263975] SyS_ioctl+0x8f/0xc0 [ 1212.267341] ? do_vfs_ioctl+0x1060/0x1060 [ 1212.271492] do_syscall_64+0x1e8/0x640 [ 1212.275382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1212.280243] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1212.285435] RIP: 0033:0x459f49 11:39:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='\x00\x00\x00\x00\x00\x00\x00\x00@\x00', 0x101c2, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xc) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/load\x00', 0x2, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000280)={0x1, 0x1, 0x1000, 0xc8, &(0x7f0000000100)="71b6e8b3531c852145a5800d4397f547ad377e323a7358b3f34ed2c746c7037a3b373dfccc74df918c20ff9de73b25938d129fc729bf871583aa25992f81e414b61d8e8c411f3ded34702251ff5760dbe9ee671e24599c90f372ceff3a81955385189abbe6fa05bebdfddc1a72333bb44eea4079b8f45fc9be2c0c1ef4b8ab3b0a9db2474e708d5e9af397b71b102559e1ebc541ede6ef8f6c9736c12b43425062e65d063203eae131ee7c3df5ca4bf2089bdc6227bfab4a881b798a5b72f24b41b47d26f5c88e0c", 0x61, 0x0, &(0x7f0000000200)="c57d905e57bd4c0eba9f8c42fd45365774cba6ac242dbebce7c9918323c3492ee5ca3a79d95d64b123285d8475a3fe04d31f4032d9bd58c0997927498299690d54556fd58e1ada0fa7e6ce3b3f12352fb0fd29f4c77fffac85f90f840ac4d4687c"}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$RTC_UIE_OFF(r4, 0x7004) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1212.288628] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1212.296340] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1212.303625] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1212.310905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1212.318176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1212.325446] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1212.337392] CPU: 0 PID: 5448 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1212.344341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1212.353692] Call Trace: [ 1212.356292] dump_stack+0x138/0x197 [ 1212.359925] should_fail.cold+0x10f/0x159 [ 1212.364076] should_failslab+0xdb/0x130 [ 1212.368079] kmem_cache_alloc_node+0x287/0x780 [ 1212.372676] __alloc_skb+0x9c/0x500 [ 1212.372687] ? skb_scrub_packet+0x4b0/0x4b0 [ 1212.372699] ? netlink_has_listeners+0x20a/0x330 [ 1212.372713] kobject_uevent_env+0x781/0xc23 [ 1212.372730] kobject_uevent+0x20/0x26 [ 1212.372743] device_add+0xa3e/0x1490 [ 1212.397176] ? device_private_init+0x190/0x190 [ 1212.401752] hci_register_dev+0x2d9/0x810 [ 1212.405894] ? __raw_spin_lock_init+0x2d/0x100 [ 1212.410463] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1212.414769] tty_ioctl+0x8f7/0x1320 [ 1212.418374] ? hci_uart_tty_poll+0x10/0x10 [ 1212.422597] ? tty_vhangup+0x30/0x30 [ 1212.426319] ? __might_sleep+0x93/0xb0 [ 1212.430235] ? __fget+0x210/0x370 [ 1212.433754] ? tty_vhangup+0x30/0x30 [ 1212.437452] do_vfs_ioctl+0x7ae/0x1060 [ 1212.441331] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1212.446079] ? lock_downgrade+0x740/0x740 [ 1212.450275] ? ioctl_preallocate+0x1c0/0x1c0 [ 1212.454680] ? __fget+0x237/0x370 [ 1212.458139] ? security_file_ioctl+0x89/0xb0 [ 1212.462537] SyS_ioctl+0x8f/0xc0 [ 1212.465890] ? do_vfs_ioctl+0x1060/0x1060 [ 1212.470032] do_syscall_64+0x1e8/0x640 [ 1212.473910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1212.478750] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1212.483925] RIP: 0033:0x459f49 [ 1212.487099] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1212.494818] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1212.502072] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1212.509323] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1212.516575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1212.523840] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:39:11 executing program 0 (fault-call:2 fault-nth:22): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1212.540920] Bluetooth: Can't register HCI device [ 1212.556234] Bluetooth: Unknown HCI packet type 5e [ 1212.561671] Bluetooth: Unknown HCI packet type 43 [ 1212.584848] Bluetooth: Unknown HCI packet type 5e [ 1212.617309] Bluetooth: Unknown HCI packet type 50 [ 1212.638058] Bluetooth: Unknown HCI packet type 5e [ 1212.673536] Bluetooth: Unknown HCI packet type 40 [ 1212.687908] FAULT_INJECTION: forcing a failure. [ 1212.687908] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.699866] CPU: 1 PID: 5478 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1212.706809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1212.716199] Call Trace: [ 1212.718775] dump_stack+0x138/0x197 [ 1212.722402] should_fail.cold+0x10f/0x159 [ 1212.726545] should_failslab+0xdb/0x130 [ 1212.730508] kmem_cache_alloc+0x2d7/0x780 [ 1212.734643] ? memcpy+0x46/0x50 [ 1212.737909] ? kstrdup+0x5a/0x70 [ 1212.741275] __kernfs_new_node+0x70/0x420 [ 1212.745468] kernfs_new_node+0x80/0xf0 [ 1212.749335] kernfs_create_link+0x2c/0x170 [ 1212.753553] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1212.758811] sysfs_create_link+0x65/0xc0 [ 1212.762870] device_add+0x735/0x1490 [ 1212.766598] ? device_private_init+0x190/0x190 [ 1212.771171] hci_register_dev+0x2d9/0x810 [ 1212.775317] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1212.779623] tty_ioctl+0x8f7/0x1320 [ 1212.783234] ? hci_uart_tty_poll+0x10/0x10 [ 1212.787487] ? tty_vhangup+0x30/0x30 [ 1212.791189] ? __might_sleep+0x93/0xb0 [ 1212.795056] ? __fget+0x210/0x370 [ 1212.798515] ? tty_vhangup+0x30/0x30 [ 1212.802216] do_vfs_ioctl+0x7ae/0x1060 [ 1212.806092] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1212.810836] ? lock_downgrade+0x740/0x740 [ 1212.814964] ? ioctl_preallocate+0x1c0/0x1c0 [ 1212.819354] ? __fget+0x237/0x370 [ 1212.822806] ? security_file_ioctl+0x89/0xb0 [ 1212.827206] SyS_ioctl+0x8f/0xc0 [ 1212.830553] ? do_vfs_ioctl+0x1060/0x1060 [ 1212.834684] do_syscall_64+0x1e8/0x640 [ 1212.838549] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1212.843392] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1212.848570] RIP: 0033:0x459f49 [ 1212.851738] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1212.859424] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1212.866674] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1212.873930] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1212.881198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1212.888458] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1212.897860] Bluetooth: Can't register HCI device [ 1213.920139] net_ratelimit: 24 callbacks suppressed [ 1213.920142] protocol 88fb is buggy, dev hsr_slave_0 [ 1213.930211] protocol 88fb is buggy, dev hsr_slave_1 [ 1214.560145] protocol 88fb is buggy, dev hsr_slave_0 [ 1214.565265] protocol 88fb is buggy, dev hsr_slave_1 [ 1214.570444] protocol 88fb is buggy, dev hsr_slave_0 [ 1214.575560] protocol 88fb is buggy, dev hsr_slave_1 [ 1214.580675] Bluetooth: hci1 command 0x1003 tx timeout [ 1214.585995] Bluetooth: hci1 sending frame failed (-49) [ 1215.200219] protocol 88fb is buggy, dev hsr_slave_0 [ 1215.205297] protocol 88fb is buggy, dev hsr_slave_1 [ 1215.210441] protocol 88fb is buggy, dev hsr_slave_0 [ 1215.215471] protocol 88fb is buggy, dev hsr_slave_1 [ 1216.640173] Bluetooth: hci1 command 0x1001 tx timeout [ 1216.645465] Bluetooth: hci1 sending frame failed (-49) [ 1218.720355] Bluetooth: hci1 command 0x1009 tx timeout [ 1219.360154] net_ratelimit: 20 callbacks suppressed [ 1219.365136] protocol 88fb is buggy, dev hsr_slave_0 [ 1219.370204] protocol 88fb is buggy, dev hsr_slave_1 [ 1219.375331] protocol 88fb is buggy, dev hsr_slave_0 [ 1219.380350] protocol 88fb is buggy, dev hsr_slave_1 [ 1219.440151] protocol 88fb is buggy, dev hsr_slave_0 [ 1219.445228] protocol 88fb is buggy, dev hsr_slave_1 [ 1220.160219] protocol 88fb is buggy, dev hsr_slave_0 [ 1220.165364] protocol 88fb is buggy, dev hsr_slave_1 [ 1220.800238] protocol 88fb is buggy, dev hsr_slave_0 [ 1220.805319] protocol 88fb is buggy, dev hsr_slave_1 11:39:21 executing program 2 (fault-call:2 fault-nth:32): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:39:21 executing program 3: ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000200)=""/183) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x4001c) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000000)=0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r2, 0x80045400, &(0x7f0000000440)) r3 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x9, 0x204802) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000040)={0x5, 0xfffffffffffffffb, 0x8000, 0x5, 0x4e, 0x1000}) ioctl$DRM_IOCTL_VERSION(r3, 0xc0406400, &(0x7f0000000400)={0x8, 0x7, 0xfffffff7, 0x39, &(0x7f00000002c0)=""/56, 0xfffffffffffffecf, &(0x7f0000000300)=""/60, 0x90, &(0x7f0000000500)=""/144}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_S390_INTERRUPT_CPU(r5, 0x4010ae94, &(0x7f0000000180)={0x2, 0x6, 0x496}) r6 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000480), 0x80000) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f00000004c0)={r6}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x101800, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r10 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r10) r11 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r11, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r11, 0x84, 0x1d, &(0x7f0000000600)=ANY=[@ANYBLOB="dfb7ed8554e3a606f6438c605ecea1da336f0cf727167e655d7058bb416eef83f238d136c775314d184d24291700000040000000ae3903b3135c538071d8956e2a01bf9428c845763c38f043f8787fb685c62f5643e0de50e857fe5ea6f14cf3ed85a400200ba15bab24aa2258abdc2fedbd7e42", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r10, 0x84, 0x1, &(0x7f00000000c0)={r12, 0xb21}, 0x14) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r9, 0x84, 0x10, &(0x7f0000000380)=@sack_info={r12, 0x8001, 0x80000000}, &(0x7f00000003c0)=0xc) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r8, 0x84, 0x18, &(0x7f00000005c0)={r13, 0x1}, 0x8) r14 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) linkat(r5, &(0x7f00000000c0)='./file0\x00', r14, &(0x7f0000000100)='./file0\x00', 0x2c00) 11:39:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f0000000000)={0x1e, "5e5a2c38b88fb7180c978d8c3badb372207ff05cc5bb6cff7c1707ac557d"}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) setuid(r3) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:39:21 executing program 0 (fault-call:2 fault-nth:23): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:39:21 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$TIOCMGET(r2, 0x5415, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f0000000000)={0x7fffffff, 0x1ff, 0x1000, 0x1, 0x9, 0x0, 0x8, 0x5, 0x9, 0x280, 0x6}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:21 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r3, 0x105}, 0x14}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280)='nbd\x00') r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x64, r5, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x2c, 0x7, [{0x8, 0x1, r1}, {0x8, 0x1, r6}, {0x8, 0x1, r1}, {0x8, 0x1, r7}, {0x8, 0x1, r1}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x8}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x10000}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r8, 0x105}, 0x14}}, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000020}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r8, 0xf3cb3dcf7f7db401, 0x70bd26, 0x25dfdbfd}, 0xfffffffffffffd77}, 0x1, 0x0, 0x0, 0x40800}, 0x10) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r9}, 0x10, &(0x7f0000000600)={&(0x7f0000000700)=ANY=[@ANYBLOB="f4000000efd26218008000000000b63932642fd72604631c983beb93e975618c20a9753e6f55cdb20703c0fc99ed371cb5bb7dc733a93d3b2b4563eada583dd99d746a727313721e5d950560eeb94edb7f6baa7c6743aa5c5df29bd54fc6c604d2feec34571c0c629d9c098dacc0fe55f07b24af777a2a32cd6a505230c344f0d09e162d14b8be85bb87a0c9efc56ac09e96de8b2b42ee2834da03998027e79c9d7b9920335b48fc487f0a9e53836c41c638bcd735e9b5c151c7882e83f6e575c457403fd99c0d647d6affba346fd143d0102c2667a6bc2b3e678aa591f07cd8e9f45327a2a5108ea9938457b07fe90466f6248f5e9a", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) [ 1222.937574] FAULT_INJECTION: forcing a failure. [ 1222.937574] name failslab, interval 1, probability 0, space 0, times 0 [ 1222.957425] FAULT_INJECTION: forcing a failure. [ 1222.957425] name failslab, interval 1, probability 0, space 0, times 0 [ 1222.976606] CPU: 1 PID: 5497 Comm: syz-executor.2 Not tainted 4.14.151 #0 11:39:21 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x70, 0x0, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x5c, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1000}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xf35}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x80) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1222.983556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1222.992913] Call Trace: [ 1222.995510] dump_stack+0x138/0x197 [ 1222.999150] should_fail.cold+0x10f/0x159 [ 1223.003299] should_failslab+0xdb/0x130 [ 1223.007268] kmem_cache_alloc_node+0x287/0x780 [ 1223.011855] __alloc_skb+0x9c/0x500 [ 1223.015489] ? skb_scrub_packet+0x4b0/0x4b0 [ 1223.019820] ? netlink_has_listeners+0x20a/0x330 [ 1223.024590] kobject_uevent_env+0x781/0xc23 [ 1223.028926] kobject_uevent+0x20/0x26 [ 1223.032730] device_add+0xa3e/0x1490 [ 1223.036457] ? device_private_init+0x190/0x190 [ 1223.041067] hci_register_dev+0x2d9/0x810 [ 1223.045213] ? __raw_spin_lock_init+0x2d/0x100 [ 1223.049802] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1223.054121] tty_ioctl+0x8f7/0x1320 [ 1223.057740] ? hci_uart_tty_poll+0x10/0x10 [ 1223.061967] ? tty_vhangup+0x30/0x30 [ 1223.065697] ? __might_sleep+0x93/0xb0 [ 1223.069577] ? __fget+0x210/0x370 [ 1223.073031] ? tty_vhangup+0x30/0x30 [ 1223.076737] do_vfs_ioctl+0x7ae/0x1060 [ 1223.082538] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1223.084645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5506 comm=syz-executor.4 [ 1223.087289] ? lock_downgrade+0x740/0x740 [ 1223.087302] ? ioctl_preallocate+0x1c0/0x1c0 [ 1223.107788] ? __fget+0x237/0x370 [ 1223.111259] ? security_file_ioctl+0x89/0xb0 [ 1223.115668] SyS_ioctl+0x8f/0xc0 [ 1223.119025] ? do_vfs_ioctl+0x1060/0x1060 [ 1223.123169] do_syscall_64+0x1e8/0x640 [ 1223.127147] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1223.131992] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1223.137177] RIP: 0033:0x459f49 [ 1223.140360] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1223.148070] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1223.155336] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1223.162594] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1223.169855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1223.177115] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1223.184398] CPU: 0 PID: 5495 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1223.191328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.191333] Call Trace: [ 1223.191348] dump_stack+0x138/0x197 [ 1223.191384] should_fail.cold+0x10f/0x159 [ 1223.191399] should_failslab+0xdb/0x130 [ 1223.191412] __kmalloc_track_caller+0x2ec/0x790 [ 1223.191424] ? save_trace+0x290/0x290 [ 1223.191433] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 1223.191443] ? __lock_is_held+0xb6/0x140 [ 1223.203354] ? kstrdup_const+0x48/0x60 11:39:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000140)) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = dup2(0xffffffffffffffff, r2) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000000)={0x3}) r6 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x20000, 0x0) ioctl$KDADDIO(r6, 0x400455c8, 0xfff) [ 1223.203368] kstrdup+0x3a/0x70 [ 1223.203379] kstrdup_const+0x48/0x60 [ 1223.203392] __kernfs_new_node+0x2f/0x420 [ 1223.203406] kernfs_new_node+0x80/0xf0 [ 1223.211140] kernfs_create_link+0x2c/0x170 [ 1223.211153] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1223.211166] sysfs_create_link+0x65/0xc0 [ 1223.211181] device_add+0x735/0x1490 [ 1223.211198] ? device_private_init+0x190/0x190 [ 1223.211216] hci_register_dev+0x2d9/0x810 [ 1223.219827] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1223.228520] tty_ioctl+0x8f7/0x1320 [ 1223.228532] ? hci_uart_tty_poll+0x10/0x10 [ 1223.228543] ? tty_vhangup+0x30/0x30 [ 1223.228563] ? __might_sleep+0x93/0xb0 [ 1223.236488] ? __fget+0x210/0x370 [ 1223.236509] ? tty_vhangup+0x30/0x30 [ 1223.236519] do_vfs_ioctl+0x7ae/0x1060 [ 1223.236532] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1223.259532] Bluetooth: hci1: Frame reassembly failed (-84) [ 1223.260895] ? lock_downgrade+0x740/0x740 [ 1223.260910] ? ioctl_preallocate+0x1c0/0x1c0 [ 1223.260925] ? __fget+0x237/0x370 [ 1223.260945] ? security_file_ioctl+0x89/0xb0 [ 1223.260957] SyS_ioctl+0x8f/0xc0 [ 1223.260965] ? do_vfs_ioctl+0x1060/0x1060 [ 1223.260979] do_syscall_64+0x1e8/0x640 [ 1223.260988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1223.261005] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1223.261012] RIP: 0033:0x459f49 [ 1223.261018] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1223.261028] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1223.261035] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1223.381549] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 11:39:22 executing program 0 (fault-call:2 fault-nth:24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1223.388819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1223.396078] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1223.407849] Bluetooth: Can't register HCI device [ 1223.414958] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5505 comm=syz-executor.4 11:39:22 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000000c0)={r5, 0xb21}, 0x14) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x442103, 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r6, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80002808}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x8c, r7, 0x4dac361dcd37c43, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="5dbac7b72baaf5adec0c9dafefc0cbb7"}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0xbdf89ad5c2117903}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x5}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xdea0}]}, 0x8c}, 0x1, 0x0, 0x0, 0x80}, 0x4008004) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={r5, 0x3, 0xdbcf54748bcc23f6}, 0xc) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r8}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8445ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:39:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1223.511130] FAULT_INJECTION: forcing a failure. [ 1223.511130] name failslab, interval 1, probability 0, space 0, times 0 [ 1223.528626] CPU: 0 PID: 5515 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1223.535579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.544930] Call Trace: [ 1223.547506] dump_stack+0x138/0x197 [ 1223.551136] should_fail.cold+0x10f/0x159 [ 1223.555295] should_failslab+0xdb/0x130 [ 1223.559264] kmem_cache_alloc+0x2d7/0x780 [ 1223.563424] ? wait_for_completion+0x420/0x420 [ 1223.568010] __kernfs_new_node+0x70/0x420 [ 1223.572165] kernfs_new_node+0x80/0xf0 [ 1223.576051] __kernfs_create_file+0x46/0x323 [ 1223.580447] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1223.585114] sysfs_add_file+0x4f/0x60 [ 1223.588924] sysfs_merge_group+0xe2/0x210 [ 1223.593087] dpm_sysfs_add+0x121/0x1b0 [ 1223.596970] device_add+0x968/0x1490 [ 1223.600676] ? device_private_init+0x190/0x190 [ 1223.605289] hci_register_dev+0x2d9/0x810 [ 1223.609438] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1223.613758] tty_ioctl+0x8f7/0x1320 [ 1223.617374] ? hci_uart_tty_poll+0x10/0x10 [ 1223.621590] ? tty_vhangup+0x30/0x30 [ 1223.625290] ? __might_sleep+0x93/0xb0 [ 1223.629196] ? __fget+0x210/0x370 [ 1223.632651] ? tty_vhangup+0x30/0x30 [ 1223.636398] do_vfs_ioctl+0x7ae/0x1060 [ 1223.640279] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1223.645134] ? lock_downgrade+0x740/0x740 [ 1223.649271] ? ioctl_preallocate+0x1c0/0x1c0 [ 1223.653677] ? __fget+0x237/0x370 [ 1223.657128] ? security_file_ioctl+0x89/0xb0 [ 1223.661536] SyS_ioctl+0x8f/0xc0 [ 1223.664898] ? do_vfs_ioctl+0x1060/0x1060 [ 1223.669042] do_syscall_64+0x1e8/0x640 [ 1223.672946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1223.677802] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1223.682999] RIP: 0033:0x459f49 [ 1223.686174] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1223.693875] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1223.701135] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1223.708388] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1223.715647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1223.722914] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1223.744646] Bluetooth: Can't register HCI device 11:39:22 executing program 0 (fault-call:2 fault-nth:25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) [ 1223.834693] FAULT_INJECTION: forcing a failure. [ 1223.834693] name failslab, interval 1, probability 0, space 0, times 0 [ 1223.846725] CPU: 0 PID: 5531 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1223.853670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1223.863022] Call Trace: [ 1223.865681] dump_stack+0x138/0x197 [ 1223.869327] should_fail.cold+0x10f/0x159 [ 1223.873486] should_failslab+0xdb/0x130 [ 1223.877453] kmem_cache_alloc+0x2d7/0x780 [ 1223.881583] ? kernfs_find_and_get_ns+0x4b/0x60 [ 1223.886235] __kernfs_new_node+0x70/0x420 [ 1223.890373] ? lock_downgrade+0x740/0x740 [ 1223.894524] kernfs_new_node+0x80/0xf0 [ 1223.898399] __kernfs_create_file+0x46/0x323 [ 1223.902791] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1223.907442] sysfs_add_file+0x4f/0x60 [ 1223.911235] sysfs_merge_group+0xe2/0x210 [ 1223.915377] dpm_sysfs_add+0x121/0x1b0 [ 1223.919263] device_add+0x968/0x1490 [ 1223.922984] ? device_private_init+0x190/0x190 [ 1223.927567] hci_register_dev+0x2d9/0x810 [ 1223.931712] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1223.936027] tty_ioctl+0x8f7/0x1320 [ 1223.939634] ? hci_uart_tty_poll+0x10/0x10 [ 1223.943851] ? tty_vhangup+0x30/0x30 [ 1223.947555] ? __might_sleep+0x93/0xb0 [ 1223.951429] ? __fget+0x210/0x370 [ 1223.954877] ? tty_vhangup+0x30/0x30 [ 1223.958571] do_vfs_ioctl+0x7ae/0x1060 [ 1223.962440] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1223.967175] ? lock_downgrade+0x740/0x740 [ 1223.971311] ? ioctl_preallocate+0x1c0/0x1c0 [ 1223.975722] ? __fget+0x237/0x370 [ 1223.979159] ? security_file_ioctl+0x89/0xb0 [ 1223.983561] SyS_ioctl+0x8f/0xc0 [ 1223.986907] ? do_vfs_ioctl+0x1060/0x1060 [ 1223.991050] do_syscall_64+0x1e8/0x640 [ 1223.994939] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1223.999768] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1224.004942] RIP: 0033:0x459f49 [ 1224.008124] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1224.015829] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1224.023082] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1224.030340] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1224.037598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1224.044849] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1224.054700] Bluetooth: Can't register HCI device [ 1224.960117] net_ratelimit: 22 callbacks suppressed [ 1224.960121] protocol 88fb is buggy, dev hsr_slave_0 [ 1224.970135] protocol 88fb is buggy, dev hsr_slave_1 [ 1224.975206] protocol 88fb is buggy, dev hsr_slave_0 [ 1224.980299] protocol 88fb is buggy, dev hsr_slave_1 [ 1225.280153] Bluetooth: hci1 command 0x1003 tx timeout [ 1225.285479] Bluetooth: hci1 sending frame failed (-49) [ 1225.290854] Bluetooth: hci2 command 0x1003 tx timeout [ 1225.296100] Bluetooth: hci2 sending frame failed (-49) [ 1225.600149] protocol 88fb is buggy, dev hsr_slave_0 [ 1225.605276] protocol 88fb is buggy, dev hsr_slave_1 [ 1225.610410] protocol 88fb is buggy, dev hsr_slave_0 [ 1225.615577] protocol 88fb is buggy, dev hsr_slave_1 [ 1225.760121] protocol 88fb is buggy, dev hsr_slave_0 [ 1225.765210] protocol 88fb is buggy, dev hsr_slave_1 [ 1227.360148] Bluetooth: hci2 command 0x1001 tx timeout [ 1227.360203] Bluetooth: hci1 command 0x1001 tx timeout [ 1227.365422] Bluetooth: hci2 sending frame failed (-49) [ 1227.375228] Bluetooth: hci1 sending frame failed (-49) [ 1229.440163] Bluetooth: hci1 command 0x1009 tx timeout [ 1229.440166] Bluetooth: hci2 command 0x1009 tx timeout [ 1230.560142] net_ratelimit: 24 callbacks suppressed [ 1230.560146] protocol 88fb is buggy, dev hsr_slave_0 [ 1230.570199] protocol 88fb is buggy, dev hsr_slave_1 [ 1231.200147] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.205207] protocol 88fb is buggy, dev hsr_slave_1 [ 1231.210335] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.215353] protocol 88fb is buggy, dev hsr_slave_1 [ 1231.840156] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.845297] protocol 88fb is buggy, dev hsr_slave_1 [ 1231.850368] protocol 88fb is buggy, dev hsr_slave_0 [ 1231.855384] protocol 88fb is buggy, dev hsr_slave_1 11:39:32 executing program 2 (fault-call:2 fault-nth:33): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:39:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='\xccv\x00', 0x94104, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:32 executing program 0 (fault-call:2 fault-nth:26): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:39:32 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x3, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc00000006000000000c4b58c81684a168e08"}}, 0xa}}, 0x0) 11:39:32 executing program 1: ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000300)={0x0, 0x0}) prlimit64(r0, 0xb, &(0x7f0000000280)={0x8, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) fstat(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r6) write$FUSE_ENTRY(r2, &(0x7f0000000400)={0x90, 0x800000000000000a, 0x7, {0x0, 0x1, 0xa42, 0x20, 0x3, 0x200, {0x5, 0x5b, 0x7, 0x3, 0x80000001, 0x9, 0x9, 0x1000, 0x800, 0x9, 0x6c, r4, r6, 0x54, 0xffff6e82}}}, 0x90) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xe8d, 0x20000) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000f4ffffff0000280012000c0001007690bd680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) recvmmsg(r7, &(0x7f00000002c0), 0x3, 0x0, 0x0) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') setsockopt$IP_VS_SO_SET_EDITDEST(r10, 0x0, 0x489, &(0x7f0000000100)={{0x6c, @dev={0xac, 0x14, 0x14, 0x13}, 0x4e24, 0x2, 'lc\x00', 0x20, 0x3, 0x1e}, {@multicast1, 0x4e21, 0x2, 0x4, 0x5, 0x3}}, 0x44) preadv(r10, &(0x7f00000017c0), 0x331, 0x0) 11:39:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x301000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$TIOCLINUX6(r2, 0x541c, &(0x7f00000000c0)={0x6, 0x1f}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSETXF(r2, 0x5434, &(0x7f0000000000)={0x4, 0x8, [0xfff9, 0x3, 0x3, 0x8, 0x4], 0x6}) ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, &(0x7f0000000100)={0x7f}) [ 1233.806937] FAULT_INJECTION: forcing a failure. [ 1233.806937] name failslab, interval 1, probability 0, space 0, times 0 [ 1233.833068] FAULT_INJECTION: forcing a failure. [ 1233.833068] name failslab, interval 1, probability 0, space 0, times 0 [ 1233.863020] CPU: 1 PID: 5544 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1233.869987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1233.879346] Call Trace: [ 1233.881946] dump_stack+0x138/0x197 [ 1233.885586] should_fail.cold+0x10f/0x159 [ 1233.889741] should_failslab+0xdb/0x130 [ 1233.893725] kmem_cache_alloc+0x2d7/0x780 [ 1233.897881] ? wait_for_completion+0x420/0x420 [ 1233.902473] __kernfs_new_node+0x70/0x420 [ 1233.906630] kernfs_new_node+0x80/0xf0 11:39:32 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0xfffffffffffffcef) socket$bt_hidp(0x1f, 0x3, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r3, 0x105}, 0x14}}, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r3, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0xa000088}, 0x20000000) connect(r0, &(0x7f0000000380)=@hci, 0x80) r4 = syz_open_dev$evdev(&(0x7f00000001c0)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$GIO_SCRNMAP(r4, 0x8000450a, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r9 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/enforce\x00', 0x40, 0x0) r10 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r10, &(0x7f0000000380)=@hci, 0x80) r11 = socket$netlink(0x10, 0x3, 0x0) r12 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r10, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r13}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="0800e800"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) sendmsg$can_bcm(r9, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r8}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYRES32=r10, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x6}, 0x1, 0x0, 0x0, 0x20004830}, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) [ 1233.910525] __kernfs_create_file+0x46/0x323 [ 1233.910539] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1233.910553] sysfs_add_file+0x4f/0x60 [ 1233.919617] sysfs_merge_group+0xe2/0x210 [ 1233.919634] dpm_sysfs_add+0x121/0x1b0 [ 1233.919653] device_add+0x968/0x1490 [ 1233.935177] ? device_private_init+0x190/0x190 [ 1233.939771] hci_register_dev+0x2d9/0x810 [ 1233.943931] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1233.948260] tty_ioctl+0x8f7/0x1320 [ 1233.951884] ? hci_uart_tty_poll+0x10/0x10 [ 1233.956123] ? tty_vhangup+0x30/0x30 11:39:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000003940)={0x1fc, r2, 0x14, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x44, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xb09}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7ff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x42}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK={0x58, 0x4, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x373}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x61e1}]}, @TIPC_NLA_LINK={0xdc, 0x4, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xca}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff38c31}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0xfffffffffffffefb, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x800}, 0x8000) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_netfilter(r3, &(0x7f0000003580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003540)={&(0x7f0000000340)={0x31f0, 0xc, 0xab610280dd384206, 0x8, 0xfffff801, 0x25dfdbff, {0xc, 0x0, 0x6}, [@generic="6137e9864f3bfc11d4cda7fe137b346f66cd2ccb71be57532027bfd23ce38908e26d012ac13e7bfa4b59d90259c6cb37d41b9586cfddc4dbf428248d76fd5ed2fc41d3ec9d9453e3e26004ba540c86100394ee9670e5e2be05115e5578a4d2c03d024932ad235c3ace9bac4a11621ed19f2a22bd0c247f9d9c55946a32dbcbc7f7b820c6218333955f778afaa02b79e1cfd3090d94b6df4f30b44be3a2e45e3759bdb740c864b29253be4d0e013280f2280b3a8df812abca09f1d308348e4b65d7f83adea99a3a58691fde0304b67221545c0134f9538c0a41f1ed4a3f6be3188bf6031f79ff30ffe419ba366082b14b8ebf480d3466a47ca06cfdf7b3d1c91bf1a5d1599551f999b7377fbc45764a7bda5b7345ce2285d58d4eb7f6121956dddc8793a6038b42cc28a5efec71cdf72efa3cb2e3899de22f8208d0b84ff1fada8a863d023f81aec191f3e81b5d05d7f1224e570f0d8e1478852d299405b4e6a1c6c674ccdc6af28a4e57d5b7c76b7f1a1a3270fee015b047eeab735f90e99642592460eb2cc67f1fa5da54c5df01660900e1ce2a43a6e9f6ed359bfb5d7fe4fea81e92dfd59ef56335638c53c96d386fe572835bbc82019d1badb1db1f06e991d418c20c2d8a51e1eb9fa2aa3893d60dc2d5c88c0903881563d14367de97315ff3bd373732569375140fd22bab5b36aff272b5a29e29501165c5dbc0695bfb93a51b2e14e06fcb5a766fd8695526b73089bc0654a62a8794ad3068ca58ed1696d48a351fed2540af8d62655f112148c74fd45e6750ebf4a175a9292b2a12e3daa59495126367d51a90fde811118ff7ca751c1ebed2d402264fe80289e2a0c239290cd4a64b0a9fe8462d2c3c103a244d6ef392e68b33be12b10d2a129a507361871b5d313c5b0ffba1c7adcc265c206b5deeaa30c8f0a27347c968cbc33ed3624ad3ce6cbf9689cc56f1efef07e490e89297b403c4b75cfb7494b804f79c2d76722ea5307f19bccf38c8f7c23e3ed789bbf7d6cf31ac27ed36800ad485045bcec6e39ce90f3d99e78dedcce49258780132fccaccee12a6c4295ff374100992906daab37e0751bba3cfb2d3ddf3ea4e239ee0a927268b3ad44c4a780df8a08c8e29c39bb0eee183f1b48b336c81cb0e6af2d6bf2f727a3082a17bada4caf43ad3be52f3d86681ebd8bb30df8aaedb5d7199eea1ca7808e475878ef59be2dbaae96f4676b40fcb6dba5ecfa547ff2d1b9c949d52a3c8d0e02c36fd233f56671700d401999671cdffe6b8a1fa9bdf927f6e9d3afee6ce1f8b92037180fdbd2037abf29af1eab176b2336630e5c5d09a30f6b1a2e2dcfad30f0ffa8086f5a4ee8557af0764906db741aa53494b807077b647a8e22c85462f61aa7aac2888abd58030ae1ce20295b0cbcdc88b45ead5ec0d5baf940ddf8ff933861d28e92a647756211fc5dc9f6ae475db27b6b3bde149797803f005700008eed750808ef3e4dd7b233c60ecd6b2776d2574eef5b0a1cfae4e63f14fa5b376f7e6c3f8f21204b22a02272a0df18605f0459273a7580001a42c4673f59201b692509d96f149e5a96e038cc803813944625be560f84ac29a0b33a5769b1dde97601aeac699fd3515c3ef27cabc40c809806d8f9b5c35609f2e67d43369ea81656e758fe1cc24aec26d2402334d614ea4391c8fec82918cb5ebadc71059c3bfb49d011c68bac86693d4590386482de69abb563d26bd972fc83bf44a41edefc42bcaf3b87d5be6d0e4d83e62051469e1562a027228784ee5cc40dd1f584cabf33823139731560828a94f582f7e01cc7619c58a780c17f00ff45fe8b9d4c8a157c7dfe96fe0bbaa5a0ebfeba6a821848abcd8279f4743cc31bb66371a122f1d82da65a4a57fc37bb5fc9d743100da5fe24c5e84d38fdc856a7cb45cfff2f6fb042cca1aa586e7b762939111d7f9f1fde3bd5961037174e43333cd0de336f02a0d7419aea65d6df0eb4e2834f641268aff628914a61e331bc84480b5c5e6fa2fbbf98b21e93c4027299b72edbac80bcf6b6d3e29a56f6c7a000c330613a4fec669321ac1aa8587656c369f5af43ec4698f2c6efbd1c2b0baf5823068f7552911fec6c6f253606613fe47c810f6e4d75ebcc4128295b3183b794f53767861ece3886de82d73f226366f1c7733781043fe22a56c89447cf727a358a000fa125afc9f8629c00afe02bbdf944c0fef1d65365899723333bb602c22105667ced32e67b3eb6753d3c8cfefa2b1ec1453fd15c5ce4ea82e2feb699867c2584d093edf6a5815d37badbdb941fdc09ed422db9261df7907f1d15843c900dc0b9502dc69f106d194aae2916458c1ae56096ed00ca3a27b998e9d9b0e0fc0999d8c2646e6da01f6484c0d993037cdf346a8e0d3d88035ab3e1e9491954028cdc8b860b05a0d86fdbddcc096b851246e10c0cf1725370acc8eff21a2d049ff786945d18f5ba300ef4759c26bbfe5d0b8725732b396f21b7e34568db095c6b22daf9c435fce59c42b39a26461d8c7fee67455aac6c23a87c18a771af684b2ec5ac93f44d1d402b2bfa788f2fe445dba77b2a386434040965adc66e6c79532831a899650dc0d2961238d2bb08fa23111fa4fb96de23c10bdddeed97b4b16b5bbe38f0c6da0a808fef1613f5f86f49242b61a88cb0a0b56831e9f4b88c5aec8355da958a8ea7ce928bf6377d28c039ed8c0c8b23d2361f4aedef934f1255e951428e5701c9eee8f7d081f3f0d6017c30b5d0dcf8c01a5c8275f7b1cdce91e9ab38250459ad6cfdcacffc5e3a47c48f8d4bade9fb252ad3ecae05fc04d347aeb84f17bf4f6bf4133ac247a345d8f93bb9828ad6086f8195a058a04ed78f5868829506e383e2ce251eba7a01e93ced7bf62251a69654f2f39c60355de11d0dcd8d331ed88f9a88c2c6da18335fda15bf1e98bb5bd7d093a632f21bb784aa2b83ae0eae0a9f8b0543e075d4d2fc74cdb93794c2a7f7a273bcaed74a522dec9ca1c806471c81a59c6c47ea50b62cca18286d13216081db19ecbae6a7ba5bc56ad97ebe2b7149a2506aadcacdea94a8a808d5d826c98750e20d5839bf2963232b925ae2e2796866c8b14df1532ccfcc1140047013d396d3163bcdd25364e2a77f97e8664ab160e6c6bfedefadb29d9962a1c5b525672212d37ae55b3f1963be74549d4e04fe17c1c43b4105f8a4152b18c3c9adafae9c40362e3ae46b217cf6c9e535436b5d4a76dd21b514ed71186a92c547c6ff84e0b16ac18fc2ac535af290fff8c2ade7a19bf5cb53783df1575ca210046e3f2bc9f1fe096f8fba1a4d8cdeb5a6953d0874dd9ac3b53767b7de40a8788f35242135d8fa370bd3cb3dadf5d138dc029e86ede498100f527160a83b690c803f5ba1c8edd944d86081d255950546ee19b725ad9f1b4518b55f36da401b4680f9d853d58da669c05b812c570e0bc04a7e618bd75833782f810c6a325d563ca1ffee89579c27d48f2ceeead171377d0e3d70daad9163a61ae3e6595d51e093b35a0ec772119c3ef1c7d4664ee875f607904aaff5d9e16606eb82ac3233e861e099c928d04dd10f19309947c66b047a0647f4b1687b292e0ebcd85c078e62faab1610542d54c35fa7bcd6ab3fba544e0d6ccb59325daf35917c20d69b1f821e3b96bc991cdc7fd279696442d4af0b6a6f2c2d7e97be1528cbb732ffe346b88838317b4567f6734b2c65863f4726b93b1d9618a803f40e08e175d5b47a9b71c75b3db924dbe0d8247034b0628da608e64faf07db3c51a0901ef0a3e1ac7b4413ef99759ef631454e37346ce3e105c3b9452ef477eeeac196efa52e8d9124b743650d26693e5b14d25f69e32a56deff1e42f91c602ee3f87fbedfe30ba4f999a4803fadf2a5c78e2e8cc29e422ec82b6f51eecb5879d27c49f9bfb2791ee6e14bde3e69d200d7d749afc614f5df5dd63344c313218f990f1f007c5d5913e7bb18fa1a1b9b948eb6f6f05221cb0387165b50e5d7813ae414b13f556f6444a26c19f322d3fd6c05d89490c08594851f742f5c3094c45ad117b0d8720d797ded72d5081edac9becdec501d36d8bfe6ad3bfddb938eb5bc3528285019d69ea9d9ebf1021d2b09697ec58ddb8dc920a70b8b7a8a09156ac0d1ac3bacbe3617bf3fc60d547ecac1dd3a6b102fc90ae16e8b20fab91c91ea6c91050a859efc4b34998e52fe69502a40d911cd6abad2dc83725d9355f394144dc66b2424d0da8b55bfdb8f4d9e9ae54e0828d0e040b238a0ba4087be47555b91b10ca6d3ebf978823a1eac592a42a0d6104c4c958aec09871ab73bca4fca313a345006daac204743359a8833334c6acdb77d8e4bff672eca5b54b9567af4c92d0824d1dae6bb8f2cf41ac9a56fbd4992c713068913bbae4cca9873ba4dd2c9c75d7bdf70237cc7d87d7154c9256965123be030f161b9c3e48267891d0cc04344e7fbeb1cf582e03e59a7d713fbf7ac1a8f94dfd536c51658fe17f96dcd665d6708a456f9fc6464403919c7014692223740b4259501010ab6ca9a353981ed628fe26336c762b8fe382703692c346209e0dfdc31600bde3361edc49bf91711542e4ee20343406f5d67f539b8c10f287ff525fadb68d53368316ea61b2e5579d736ee9837c184226eb3e4ce201133d65b8ce70f43db30dfda7e55f353db4d92218ba7a73be1c4088d3e4e5e1c48f0a8f88c5f06bf70bdc677264243dd715f937b5eb6372c6e2f0b0c2863ffd4f8f47d9a90ab26b1946928da4748537ca860b8272c1f111cb63b8cda953e0676a2241fe3a1ae971ba585195c15aea0c627dc56e90e114af0ad4ecaddbb9f9b61a3389864c1fbdefc4d3ec0966744b508cceb7d22802f30d425449b09c8b5181b1c31cad2633fad35278f90f973c45875f7a60afd034f019c97a27a7ef8299f9244044bac207c32706da012af9b6424df0caafa1e4f19083c4b46aa781d5deed6a914107ac2f3ccbd810c711658f36fc3b1e669e951a16197999eecf298077bfa99f927570191fec800cc7590e9e4ef874cb32e32ec91e194d2c77c0473fcb8e1cd2b77d30a9d7511e6c4a09bff9bd1b41fed04f6cee7733b804b492c36f1c1917c0c34d1738787277d1067abc668ebbe1c4e400f5b9d41faad9de1bb1455f4bc96eb119e47686ba697a24503e54c79d0b66c555a17f1a561b7c5dc6c81a026e3f9744714a07baf96e0047d85290058f1dc9801b56cf6dda9d2f8bded9a821e5a688a351ff9a325b9e7e0f2d7c45128d258ff0b822fef1f2d58a4476966e529119b510b2d28e37ff2fe51766f016fa2acaf144780942c574f65f0804109434b38daf447049de3e8dd63006cf37625474ca41f718783775ac6a9f560c14f72ba710a5418a12a05c706989a99a3bd223ca58c875ba74964d8b62ac9cabdb7fd4e0bbbaecd0f12c8c35190b10aedf23898a208ee8f9621ec90b852562218812944a2b3386d0a1cc9c2dc10c3b37a8add1cffe6f5e37bb01bcf58bbaf7f1b8084990ce1f299dce66ad12d2b7d78601117b9c00a391c9d35ee945d7aa02f83524368b2d15f54e1a92ea1161f8e4cf2aed58da8338cffa5dad7980db5eb1095f928e541e64a32926083b872130bd2f525fdfec6cb20a1513f0acfebf574bb8815dac7caf678d2ad20b70ab4b262006d0817bb50fde24a093e73e41d31c92f21fe9cc145e53779198c7318948e2686f795be4c18144826d723deb81e120e1a25a89e30638e6ee1e4b720ac72563aeee48597f8b21705511be02b926ea9131981cd4cc470b9c8338c1", @nested={0xcc, 0x82, [@generic="ab6a5cd0c281af51ea83b39184bd11f41c619595289eeaa21c4c36c8b0bf0ed06992d11ceab8e515c7b0db64b71f6d7b6e90e4ce51daee3c025213068f0600be5c01025867ed7ffb3f4a781ec6cca0976fb721c273abaf08b221b3c2f1f33f778afd64623d92c6a316168aa83f47076f9b4686e632d620f152e2d86d70ed4d7018036599e3fb27e560ff4b6e75b2aaa95a1dccef8c9aab1579e4a88a0d48fbb8e275bc2faaed628c28a8ede821d3efba4d53506ea84ee1ac421af4e4822479eadedf6fce61"]}, @generic="b9d3c141179a418b4924968108a59989fff14d5de86d160996299e111c3d64e0526ad9445d9bea9940322328a0f601e90c02f721af17ff97384f158c7a87acb5b26e69e72a96d15a75f0daa6af000f8682f053ebf4d832db35137a0ecc9d4b544173584ac0dc671f76aa1ce4bc47284f9e704a1637daeac643e34b58659e6650e99efeef8564e7bc7948d1f484f42399074ff858424f57c02658b183e13cb6342d14433cd5853d6baa11ce062edac087af524e3356111605def97e41e8eecbabab49d39175ba7e1c8f42a134ff910efa9d38854c80f04eab4cece7a04d76e083bf7bdcddae43d428cdd8c4d7c294ffc4840d7817d67aad72f31c4dad1c22cebc0bf32454761079974f810996d69c8cc3fe760313a0f786ae3e543aa972b4a458e14ba9cebb94eac6702353711d8ce8af077270aac6d850f97765d3b710de38d5059ef4170b7b2c5deab0e1ad53ab11f5981bdde2430f58529ff75d4de39a82f1a66392ae74d8df6ac12431c580d76570b8f061a1a33f678990cbbcdbe7766d13e1cf0967ea0422f562c61c0d9023f1ccb5c034600d522a9226d519937534450d1dbae17c1553437322bbedd922cbdfd38163ddf4fbe456a7fd7c2db8bf14ef87378ab60652c48d8596c3c8cf1cd62bcdfebf5063987678da1d919b08217f8d4d4416564c192088be626eaf5a4bfd7e92a4733ecdd0eebb5e26323b016a883816da0eb6b85fdde949b979037f833c13209ee4609542c480929bb51aec91fe81edc34ae578c64ba0e1cc0b43c7441dca1d3c89d5b717b64ccc3c2d53fd5f7f181158f45b927eb5939d4dc7d37b05f18b7aeffa83773c84660a3d597e42b3f57acbc8595df57d859ba177357966f37c2481e2f4c17a1b8be1759360364e03e5b7b7da9235be3c8ed8a8bbb3f35cd1e9607915d9f1b87fe99b5b44775396953dd9a43b1ea75ef7dead9f82017bc89485bac7fd70a6d555472e78869cc9ba776d202146d9ae9dd06203cc521a61eaffe8638ef781a0eee13c8ad068e21c2e6d8327146bfcaed5c88033f123ef861ffc4419949d3d6e999b70e1ae1614f190970232aca7e8af13530e596670f43969dc2a0fe76828410cca75e3c84238bbeb6e4ee7bf6a7275d64fc0e110d43ce91a7ea0f81f254997656914f6edceb4ab913d24a08a99196684faebde1aa5010516925e449d1fd10c310c2c2886ba9b75f09ed3ad966e134efa87b51cb58c46f054de40b97841cb6dfeec0434daf6b2dfec1a97d505cd8cc37c0f05525299e7d153dbec95be294b3dfb978d88500d8f6a033b0abe66180af0fc34ab47860b2625a741a63271bf1801eb6e4f314c97e04f5f621676612b901f1aae35b2ef9db8624a91dcded811a77a51dc37eb93980ef548616dfc445e01e98bf30331ed9784efad525f4fddd49f5cbc28f3125ac73c83fc544252364f7fba84ecdfe3036a04ed145b76d5b31084dcabf7a9b556e39dacf87dcbb147721e2f94d057fa7a8c0b07d7c2991ce57ebad60e4dc89bfea26f450b990bed3d357c95b086f1d3595b7d0ef78ebcb645fdd7e63672b64a044de0026f9ecb741eacd58a6b0ff675e200bd1bf92cb1f44c7acea891be0847b76aa7338152602d7cc3274433498de500e53979230ae4b5128ea243da335cd28e80ede530d3f3fdeeb385debbb02a2bd518e10b6ff5c684ad619b812c809ab684e08a68d89dbb71fbca1d0e7e7009f1a981114643dc86985955ec0a3aa68fab454fd30765304993b96b4766b7e0b5dfa7478c6bc732c1e6111e4fba68748e5e7665ea1b84ea2b038afb7cfe549bd592955b430518810e0a4fa7f55510cc1b586a9f34bf64817c981b8dbe21ad0efa7607714487abe1e15aa9c8130d10d15b28635ca939755beaad87e22d909e8e80b9beee288f4250b39f8b7ba416302067a0ea6d4d0da5f9c1695e2eadeb3a45cc1cbaf8864adf99aeb3dc47ede154e0f3bfb81abba9894814705ebff0a5f851a0181cf454c1b1214b7f53c55a8dad48407bb4b491cbb748ab6e4f2bf5273dc61277788f8503778e17911cbfbfb7ebe7d8b0e6708dd1a943a35cf3c1b09609e29c5042cad0df47185634b3c7371bfb82a4e4e75b60fd61dbb28c65e519691a40f8e2442d2127e251c508bd04a842fd456806ed36b190a6d2f028ff1b0e4bee13bb156a9c8a925d2b1d9cc3a3fc676da3cd212a76aba2672ef87035dfc60f03467e0bf523027e51406055aac30810fee4f98e0e16668de919dd26b9aab29e00140248bfe84c568bd4aac782273fe9b891a1da81fa7124e384a2e9ee0a3628020f046b0aef5b61691ccf7579e20a58e2e3fa23ff57a57fc8aa4af525fb7682b2acdb6d4cc321936c2364faef1995fef2c0ec9fbb8b395f5bbc0f88b5d05a0a149f1b9ad631c3885973fef16c26122c9af41017c45992f4a14303363df1492ac7e25dbbb1a38b87fe5a37efd6c16a4155112954bbe9fe5131a846d3f8db0b6a658968a5ca21d484074690c41a0828f39c76138762311252fad64fb3bb43e364f227713e1fce4121856c569e899a9d3bcc89ca3ff5f405632f189d1966e0b27bd7779576a33bbdee7feec751c521ea01b593f1c45bc82a67af9ad419c0f129c0f0b4c4a1d59a812ebfaaffee4408651a138f7379adaa03d141b6d835c3fe2693858e243736c4ff89a5f28ef191e36047f41e676e0b3faebfe3e6b4ea023704b766dd5a029444df5160a905f4be390887530dd43ecaf5fc97ee57d1ecdc1caa348d737aaa8de31b7caf0e5c9b0459e68b2b7c400607243f69821bdc5d1f19114c716710ca104ba3718e50f6df7e2bd39e0bbaa215d56c4d15cf12cb96aec7666292f52a46480fabaf737d279a985268b9b2a5041c5a5bec8bccb2b5dff0103066b9aeee8c17e8358ae112676c737aface4ccbd857afad9fea6528c8495f3930a61d68da0d0ac5d34d7c854d50e09dfbadfe7c5b7dd104391eca317b2d36df8a0542ae7535f17cef0cb974a2921d6933260559bab1d8872b2700afd3ff0a5254532ecea4dd16373c60fc5f529bd8c065933752b04fade26667b89e62c4d158f3638d72295d910dbdff00433b5fad0b48039c606b6919fbd1c86a3dcfbe9e70d7099b56569327174b886b991f53131c0663c62e4efba5ff07fe0051f84ba63a81e99b2fe74af56385a985519056402a71f4306c8a1022b5ca6b1cd8451cdaf4ad854ae628eed8f7ffb938330dbab044c559237f94e6d2826f066c8306dc6af35d7d59ce3fdb4e1de446ffcba32206023cca5acac5b2e5aadcd6cde449a45ebca4c1b0a98689fb3b349d459c189f0bca7a86b847bc96f7081705f5c258452bec0860366722259ea68840655af596365ed3277b5535d86703ceeae209285ed501cd264e7797da8019a8b094574d5c9aa88e20ddf80e9ad21c9b6b799a78b97b8b3b3d0accc9538a6ad1e65680ef28e5bc59a9f67e368425bc756d99d55cfb50d7cb38b8610141049a2991736a2c13c7048aea990fd0033e2be88d3e43cee2513aaf8bf1ea6685bfa588adf18f43892e06817507039ef289a322688f3a3c938e45e2d8d28b6f1f5401062b1522cd0455e37c01931f25f3e4d58eee11091fead75a7853cc9d2a22c9edfe1f15c91f0a36507f88f999d447ff8d876762dc29c33b184fae316b94d6fd891c6a27c3c3c7cf315baf7c53be5cf6485003b01133c766722d0d7be38d05a6a2b88b821d5df19894a6ba063b847c818b3255f31a3ae6a666c48cd669e14cc09d8eb0fd49759bd8d0cf19f226ce46871f040dd85da1ad96cb4eac89b805185fa66917f1c7ea585777383ab9654a9a57c3899b17d2ad250770c19c576cb4280115c82fe23c68796583fed1917313d9c82fc22a40466937661c58b8b93eede63b7a8ce5ec91dea7a3b7cde6dea1391367260d414c535315e122690ee830602f0047a323abca99ea9fd6487f383df4881a26ca7168e4e16b742ced1858e9b24d0a2f5ef987305d3306ddbd3e821b98cf21d1ecff700d14c544b73a1ab8e0e4c9aa84360cb8f23369edad0d801abc7bb68bc8f539436cdf9ebb7db7a596a4419753f5028836bdcce40b2ccb508d0fc95f8815a9250f89f9c7e5f511ff894616d29a66d23221973c41e9e3311e579c1cc7f69d745b9446eed3587d9180c379b0c981bbbc4aaaf0fdad78105106f3464efd2176ab5eda4a0d16455fd76fa1dc8be941e004eef50d68e384da983df18d441c2bcf00ab380a9a3e7a32aa4c48294d93f371df57818ea303dff43d35b1c7d8bf02d6e5067f644b5a32dff4d7b3a7f5c47e390c63c13b7c39d13bcb608d1fb586ec76b53df907c6eac16b0f00e03a7ff82344b73edc95f7a870ff17862728edf178f3bd9d3d5613ae6db569af29e8a05874aa7fdd8fb49743cbc62d411e56d36e6dcdedc647f486c1aed085df0b89dbd0b892f30a5b10703482387e4bc4bc97256de1e4139256a8a33e847f98edb732924d8634bfee2e932f18657e0b995d8e156021cd340e4a5a785938916389eb72195012089b1f580dbd05b32d0ed382d5a612d2be6d5bdeb8641fa51eccea814bf49fda022e7b373ba5abeb1adeaa25580d747435f80930f30e4a49676ea7d3da05b9b97ffdf4aea6730e4a4c9c731770d4b3f87eb8b4233c39ce2da0c6edb7e037656beed7cd6abda2d16b19ae3dfd424c8807d423356f6184aa92d723cc4147b69bb4a5977a61812b6dc03ca173f4144728e56ef88545cc5ec4c8b8d0c4140e286b04d8a92e1cfdb7663b9c475163fb087e81ebcb31e2c9786535d515717e86d4b611f19890e1df2698f74fbe1dff12f6f683045cee3c7ce5616f50d6357709a255cbdb6b44ef89ae80fcc301b3868653643986a5cc02f3d8e7528036eb7e27389a972e862742b3482566b9ab2005a2fee2454b4c07fef6c93bbd59c4b2151a289b145af42b27c2c390eaf5abdcb3e1d30949ff11b775fe219bbceba324c0f7f37447a6578f4671dcf27c67be0bc39ad1a32d151443e382fef0a0cb0f1623e0f18f704229a9b1d0b44a1f34940d3bb402ae11cac821da800201a9daba8ac9e6842d8cf6ca309e52e65f42cfc9b1115d73869b5fdea1149ffc5e180c85cac18807b8083df0862949ac5301fd69989cd410ff510a580e797630965a1350ef462879418be5ac06ae1c9bb4319562352604724a6b4eeba056cba091a7f830f89cf8353aaec2e0f1e6e5ece579f678fe22698195126818c1589ef764eaacecea53dffbfde31715596445bf9f14939e8dbfed9406875d767bae036218ab45c435fbd55a90d54fa75d78337901ba081e804a3a870a8028ed4ad3cb01471083e3620e462f5a3e08ed3f4ba5178619c78500b2d65714427bb5a1eabfcb1583e0f1aa7dddebe4abc8346c50a187b21eae9e91ebc9f2c44ddd9e086115ef5968ec1e16583054dcb04046005d802bee1b8785dfe3d75bf86385fffa24ad9d2fc7b1779c8b17172d0699548c4888ae47aab57f9c3b953b0037c0f113c36218daf3c8eb2179d43a7cee28d8c3cc1b489baf09514d3293b08115ae1b1c6832c62d8b5562a37cdda027f003c84c22823960ce496c240de4211ba9a64725be44a9b49d4abb8d0d4bd4866ebc9734bf0f04320132fd50e65b5e7de9ae49f823ddabf4742a051c1394a3a5f820ed575ad49c59686962c448f1ccde94323ee3da5e95e852903d9689ec9053e5eb6dddd4824bfe0b12366ae961aa69e1e3d5f033248d6a0650b30328eb70ef42c8a2f75433e431ce2f00f74c7cbf3130f8d033631adc45", @generic="b4ac1465071f4108c5ca24a6da4f14c8d2f82c399ddbc1f8bcff7e1be8d9bfac46d7d64ba29fba14466c019f199786bc3a375cba44421adc370f47784e12bacba27d2d24ab42616aa3e478ad370e88d527d57b824b46b64ab243cf1df1766994", @nested={0x1004, 0x4b, [@generic="9109fd54067301f0633c86cea5ddec1fe0526d53142dac149c2958992d716f6b97abb207e257611d4b2690c6cb11abefa55f4651214379609de96396b5f714be91dc89d65f2c2186de0ff4e3c04423fb6544519862ffbc7d2c7aa0752425c9c6430edfca8f5fff0b82a3bcfeadc57bcce736aaf8fc8a49e55f8e80f63d3935f2c3a1fea4de73f0bdf2f74cb94450fbb64c90779365fbcca70c9580d7554967dc1b964d2b62abee341fe52f0c8cdc90cc6cb75d3376d618278777a5c9004362160535b05ec05f1c2fea8d1d545bff05371722fa88303a172340660d77862dd897f996fcb14cb76b70f17188e069cbb9d3d215242d9f2e572957338c8db7a7326fbd3979fb4877f28fae23c277da04670c7d59ba74f1918b191d69d5db5bed659b678b07edf04fc2e715d4ea4aadf0d387458b739e285b2c9b9a394f6889982df38a5468979f53d729e1b2977fb21e2adbec1c32ec7adc09c1adce13bc30e3c65d5c338dbdbd6fe3dd99d520e89ae26a727be0599a579cabd491f05f54336cd47ffee868a848e2e6a762483dc9ef6016e0e637cc03c1f2079463ea173a109f249810b4fada57aded9985a1c7bfbb2fa7fcc56d278ac1eb987e8705d09de9605edcca77c9949d6038c390685b7ab93468ef800c866462e84b8c1e2d56c04cb032ea69e652fa7f7db6d754705edeabea47b5dc06795d65f8ccd07810b391a634f05fae2129ecff985b91c733f48449b6264e5897f826411f4d3d324dddd7bd4605062614df77af29ee455e6083b2136a34dee97945d28f6e7ce692573654ed916881bf541449c5fed6afe7e1f0991bcd674ae500bdfcb2d309976759927739216cbce4ea71385f7ccc6dfe349db8991c03a7afca87a2ea6a848007f16e4d590a4d021e2ee83bf2b9baf6fa22b62b66de5c7ade453a8aecc1428391c6def2c1041fa7bd700e2c30e378e6a457ced87e349b8adc614d5cd9142a19132616ebe484f6eb0ba438b6eac1f71a2244037e62652c4613756fc61fe7459851115f98b3ef262b917eb164d753a53e846ae69a1148677e7ae079b7f54c24c36cd548b42712c6634b2931db08542cebb6a81c3f6d37005d160c54a0c318bfe2086cfdf5c8abcc2c8308f6b9855e4e38cb50a238d6c37d1c29209d0fb1c64c2eac6bd80adfec012e75e62b918afbdf6d581b389f1fa6653a96e381b4771d282ee2736ea7404e3d25845efc0673a463b8ba29d06c7ba02de9159e5f63caea95ead6d30ff8a5ffb86a32b6b778f2ad519954f13c1c3e2d91938d92cc10971e55542f498b40c393d2e6ce47dcd9dec3eb243629459010ebdf0bc4f05c89083aa526b5b714febc4591f7be6a1f0accbdf2c3ee340fb1ce4ef772cc643e90539596880a829936eb37e52b2e7b1db8a9058fa7e08edb4ff9c9d00d635d827356dee708299ca4f73a36e0773274bbd164e3e6aa65349403e3cf0f8cd172b4f3c7a1d3b4f0874506a0cc14cbd5e0a1f200fcdb504b64e7b629309a4d38096c58a1d1eb6c662111efe808ade7037b1a1d8c689ea09f0a4a83f427a1de35ee43918a56cc577e0cacdfd41006135cc0d0814cd2aeef62d6f8b85d679c96bd7d843d25c1e1950697018eb381a754fef4150e8cb830f44a59852263dadda1e4778946e76e94e4f18b4529ada7ae50e7a2db920f6ecd3c3620e3a60d2bdeb7e78c438eace85a527dc8a07fb17da8c3f53628bc06d4a7a35a526fad1bbfec40c1460c0a74513df9b55d8268bb1c5015a1b4a030490e8b90aac0adff1547b1c4716806097aec89206dbf819c5319718d7e7289b356cfc58b5ff775232bd5c0bdd880d195e58ffcf9d17b1f7988daba1b3009299eb5bebbf5f9f405a76bcd12274045a7c0d945942c62abfd9ba54f5c2ccce96d44ab460f6fd74dbc2237508728c77c321069b12b0a75e7bf7295ba8aed0766c94ce5b64182ff9a4b1a17d56d1d20b06194990cb5b65c5fccc0632a931f9fb3360a9c74faace6a9d0d751319ed0749b04c7d5d9e7dc5f2363650f650952870f091342c6dcec00292a65d013e14534695753af379cafb0a4c724f44b516216e393b7320fa0147c4e341c1fdf67bd625499f3a79cbe7e766a4b15add32a1ef679beffb7c6ea92eaf179c0964dafdea86ec5374f9e63bbda36017192e82e800b4d42e4cd6510bf49b35092883225357edbfc91eefbf57a4373f53168bdcd7f28f88a9e52d753eb2ee02deec87f4c86806f9a7d344b47c577922bf0df50f940a35efd51c668ed75bb3dfbf765755dbf894e5cc423934f380c7b45f65818c7ba9d834d97f34f5c903f0aeba241a4465b60bb5a91edb86b320944a1ece62ba043fec1a36190755d011b4416f5f0fe77cc290b0cd8dc87e160cef798b9dfff18a14b8fb8912f737a87e7aaa6588cb0433e40cba193690f1d5af8ad09ff75d7273e0604eaa3265d27ff86a85d248b91e10ee09b21b97914a5a7ac7ddce79dc63365b2786326acd89009d7fb8daef08a740e967fbfa56d4babdc1d2f1b2767459d96818300d4a51cdb99dbbedc0f9d71a0150d4fdceecc27b88e87e932020f31f61a6ba6970266969e4fccb32110f155fd8fc53402ffef90d00848b049e90a1995ee3b20a0e38bbfdcf2862592403890146aa9a968773d4f895b343cda4e10d603db311302b393e81fae30819e70cc19d5a03a6e183326f0492d0c5f83737dfcbf7765895a104fa8ae64260fec0cbaf853e188a5817ca725a1bfad18dfbb454c2a43b59750b81eebf7b8ae8a19d0096627df1e7da022425b7ef06ea61c3c13179d4ba50a17864aab911df544c720d4e3f447ee679884b0db14835e5268c14e1eb080c117a6bd2d73c18b507c542e183b96a801b73f38ff93b4f02d3b619c13f9ddfc1e9f92026b4a38ab064894ec3a498ad200d8d6b00c42cc8b3ea3e2d15aeed4b7f9a0070efe6d3c34dcbc0652e177ef586f059a3f9e251414b917c8cee41b73f3088334b9c5da22bafac270df36baf73d5c0058ef82ee7bb7288796252866111fb8ec8e35dd4e0ed20e84cf6381350c81b62da5f0ae8862622225b2072d9a98fd98c40c6a0a79db780d394d4cf3ca8340e7ff078e5b966d25f75100cb5db439f74085f647e5949a5dfca80f4431a20cb492125b734b6d240334f38172e8d020c4626c1494729eebbdfa5a495ee15972fd06009b043fb6de9b619631ad4b7426f20891c929f90ddd30c8744759bfc6eada8ccdef82450fd48f83e836342d30dce238b9486fab7a1a9c9ad393ed4c56381ec7bf33fc1189a531580f4709c3618790d6eb7cfc0e334152349bc76d623cfcb4521a598023a414e8b2b8a3a31915dca1d0d32b46172f2feb1046c6b859582a0a73c829a10470b63fe915e9d824d45179c15dd5fe0c5e88577504963396c97b1f6f94da5a5d95dd96bc4187df94775078284e300b864cd82f154436a45c2b2a5d329ac3fcfadb8224285623586588b8be6087e3924e3888f44a8a92385c711fe2a1a8fd34976eefcf9ad6f6201b357e3ec794c5ef5c6a1c5484d3644e8cbe715b337b9f3b84bccbf81d7ecdc65aa1d1d7876110ebaded1a04ab4da3eca59f56ae988a0e704e9bcc8a48a7308da6ea09a071dc850d6e3cc883199db93f9b5510fa5fd8dc8bca2a6a8943b60fa604eaa1dd28df467ea7a3a69b761f2f1bedb7a976f86f6f2cd822b79fa49c5c168c13bcbdcbf9d887f4e430656507e6bcdfafbedd58100b2bd9cc1f5c2771e2d9b2365549aa06ca95ec3d1cbc887e012421afa65151970de140d8eac6fa57d5f0226a8075c076a3d9c899cab952c293685683d0c07dc28dcf319a619247de121abfd01e33e1665489d61d957de6993559125dc614beb8776581caefb07be1afbb9e6d91d7ce2fdedb83a541fe54693a785627b7356c6c847478becd3f7a37da92e824bb091f40e5a9b56034d9326acac190dde1b8d68eef6b811b131256ab1800a0de9796348fd1f405e9f8c93258ec6130b39f9bb3cd50d17b9240fc769b0fa110bc1a7366746d4e2ab6e765e48c15f00077e7a8dec4e48534853e0832a7cd7b9013aab107c1986839b5537f14ecf61cdc77ed498bba7b1d96c973b34e9b3c14edbb92f797a180b7a5f468ba30bb5f2f30eb541d09dd02dc1e916e74cccf88c586a83f7d3cce941b15812b1e61c2c5382c1e1fd28f19f6c67edc827d72f666ac7e3225a193a909a5fe608671d90d976c73eada92fb0a0859f98c5d7f93d0715a2e63d6877193b783c4092165b5111546841a8d006ba98a3b70603cfe40db49ceefa69fdf839c780bc050eee383b0db36bd1282eea4e33ce08538845c2f55c32f49499c4140b9213da40a0f5e9de9e37472c0c1383f31c36962f4b9929f29790896aff1662f79bcac3c98e6c5cfdae99b5f81174dee06b0f20af6ae04e3b1536f91d24f6f09eeaf91734f8ae955d594721be7c1433c1631e704053f9b27447a9d06e6175e2511c8e95a5e4c8d5007dbd769feb6f1d0732c4ae1107eac7140626419d1c97dfc4f5ca97fc52de494fbeb757d2f1e38ecabfa6d3ecd21cfbbbdd8514be9dcebcc68a1ebaaae41e88459b3455c3d107eb29ed4e2711ebdaee3bbe64aa2c9348598c69ff5961649e5fe95f49309d4b4281e7f75f75caed01cbd8b0237b1048f4d760e8352d53b198ec1d3449f52c0661da2116ba9a522e335c296cb9b07dc456355f86d12fd1ab56bf664afd58c0f5d5bfab71fa30793bb8b3f4da482e2039790681e0c460ea4f30efcdaa1cf2f4ee45dd3b4ed346b09d761fdaa6dd1c01b8b378ed4b065523ecfe06fae73e44d728a26fdf95a31ad8661e1956ed53551b27df6d20e0a36d0fcce72f414a6aa50a681cb2b76e2447c9b5bc32860a8ec9483711d663dc25600c8756238863162db017aa741e0d5902fbecd5f8c61777b8927e126f985143322914d36bcb2dab5c8393267a5478637b41e629083c06da001ee34a81f32557ad7dad9ed6943eb1635f7e63d629aa3be86058a15b5865a7a3b4952f1f6b39a8a7987cc31de82c32f55d0d71f676dd5012f57b98b842780c3d27761fac6abb76a0a2c93bc4359023f86e16e416e5e52679f5b9a483b68bfdd386396cfeeb13be4ad29f8709c5493299d6f040339f2597da74aa233e945a89076cf2e68fa4bbfae855aed5b11d9e12ae4420a301bcab4359dd79bfe3532debc2de9b4cae01f37fe3bbce4ffca78e347f512eabd2796776d2b8a8f6e9b6e1c3d59420cb144e8221edd62602b9e11fc086dacd15f23162fcc4cafcd59148cf6c2352b708495f17249dfb9a8223420d492624b6b1d3d2b6c1838622d757a364fe19be09758796e31e19601abb3975f98d69eb8e0041b4b7c378a56864b2ecba704e8fe74e28cbe442283b4e91f11a0fbd7aa5a813e9cf020d9589b5788efb7d30f1931bba38808587fb071403de4376ddd00e3f614999a8e2889c8da77782aa4a408ba6707080e53e87de94098dd2ffbc8b1ed8cb54e64a998927d45b5fb9f8b452d2dbd7a12bd452fb9c0d963072ee5fb51ddecd07a66f565d06990aff1dd75e8062aa65f2988ddb24f53429263e4086bcc8b44af8200c33f91f647244c6ffbc54b8ca253db34dd86111f988c483c3d4c8b3d9fe066321d8e28b5c45ed50be3bc24f9e35f34d37c820b1b8f3d0787714335bf516d7eef221fcf419b3d910a552545e0413d2b47613d1507d4228920e0a0871dabc3ce5bb3ad7cf1c4d4133f4b2d5a10d54742dea27d0000b8bfd15f2e830563a5b6c2624f74e051137680891c84ff8c817a"]}, @typed={0xa0, 0x76, @binary="484c9961eb0f400d9d1301c4fe52d86ecb358b1546ef15660362b644ba6341d99ceff7c9a2abcddaed08fff61e37aa371104de8269e9ef221f5faf2338becfe115054d24e8e7bf7587724c5e8b87f1b773b3d7b27c31d000926425d309f31dfbca756c15be7bef7c0de99b7efa22c241ce635a3360bde470688a67e479df9898354f90dc4635b184d0b45282d2f1cdb31bb9a69a2c25e1a3e81610d5"}, @typed={0xc, 0x1, @u64=0x8}]}, 0x31f0}, 0x1, 0x0, 0x0, 0x33f80c6fed89b7a7}, 0x40801) [ 1233.960024] ? __might_sleep+0x93/0xb0 [ 1233.962363] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1233.963908] ? __fget+0x210/0x370 [ 1233.963930] ? tty_vhangup+0x30/0x30 [ 1233.963942] do_vfs_ioctl+0x7ae/0x1060 [ 1233.963954] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1233.963967] ? lock_downgrade+0x740/0x740 [ 1233.975992] ? ioctl_preallocate+0x1c0/0x1c0 [ 1233.976008] ? __fget+0x237/0x370 [ 1233.976028] ? security_file_ioctl+0x89/0xb0 [ 1233.976040] SyS_ioctl+0x8f/0xc0 [ 1233.983611] ? do_vfs_ioctl+0x1060/0x1060 [ 1233.983627] do_syscall_64+0x1e8/0x640 [ 1233.983643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1233.983661] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1233.983670] RIP: 0033:0x459f49 [ 1233.983676] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1233.983687] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1233.983693] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1233.983702] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1233.992574] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1233.992580] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1233.994176] CPU: 1 PID: 5547 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1234.037237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.037242] Call Trace: [ 1234.037258] dump_stack+0x138/0x197 [ 1234.037276] should_fail.cold+0x10f/0x159 [ 1234.037294] should_failslab+0xdb/0x130 [ 1234.037307] kmem_cache_alloc_node_trace+0x280/0x770 [ 1234.037321] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1234.037337] __kmalloc_node_track_caller+0x3d/0x80 [ 1234.037353] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1234.037366] __alloc_skb+0xcf/0x500 [ 1234.037379] ? skb_scrub_packet+0x4b0/0x4b0 [ 1234.051905] ? netlink_has_listeners+0x20a/0x330 [ 1234.051922] kobject_uevent_env+0x781/0xc23 [ 1234.051944] kobject_uevent+0x20/0x26 [ 1234.051956] device_add+0xa3e/0x1490 [ 1234.051972] ? device_private_init+0x190/0x190 [ 1234.051990] hci_register_dev+0x2d9/0x810 [ 1234.052000] ? __raw_spin_lock_init+0x2d/0x100 [ 1234.052016] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1234.052030] tty_ioctl+0x8f7/0x1320 [ 1234.052040] ? hci_uart_tty_poll+0x10/0x10 [ 1234.174163] ? tty_vhangup+0x30/0x30 [ 1234.177865] ? __might_sleep+0x93/0xb0 [ 1234.181741] ? __fget+0x210/0x370 [ 1234.185202] ? tty_vhangup+0x30/0x30 [ 1234.188899] do_vfs_ioctl+0x7ae/0x1060 [ 1234.192773] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1234.197512] ? lock_downgrade+0x740/0x740 [ 1234.201644] ? ioctl_preallocate+0x1c0/0x1c0 [ 1234.206034] ? __fget+0x237/0x370 [ 1234.209489] ? security_file_ioctl+0x89/0xb0 [ 1234.213899] SyS_ioctl+0x8f/0xc0 [ 1234.217281] ? do_vfs_ioctl+0x1060/0x1060 [ 1234.221418] do_syscall_64+0x1e8/0x640 [ 1234.225289] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1234.230123] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1234.235296] RIP: 0033:0x459f49 [ 1234.238470] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.246170] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1234.253429] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1234.260689] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1234.267950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1234.275207] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1234.306370] Bluetooth: Can't register HCI device 11:39:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x3) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x800, @rand_addr="7577e34659915960f2eaf0171b0332b8"}, @in={0x2, 0x4e22, @loopback}], 0x2c) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:33 executing program 0 (fault-call:2 fault-nth:27): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:39:33 executing program 3: openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/validatetrans\x00', 0x1, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/\x1a[\xe4Z\x00', 0x12c02, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000004c0)='cpuset.mem_exclusive\x00', 0x2, 0x0) dup3(r2, r1, 0x140000) r3 = open(&(0x7f0000000080)='./file0\x00', 0x40, 0x17b) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000180)={0x9a0004, 0x1, 0x7ff, [], &(0x7f0000000140)={0x9a0914, 0xdc22, [], @p_u32=&(0x7f0000000100)=0x3}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$TIOCGICOUNT(r5, 0x545d, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r6, &(0x7f0000000380)=@hci, 0x80) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r6, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r9}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$FS_IOC_SETFSLABEL(r6, 0x41009432, &(0x7f0000000240)="42fb59863ef225632225912efa596a9cf0108cb6c46675fb539b0a3847866379867707b4091de1324963daae3e8d4b4d6a1a44cef4b901b1206602c23a9a5b82d6bf1be9ed3321fa4965b2c569aa9d75bc025b4f125d4a4141687d2d25a7c291ded32dbe6b8accb4b9d5b13551ad11f0b0952b91390e9d53b86cb0487e0e1c5043f5613061a4ec8ab2c2cccfb950107de82e38929f0cad160aef8e3172f416be7f00ee6c4f731e00282baffcfa94731939089aa2927af569f74cbe7dbda49b53cf1f5c58ec141a812efc43a5ae20426d5d329da2170fb4e693e2f04fe63695d8a9880bcf051cb13cb3ba83dde1aeafd6ac18ac6b079f130161ed9dc3f5ab7f3a") ioctl$KDADDIO(r0, 0x400455c8, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f00000001c0)=0x32, 0x4) 11:39:33 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb50fb00cc3684d1523426a929d8265ebb8cbb1346759291752c6ce38631c9e50bae2febd1c4b58c81684a168e080000000000000000"], 0x80}}, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x20) [ 1234.448212] FAULT_INJECTION: forcing a failure. [ 1234.448212] name failslab, interval 1, probability 0, space 0, times 0 [ 1234.475659] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1234.479587] CPU: 1 PID: 5579 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1234.491215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.491221] Call Trace: [ 1234.491238] dump_stack+0x138/0x197 [ 1234.491259] should_fail.cold+0x10f/0x159 [ 1234.491276] should_failslab+0xdb/0x130 [ 1234.491287] kmem_cache_alloc+0x2d7/0x780 [ 1234.491297] ? wait_for_completion+0x420/0x420 [ 1234.491316] __kernfs_new_node+0x70/0x420 [ 1234.491329] kernfs_new_node+0x80/0xf0 [ 1234.491341] __kernfs_create_file+0x46/0x323 [ 1234.536005] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1234.540663] sysfs_add_file+0x4f/0x60 [ 1234.544447] sysfs_merge_group+0xe2/0x210 [ 1234.548579] dpm_sysfs_add+0x121/0x1b0 [ 1234.552453] device_add+0x968/0x1490 [ 1234.556153] ? device_private_init+0x190/0x190 [ 1234.560723] hci_register_dev+0x2d9/0x810 [ 1234.564857] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1234.569187] tty_ioctl+0x8f7/0x1320 [ 1234.572810] ? hci_uart_tty_poll+0x10/0x10 [ 1234.577042] ? tty_vhangup+0x30/0x30 [ 1234.580755] ? __might_sleep+0x93/0xb0 [ 1234.584629] ? __fget+0x210/0x370 [ 1234.588074] ? tty_vhangup+0x30/0x30 [ 1234.591773] do_vfs_ioctl+0x7ae/0x1060 [ 1234.595649] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1234.600391] ? lock_downgrade+0x740/0x740 [ 1234.604525] ? ioctl_preallocate+0x1c0/0x1c0 [ 1234.608918] ? __fget+0x237/0x370 [ 1234.612378] ? security_file_ioctl+0x89/0xb0 [ 1234.616769] SyS_ioctl+0x8f/0xc0 [ 1234.620118] ? do_vfs_ioctl+0x1060/0x1060 [ 1234.624251] do_syscall_64+0x1e8/0x640 [ 1234.628293] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1234.633124] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1234.638296] RIP: 0033:0x459f49 [ 1234.641467] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1234.649178] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1234.656434] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1234.663687] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1234.670942] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1234.678196] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1234.829898] Bluetooth: Can't register HCI device [ 1236.000139] net_ratelimit: 20 callbacks suppressed [ 1236.000146] protocol 88fb is buggy, dev hsr_slave_0 [ 1236.010161] protocol 88fb is buggy, dev hsr_slave_1 [ 1236.015224] protocol 88fb is buggy, dev hsr_slave_0 [ 1236.020307] protocol 88fb is buggy, dev hsr_slave_1 [ 1236.320159] protocol 88fb is buggy, dev hsr_slave_0 [ 1236.325276] protocol 88fb is buggy, dev hsr_slave_1 [ 1236.331696] Bluetooth: hci1 command 0x1003 tx timeout [ 1236.336996] Bluetooth: hci1 sending frame failed (-49) [ 1236.800134] protocol 88fb is buggy, dev hsr_slave_0 [ 1236.805272] protocol 88fb is buggy, dev hsr_slave_1 [ 1237.440189] protocol 88fb is buggy, dev hsr_slave_0 [ 1237.445316] protocol 88fb is buggy, dev hsr_slave_1 [ 1238.400380] Bluetooth: hci1 command 0x1001 tx timeout [ 1238.405702] Bluetooth: hci1 sending frame failed (-49) [ 1240.480166] Bluetooth: hci1 command 0x1009 tx timeout [ 1241.600243] net_ratelimit: 22 callbacks suppressed [ 1241.605219] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.610318] protocol 88fb is buggy, dev hsr_slave_1 [ 1241.615381] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.620402] protocol 88fb is buggy, dev hsr_slave_1 [ 1242.240155] protocol 88fb is buggy, dev hsr_slave_0 [ 1242.245240] protocol 88fb is buggy, dev hsr_slave_1 [ 1242.250301] protocol 88fb is buggy, dev hsr_slave_0 [ 1242.255320] protocol 88fb is buggy, dev hsr_slave_1 [ 1242.560182] protocol 88fb is buggy, dev hsr_slave_0 [ 1242.565353] protocol 88fb is buggy, dev hsr_slave_1 11:39:43 executing program 2 (fault-call:2 fault-nth:34): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:39:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x10580, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000000)={0x0, 0xffffff29, &(0x7f0000000180)={0x0, 0xfea1}}, 0x9d84ebf73b946030) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x2de) write$nbd(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="67446698000000000100020002000000418dec5844a46b4bf458f83e2365ddce31b2ca6218c742f108a58acb7fe4057f924338e23bb9e628915c535e911120d429dd4488611464da116d281c74535a89cc09fd8f8d8e0cd06309725ec5388f7ae558f684f3e50f275bd16f6d3386ed204af1e41174c4df5079598f0561895e764ac27b72"], 0x7a) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) 11:39:43 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$DRM_IOCTL_GET_MAP(r3, 0xc0286404, &(0x7f0000000040)={&(0x7f0000001000/0x4000)=nil, 0x2, 0x0, 0xe1, &(0x7f0000002000/0x3000)=nil, 0x101}) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0xe, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:39:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) 11:39:43 executing program 0 (fault-call:2 fault-nth:28): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:39:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x100e) ioctl$KDADDIO(r0, 0x400455c8, 0x0) prctl$PR_SET_FPEMU(0xa, 0x1) [ 1244.712156] FAULT_INJECTION: forcing a failure. [ 1244.712156] name failslab, interval 1, probability 0, space 0, times 0 [ 1244.726847] FAULT_INJECTION: forcing a failure. [ 1244.726847] name failslab, interval 1, probability 0, space 0, times 0 [ 1244.730908] CPU: 1 PID: 5605 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1244.744979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1244.754331] Call Trace: [ 1244.756926] dump_stack+0x138/0x197 [ 1244.760565] should_fail.cold+0x10f/0x159 [ 1244.764721] should_failslab+0xdb/0x130 [ 1244.768704] kmem_cache_alloc_node_trace+0x280/0x770 [ 1244.773808] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1244.779268] __kmalloc_node_track_caller+0x3d/0x80 [ 1244.784216] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1244.788889] __alloc_skb+0xcf/0x500 [ 1244.792513] ? skb_scrub_packet+0x4b0/0x4b0 [ 1244.796837] ? netlink_has_listeners+0x20a/0x330 [ 1244.801603] kobject_uevent_env+0x781/0xc23 [ 1244.805934] kobject_uevent+0x20/0x26 [ 1244.809748] device_add+0xa3e/0x1490 [ 1244.813473] ? device_private_init+0x190/0x190 [ 1244.818064] hci_register_dev+0x2d9/0x810 [ 1244.822209] ? __raw_spin_lock_init+0x2d/0x100 [ 1244.826795] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1244.831124] tty_ioctl+0x8f7/0x1320 [ 1244.831619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5613 comm=syz-executor.1 [ 1244.834753] ? hci_uart_tty_poll+0x10/0x10 [ 1244.851294] ? tty_vhangup+0x30/0x30 [ 1244.855016] ? __might_sleep+0x93/0xb0 [ 1244.858902] ? __fget+0x210/0x370 [ 1244.862357] ? tty_vhangup+0x30/0x30 [ 1244.866067] do_vfs_ioctl+0x7ae/0x1060 [ 1244.869952] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1244.874713] ? lock_downgrade+0x740/0x740 [ 1244.878866] ? ioctl_preallocate+0x1c0/0x1c0 [ 1244.883279] ? __fget+0x237/0x370 [ 1244.886742] ? security_file_ioctl+0x89/0xb0 [ 1244.891157] SyS_ioctl+0x8f/0xc0 [ 1244.894528] ? do_vfs_ioctl+0x1060/0x1060 [ 1244.898680] do_syscall_64+0x1e8/0x640 [ 1244.903024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1244.907880] entry_SYSCALL_64_after_hwframe+0x42/0xb7 11:39:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='Hdev/dlm-monitoR\x00', 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x220000, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x400, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000340)=ANY=[@ANYBLOB="51000000000000007f01009360eee7f15c75ff826dc94cb09c99a739daa44054d1b098c217c59b4d2a0b5181e199b52e5b1e2f686b7c94ffca99172107ae7961e911242c8a30f789080f3290d29b3b3872488096c797c00176b790f61ced1feb", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f00000000c0)={r9, 0xb21}, 0x14) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000000c0)={r9, 0xa21, 0x0, 0x7fff, 0xffffffff}, 0x3e8f) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000140)={r6, @in={{0x2, 0x4e22, @local}}, 0x2, 0x4, 0x1, 0x3, 0x800}, &(0x7f0000000200)=0x98) r11 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r12 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r12) r13 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r13, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r13, 0x84, 0x1d, &(0x7f00000001c0)={0x1}, &(0x7f00000000c0)=0xa167) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r12, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0xb21}, 0x14) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r11, 0x84, 0x6, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xc}}}}, &(0x7f00000002c0)=0x84) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000240)={r10}, &(0x7f0000000280)=0x8) ioctl$CAPI_INSTALLED(r1, 0x80024322) 11:39:43 executing program 4: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1244.913071] RIP: 0033:0x459f49 [ 1244.916256] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1244.923962] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1244.931229] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1244.938495] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1244.945765] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1244.953034] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1244.984533] CPU: 0 PID: 5604 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1244.991515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1244.991520] Call Trace: [ 1244.991538] dump_stack+0x138/0x197 [ 1244.991557] should_fail.cold+0x10f/0x159 [ 1244.991572] should_failslab+0xdb/0x130 [ 1244.991584] kmem_cache_alloc+0x2d7/0x780 [ 1244.991594] ? wait_for_completion+0x420/0x420 [ 1244.991612] __kernfs_new_node+0x70/0x420 [ 1244.991625] kernfs_new_node+0x80/0xf0 11:39:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x600000000) write$P9_RXATTRWALK(r2, &(0x7f0000000000)={0xf, 0x1f, 0x2, 0x3ff}, 0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1244.991636] __kernfs_create_file+0x46/0x323 [ 1244.991648] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1245.007201] sysfs_add_file+0x4f/0x60 [ 1245.007214] sysfs_merge_group+0xe2/0x210 [ 1245.007229] dpm_sysfs_add+0x121/0x1b0 [ 1245.007243] device_add+0x968/0x1490 [ 1245.015343] ? device_private_init+0x190/0x190 [ 1245.015362] hci_register_dev+0x2d9/0x810 [ 1245.015378] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1245.015392] tty_ioctl+0x8f7/0x1320 [ 1245.024090] ? hci_uart_tty_poll+0x10/0x10 [ 1245.024111] ? tty_vhangup+0x30/0x30 [ 1245.024153] ? __might_sleep+0x93/0xb0 [ 1245.024169] ? __fget+0x210/0x370 [ 1245.024188] ? tty_vhangup+0x30/0x30 [ 1245.032191] do_vfs_ioctl+0x7ae/0x1060 [ 1245.032205] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1245.032216] ? lock_downgrade+0x740/0x740 [ 1245.032228] ? ioctl_preallocate+0x1c0/0x1c0 [ 1245.032240] ? __fget+0x237/0x370 [ 1245.032258] ? security_file_ioctl+0x89/0xb0 [ 1245.041297] SyS_ioctl+0x8f/0xc0 [ 1245.041307] ? do_vfs_ioctl+0x1060/0x1060 [ 1245.041322] do_syscall_64+0x1e8/0x640 [ 1245.041332] ? trace_hardirqs_off_thunk+0x1a/0x1c 11:39:43 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) shmctl$SHM_INFO(r3, 0xe, &(0x7f0000000000)=""/213) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1245.041348] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1245.041358] RIP: 0033:0x459f49 [ 1245.049318] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1245.049329] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1245.049336] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1245.049342] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1245.049348] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 11:39:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) getpriority(0x2, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1245.049373] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1245.187994] Bluetooth: hci0 sending frame failed (-49) [ 1245.235041] Bluetooth: Can't register HCI device [ 1246.720165] net_ratelimit: 22 callbacks suppressed [ 1246.720170] protocol 88fb is buggy, dev hsr_slave_0 [ 1246.730220] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.200164] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.205284] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.210444] Bluetooth: hci0 command 0x1003 tx timeout [ 1247.215701] Bluetooth: hci0 sending frame failed (-49) [ 1247.280090] Bluetooth: hci1 command 0x1003 tx timeout [ 1247.285391] Bluetooth: hci1 sending frame failed (-49) [ 1247.840120] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.845201] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.850344] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.855385] protocol 88fb is buggy, dev hsr_slave_1 [ 1248.490234] protocol 88fb is buggy, dev hsr_slave_0 [ 1248.495322] protocol 88fb is buggy, dev hsr_slave_1 [ 1249.280162] Bluetooth: hci0 command 0x1001 tx timeout [ 1249.285509] Bluetooth: hci0 sending frame failed (-49) [ 1249.360219] Bluetooth: hci1 command 0x1001 tx timeout [ 1249.365609] Bluetooth: hci1 sending frame failed (-49) [ 1251.360365] Bluetooth: hci0 command 0x1009 tx timeout [ 1251.440179] Bluetooth: hci1 command 0x1009 tx timeout [ 1252.000158] net_ratelimit: 18 callbacks suppressed [ 1252.000162] protocol 88fb is buggy, dev hsr_slave_0 [ 1252.010170] protocol 88fb is buggy, dev hsr_slave_1 [ 1252.015248] protocol 88fb is buggy, dev hsr_slave_0 [ 1252.020353] protocol 88fb is buggy, dev hsr_slave_1 [ 1252.640166] protocol 88fb is buggy, dev hsr_slave_0 [ 1252.645306] protocol 88fb is buggy, dev hsr_slave_1 [ 1252.650409] protocol 88fb is buggy, dev hsr_slave_0 [ 1252.655438] protocol 88fb is buggy, dev hsr_slave_1 [ 1252.960185] protocol 88fb is buggy, dev hsr_slave_0 [ 1252.965266] protocol 88fb is buggy, dev hsr_slave_1 11:39:54 executing program 2 (fault-call:2 fault-nth:35): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:39:54 executing program 0 (fault-call:2 fault-nth:29): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:39:54 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:39:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) 11:39:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='\x11d\xb8\x99\xc1Q\xad\xbf\xa8[', 0x703400, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:54 executing program 5: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TCSBRK(r0, 0x5409, 0x8) 11:39:54 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45bef4fd2bd2e89927a5756b63a93b089024886f03e074d4e51d71db28e55fcb52def1bfa4abb585b71309c16cfacfa57c649a6c1aab246fc6a5761105c226341cee69bfe8aa8316bc8dc8424b1361f3abed593f81f58d8adc237e9acfac679249aec4b214c61fde1c88629e2a5e6c884ddcfe8ef81010b780d4690bd2b6aa1809d6f59c77fcb46d699540c175b059616100df7d5b2804dab374185594df9a27381dafb18a0f76f812b6a13a1ede304bd08564b57c0d3146e9d1143ca0e5fb1c55928cbb12833ef186857a9cd4a01e57e14140d02cf55a741980e8ef933d8fb6c3ea67510000000000000000000"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000040)=0x0) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000700)=@expire={0x1d0, 0x18, 0x1c, 0x70bd28, 0x25dfdbfd, {{{@in6=@remote, @in=@loopback, 0x4e23, 0x3f, 0x4e20, 0x1f, 0xa, 0xa0, 0x0, 0xa4, r5, r6}, {@in6=@remote, 0x4d4, 0x3c}, @in6=@empty, {0x2, 0x0, 0x0, 0x8, 0x6, 0x5, 0xff, 0x61}, {0x6, 0x2, 0x80000001, 0x38b}, {0x10001, 0x8, 0x8}, 0x70bd25, 0x3506, 0x0, 0x0, 0x1, 0x10}, 0x5d}, [@algo_auth={0xcc, 0x1, {{'md5\x00'}, 0x420, "fa0e554c5bd7751b31fcb191bac0101f0f06d2beac8e28ff8159ae103462ee3478c9a71287a21dad97e5af7e5db1dcf3e69c3947999398755043375bccc1a1a08959f9388ec2d3a17986da66414656ad16382b2f8a45d81cdaf9a2f559deee232c77a6717c1cad0f0c1bb570a9fcfb21839574d3711233a33782b233f57fb9efe157d313"}}, @policy_type={0xc, 0x10, {0x2}}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20000000}, 0x240180d2) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r7}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:39:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r2, 0x80845663, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)={0x0, @initdev}, &(0x7f0000000180)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000001c0)={'team0\x00', r3}) 11:39:54 executing program 5: r0 = socket(0x4, 0x803, 0x1) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3e8}, 0x1, 0x0, 0x0, 0x20}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_ENUMAUDOUT(r3, 0xc0345642, &(0x7f00000000c0)={0x7, "20812da6922f10e36290f86d2fdc25b3d760eb6533d950f414ff7060e4e100cb", 0x1, 0x1}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x1, 0x4) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_udp_int(r0, 0x11, 0x66, &(0x7f0000000000)=0x2e, 0x4) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x0) [ 1255.603915] FAULT_INJECTION: forcing a failure. [ 1255.603915] name failslab, interval 1, probability 0, space 0, times 0 [ 1255.641282] FAULT_INJECTION: forcing a failure. [ 1255.641282] name failslab, interval 1, probability 0, space 0, times 0 [ 1255.678966] CPU: 0 PID: 5652 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1255.685930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.695285] Call Trace: [ 1255.697872] dump_stack+0x138/0x197 [ 1255.701500] should_fail.cold+0x10f/0x159 [ 1255.705646] should_failslab+0xdb/0x130 [ 1255.709615] kmem_cache_alloc_node_trace+0x280/0x770 [ 1255.714719] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1255.720186] __kmalloc_node_track_caller+0x3d/0x80 [ 1255.725117] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1255.729788] __alloc_skb+0xcf/0x500 [ 1255.733409] ? skb_scrub_packet+0x4b0/0x4b0 [ 1255.737724] ? netlink_has_listeners+0x20a/0x330 [ 1255.742480] kobject_uevent_env+0x781/0xc23 [ 1255.746807] kobject_uevent+0x20/0x26 [ 1255.750606] device_add+0xa3e/0x1490 [ 1255.754322] ? device_private_init+0x190/0x190 [ 1255.758904] hci_register_dev+0x2d9/0x810 [ 1255.763058] ? __raw_spin_lock_init+0x2d/0x100 [ 1255.767643] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1255.771959] tty_ioctl+0x8f7/0x1320 [ 1255.775575] ? hci_uart_tty_poll+0x10/0x10 [ 1255.779801] ? tty_vhangup+0x30/0x30 [ 1255.783521] ? __might_sleep+0x93/0xb0 [ 1255.787408] ? __fget+0x210/0x370 [ 1255.790866] ? tty_vhangup+0x30/0x30 [ 1255.794572] do_vfs_ioctl+0x7ae/0x1060 [ 1255.798453] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1255.803204] ? lock_downgrade+0x740/0x740 [ 1255.807345] ? ioctl_preallocate+0x1c0/0x1c0 [ 1255.811750] ? __fget+0x237/0x370 [ 1255.815206] ? security_file_ioctl+0x89/0xb0 [ 1255.819609] SyS_ioctl+0x8f/0xc0 [ 1255.822971] ? do_vfs_ioctl+0x1060/0x1060 [ 1255.827118] do_syscall_64+0x1e8/0x640 [ 1255.831003] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1255.835855] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1255.841056] RIP: 0033:0x459f49 [ 1255.844241] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1255.851946] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1255.859224] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1255.866489] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1255.873759] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1255.881023] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1255.888304] CPU: 1 PID: 5650 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1255.895235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.904582] Call Trace: [ 1255.904599] dump_stack+0x138/0x197 [ 1255.904617] should_fail.cold+0x10f/0x159 [ 1255.904632] should_failslab+0xdb/0x130 [ 1255.904646] kmem_cache_alloc_trace+0x2e9/0x790 [ 1255.910834] ? devm_device_remove_groups+0x50/0x50 [ 1255.910849] kobject_uevent_env+0x378/0xc23 [ 1255.910861] ? wait_for_completion+0x420/0x420 [ 1255.910879] kobject_uevent+0x20/0x26 [ 1255.910890] device_add+0xa3e/0x1490 [ 1255.910907] ? device_private_init+0x190/0x190 [ 1255.910934] hci_register_dev+0x2d9/0x810 [ 1255.910950] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1255.919043] tty_ioctl+0x8f7/0x1320 [ 1255.919054] ? hci_uart_tty_poll+0x10/0x10 [ 1255.919065] ? tty_vhangup+0x30/0x30 [ 1255.919088] ? __might_sleep+0x93/0xb0 [ 1255.919097] ? __fget+0x210/0x370 [ 1255.919114] ? tty_vhangup+0x30/0x30 [ 1255.919123] do_vfs_ioctl+0x7ae/0x1060 [ 1255.919136] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1255.928704] ? lock_downgrade+0x740/0x740 [ 1255.928721] ? ioctl_preallocate+0x1c0/0x1c0 [ 1255.928734] ? __fget+0x237/0x370 [ 1255.928752] ? security_file_ioctl+0x89/0xb0 [ 1255.928765] SyS_ioctl+0x8f/0xc0 [ 1255.928775] ? do_vfs_ioctl+0x1060/0x1060 [ 1255.928789] do_syscall_64+0x1e8/0x640 [ 1255.928797] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1255.928814] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1255.949736] RIP: 0033:0x459f49 [ 1255.949743] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1255.949754] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1255.949760] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1255.949766] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1255.949771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1255.949777] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:39:54 executing program 3: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xe) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x801, 0x0) ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f00000000c0)={0x72, "3bb37e2cfcdea4dca9f74e93d97edfa51245bf95bdfa770e7c5c4dfb7f43446475c78bd0f303ea59c3c5c2b32bafd2ea4f1dc33e18f1dcb03001bfc17a922f70208a1052424dae02aa939056be9317618ae8e78a906d51f746b5262afba1fe392e1d31d3b87f37a3dd314c93643b0a1642c1a895ddae8ee620561ee8e0712705"}) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x50, 0xffffffffffffffff, 0x43854000) [ 1255.963178] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1256.093619] Bluetooth: hci2: Frame reassembly failed (-84) [ 1256.114917] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:39:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x8000, 0x0) getsockopt$inet_int(r1, 0x0, 0xd, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:39:54 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) r4 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000000)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r7) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={r4, r5, r7}, 0xc) [ 1257.120175] net_ratelimit: 22 callbacks suppressed [ 1257.120182] protocol 88fb is buggy, dev hsr_slave_0 [ 1257.130254] protocol 88fb is buggy, dev hsr_slave_1 [ 1257.600137] protocol 88fb is buggy, dev hsr_slave_0 [ 1257.605287] protocol 88fb is buggy, dev hsr_slave_1 [ 1258.080185] Bluetooth: hci1 command 0x1003 tx timeout [ 1258.085502] Bluetooth: hci1 sending frame failed (-49) [ 1258.160123] Bluetooth: hci2 command 0x1003 tx timeout [ 1258.160147] Bluetooth: hci0 command 0x1003 tx timeout [ 1258.165499] Bluetooth: hci2 sending frame failed (-49) [ 1258.175285] Bluetooth: hci0 sending frame failed (-49) [ 1258.240121] protocol 88fb is buggy, dev hsr_slave_0 [ 1258.245242] protocol 88fb is buggy, dev hsr_slave_1 [ 1258.250384] protocol 88fb is buggy, dev hsr_slave_0 [ 1258.255539] protocol 88fb is buggy, dev hsr_slave_1 [ 1258.880114] protocol 88fb is buggy, dev hsr_slave_0 [ 1258.885226] protocol 88fb is buggy, dev hsr_slave_1 [ 1260.160183] Bluetooth: hci1 command 0x1001 tx timeout [ 1260.165549] Bluetooth: hci1 sending frame failed (-49) [ 1260.240179] Bluetooth: hci0 command 0x1001 tx timeout [ 1260.240249] Bluetooth: hci2 command 0x1001 tx timeout [ 1260.245502] Bluetooth: hci0 sending frame failed (-49) [ 1260.255073] Bluetooth: hci2 sending frame failed (-49) [ 1262.240180] Bluetooth: hci1 command 0x1009 tx timeout [ 1262.320158] Bluetooth: hci2 command 0x1009 tx timeout [ 1262.320162] Bluetooth: hci0 command 0x1009 tx timeout [ 1262.400160] net_ratelimit: 18 callbacks suppressed [ 1262.400164] protocol 88fb is buggy, dev hsr_slave_0 [ 1262.410157] protocol 88fb is buggy, dev hsr_slave_1 [ 1262.415221] protocol 88fb is buggy, dev hsr_slave_0 [ 1262.420272] protocol 88fb is buggy, dev hsr_slave_1 [ 1263.040186] protocol 88fb is buggy, dev hsr_slave_0 [ 1263.045314] protocol 88fb is buggy, dev hsr_slave_1 [ 1263.050451] protocol 88fb is buggy, dev hsr_slave_0 [ 1263.055473] protocol 88fb is buggy, dev hsr_slave_1 [ 1263.360158] protocol 88fb is buggy, dev hsr_slave_0 [ 1263.365223] protocol 88fb is buggy, dev hsr_slave_1 11:40:05 executing program 2 (fault-call:2 fault-nth:36): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:40:05 executing program 0 (fault-call:2 fault-nth:30): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDADDIO(r2, 0x400455c8, 0x8000) 11:40:05 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) socket(0x14, 0xa, 0x8) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r8, 0x84, 0x1, &(0x7f00000000c0)={r10, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_STATUS(r7, 0x84, 0xe, &(0x7f0000000400)={r10, 0x7, 0x40, 0x6, 0x7fff, 0x1ff, 0x7f, 0x1, {0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x21}}}, 0x81, 0x7, 0x6, 0x5, 0x9}}, &(0x7f0000000080)=0xb0) getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f00000000c0)={r11, 0xe45, 0x3f8000, 0x40000}, &(0x7f0000000140)=0x10) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @can={{0x0, 0x1, 0x1}, 0x7, 0x6, 0x0, 0x0, "6986b45c06973e5f"}}, 0x48}, 0x1, 0x0, 0x0, 0x4800}, 0x0) 11:40:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000680)={0x1f8, 0x8cf, &(0x7f00000004c0)="ce3a4a76cedae0b96dbb9dcf2d2501cf7a774d99461a919b6809ac7e43fffdba112a5255641df21642d10f5a131f17c156828b68974b1fe18212b325e80cb7c5efebfd31e1250ff32ab220403df15eed89a65dd502bbfbbc36d74cd653c27c8a31083e306ea40eb16ca839f4fc83831215e7a400d9d4fe30622beb37e35b304eca7eaf33cb556172bb", &(0x7f0000000580)="0d71770c79521e894768698941fb54b879957dcb8a9d41505a6dd02680646035fda589d87e5dc74cd26d8b9f44816fca0c6763c4286c5c3d61e1c48e25de3dd4e1d556ce0d86b2af6b2961c570ce80d714f4e0868c54a214ad863aeceb2bf1cc0691e8e35b13b53664e71274d895fe452ba12514c0bd0a6227f345641b58a752cc683d636e25a369dd351b468f2cd27eed2824721e124accf30a73d72dca95cf43bd3df63840a8762707f6f6c46d94a220a05460d3c676e9adffeb75239d92c3e0b6b4b38d3922e495aa19974379a0933277b0c72b4e4845bedef2fcc44eff8c39b69169a2d93efba4b30965c652c67a1ed993081bc013", 0x89, 0xf7}) r2 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/68, 0x44}, {&(0x7f00000002c0)=""/148, 0x94}, {&(0x7f0000000180)=""/56, 0x38}, {&(0x7f0000000380)=""/164, 0xa4}], 0x4, &(0x7f0000000240)=""/35, 0x23}, 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r3, 0xc080aebe, &(0x7f0000002540)={0x0, 0x0, 0x2080}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_FIOSETOWN(r6, 0x8901, &(0x7f0000000480)) 11:40:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f00000000c0)={0x0, 0x9}) [ 1266.490949] FAULT_INJECTION: forcing a failure. [ 1266.490949] name failslab, interval 1, probability 0, space 0, times 0 [ 1266.530800] CPU: 1 PID: 5701 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1266.537766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.547132] Call Trace: [ 1266.547153] dump_stack+0x138/0x197 [ 1266.547172] should_fail.cold+0x10f/0x159 [ 1266.547188] should_failslab+0xdb/0x130 [ 1266.547204] kmem_cache_alloc_node_trace+0x280/0x770 [ 1266.547217] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1266.547235] __kmalloc_node_track_caller+0x3d/0x80 [ 1266.547251] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1266.547263] __alloc_skb+0xcf/0x500 [ 1266.547273] ? skb_scrub_packet+0x4b0/0x4b0 11:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x4000, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0xe85ad71c381fe54d, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0xa0) ioctl$KDADDIO(r1, 0x400455c8, 0x7ff) [ 1266.561572] ? netlink_has_listeners+0x20a/0x330 [ 1266.561590] kobject_uevent_env+0x781/0xc23 [ 1266.561610] kobject_uevent+0x20/0x26 [ 1266.561624] device_add+0xa3e/0x1490 [ 1266.561639] ? device_private_init+0x190/0x190 [ 1266.561656] hci_register_dev+0x2d9/0x810 [ 1266.561666] ? __raw_spin_lock_init+0x2d/0x100 [ 1266.561681] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1266.561700] tty_ioctl+0x8f7/0x1320 [ 1266.561708] ? hci_uart_tty_poll+0x10/0x10 [ 1266.561720] ? tty_vhangup+0x30/0x30 [ 1266.561740] ? __might_sleep+0x93/0xb0 [ 1266.561750] ? __fget+0x210/0x370 [ 1266.561765] ? tty_vhangup+0x30/0x30 [ 1266.561775] do_vfs_ioctl+0x7ae/0x1060 [ 1266.561787] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1266.561798] ? lock_downgrade+0x740/0x740 [ 1266.561809] ? ioctl_preallocate+0x1c0/0x1c0 [ 1266.561821] ? __fget+0x237/0x370 [ 1266.561840] ? security_file_ioctl+0x89/0xb0 [ 1266.561853] SyS_ioctl+0x8f/0xc0 [ 1266.561862] ? do_vfs_ioctl+0x1060/0x1060 [ 1266.561876] do_syscall_64+0x1e8/0x640 [ 1266.561885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1266.561902] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1266.561910] RIP: 0033:0x459f49 [ 1266.561916] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1266.561928] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1266.561934] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1266.561941] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1266.561947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1266.561953] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1266.594658] FAULT_INJECTION: forcing a failure. [ 1266.594658] name failslab, interval 1, probability 0, space 0, times 0 [ 1266.602588] CPU: 0 PID: 5709 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1266.620113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.620119] Call Trace: [ 1266.620134] dump_stack+0x138/0x197 [ 1266.620153] should_fail.cold+0x10f/0x159 [ 1266.620168] should_failslab+0xdb/0x130 [ 1266.620184] kmem_cache_alloc_trace+0x2e9/0x790 [ 1266.620201] ? devm_device_remove_groups+0x50/0x50 [ 1266.632363] kobject_uevent_env+0x378/0xc23 [ 1266.632376] ? wait_for_completion+0x420/0x420 [ 1266.640068] kobject_uevent+0x20/0x26 [ 1266.640084] device_add+0xa3e/0x1490 [ 1266.640100] ? device_private_init+0x190/0x190 [ 1266.643978] Bluetooth: hci1: Frame reassembly failed (-84) [ 1266.647238] hci_register_dev+0x2d9/0x810 [ 1266.647257] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1266.647273] tty_ioctl+0x8f7/0x1320 [ 1266.655888] ? hci_uart_tty_poll+0x10/0x10 [ 1266.655900] ? tty_vhangup+0x30/0x30 [ 1266.655923] ? __might_sleep+0x93/0xb0 [ 1266.655931] ? __fget+0x210/0x370 [ 1266.655947] ? tty_vhangup+0x30/0x30 [ 1266.663931] Bluetooth: Unknown HCI packet type 5e [ 1266.664490] do_vfs_ioctl+0x7ae/0x1060 [ 1266.668026] Bluetooth: Unknown HCI packet type 43 [ 1266.672319] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1266.672331] ? lock_downgrade+0x740/0x740 [ 1266.672343] ? ioctl_preallocate+0x1c0/0x1c0 [ 1266.672355] ? __fget+0x237/0x370 [ 1266.672375] ? security_file_ioctl+0x89/0xb0 [ 1266.675862] Bluetooth: Unknown HCI packet type 5e 11:40:05 executing program 3: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x6, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000100)={0x8, 0x9, 0x4, 0x20000000, {}, {0x4, 0x0, 0x8, 0x9, 0xfc, 0xee, "1253506f"}, 0x6, 0x4548a797f626b55b, @planes=&(0x7f00000000c0)={0xd882, 0x6, @userptr=0x7, 0x8}, 0x4}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r3, 0x400455c8, 0x0) [ 1266.679854] SyS_ioctl+0x8f/0xc0 [ 1266.679865] ? do_vfs_ioctl+0x1060/0x1060 [ 1266.679879] do_syscall_64+0x1e8/0x640 [ 1266.679891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1266.685514] Bluetooth: Unknown HCI packet type 50 [ 1266.688593] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1266.688602] RIP: 0033:0x459f49 [ 1266.688609] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 [ 1266.693856] Bluetooth: Unknown HCI packet type 5e [ 1266.696953] ORIG_RAX: 0000000000000010 [ 1266.696960] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 11:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x570a20, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x470901, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1b) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1266.696966] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1266.696972] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1266.696979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1266.696984] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1266.732440] Bluetooth: Unknown HCI packet type 40 [ 1266.742452] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x4ded03, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x12) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000000c0)) 11:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x34000, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000200)={0x8, 0x4dd, 0x6, 0x2, 0x19, 0x1f, 0xff, 0x3, 0x8, 0xda}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r3 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0xff, 0x8000) getsockopt$inet_tcp_buf(r3, 0x6, 0x1c, &(0x7f00000000c0)=""/206, &(0x7f00000001c0)=0xce) [ 1267.286473] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1267.520113] net_ratelimit: 22 callbacks suppressed [ 1267.520117] protocol 88fb is buggy, dev hsr_slave_0 [ 1267.530220] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.000163] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.005302] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.640159] Bluetooth: hci0 command 0x1003 tx timeout [ 1268.640178] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.645406] Bluetooth: hci1 command 0x1003 tx timeout [ 1268.650462] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.660628] Bluetooth: hci0 sending frame failed (-49) [ 1268.660664] Bluetooth: hci1 sending frame failed (-49) [ 1268.671553] protocol 88fb is buggy, dev hsr_slave_0 [ 1268.676756] protocol 88fb is buggy, dev hsr_slave_1 [ 1268.800092] Bluetooth: hci2 command 0x1003 tx timeout [ 1268.805450] Bluetooth: hci2 sending frame failed (-49) [ 1269.280149] protocol 88fb is buggy, dev hsr_slave_0 [ 1269.285309] protocol 88fb is buggy, dev hsr_slave_1 [ 1270.720153] Bluetooth: hci1 command 0x1001 tx timeout [ 1270.725406] Bluetooth: hci0 command 0x1001 tx timeout [ 1270.725465] Bluetooth: hci1 sending frame failed (-49) [ 1270.735232] Bluetooth: hci0 sending frame failed (-49) [ 1270.880128] Bluetooth: hci2 command 0x1001 tx timeout [ 1270.885431] Bluetooth: hci2 sending frame failed (-49) [ 1272.800155] Bluetooth: hci0 command 0x1009 tx timeout [ 1272.800196] net_ratelimit: 18 callbacks suppressed [ 1272.800206] protocol 88fb is buggy, dev hsr_slave_0 [ 1272.815379] protocol 88fb is buggy, dev hsr_slave_1 [ 1272.820600] protocol 88fb is buggy, dev hsr_slave_0 [ 1272.825723] protocol 88fb is buggy, dev hsr_slave_1 [ 1272.830948] Bluetooth: hci1 command 0x1009 tx timeout [ 1272.960148] Bluetooth: hci2 command 0x1009 tx timeout [ 1273.440167] protocol 88fb is buggy, dev hsr_slave_0 [ 1273.445254] protocol 88fb is buggy, dev hsr_slave_1 [ 1273.450378] protocol 88fb is buggy, dev hsr_slave_0 [ 1273.455431] protocol 88fb is buggy, dev hsr_slave_1 [ 1273.760148] protocol 88fb is buggy, dev hsr_slave_0 [ 1273.765337] protocol 88fb is buggy, dev hsr_slave_1 11:40:15 executing program 2 (fault-call:2 fault-nth:37): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1276.692971] FAULT_INJECTION: forcing a failure. [ 1276.692971] name failslab, interval 1, probability 0, space 0, times 0 [ 1276.705068] CPU: 0 PID: 5744 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1276.711995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1276.721340] Call Trace: [ 1276.723923] dump_stack+0x138/0x197 [ 1276.727552] should_fail.cold+0x10f/0x159 [ 1276.731691] should_failslab+0xdb/0x130 [ 1276.735649] kmem_cache_alloc_node_trace+0x280/0x770 [ 1276.740748] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1276.746202] __kmalloc_node_track_caller+0x3d/0x80 [ 1276.751122] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1276.755775] __alloc_skb+0xcf/0x500 [ 1276.759384] ? skb_scrub_packet+0x4b0/0x4b0 [ 1276.763689] ? netlink_has_listeners+0x20a/0x330 [ 1276.768427] kobject_uevent_env+0x781/0xc23 [ 1276.772746] kobject_uevent+0x20/0x26 [ 1276.776529] device_add+0xa3e/0x1490 [ 1276.780241] ? device_private_init+0x190/0x190 [ 1276.784817] hci_register_dev+0x2d9/0x810 [ 1276.788952] ? __raw_spin_lock_init+0x2d/0x100 [ 1276.793525] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1276.797845] tty_ioctl+0x8f7/0x1320 [ 1276.801468] ? hci_uart_tty_poll+0x10/0x10 [ 1276.805695] ? tty_vhangup+0x30/0x30 [ 1276.809400] ? __might_sleep+0x93/0xb0 [ 1276.813270] ? __fget+0x210/0x370 [ 1276.816732] ? tty_vhangup+0x30/0x30 [ 1276.820436] do_vfs_ioctl+0x7ae/0x1060 [ 1276.824315] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1276.829055] ? lock_downgrade+0x740/0x740 [ 1276.833194] ? ioctl_preallocate+0x1c0/0x1c0 [ 1276.837597] ? __fget+0x237/0x370 [ 1276.841053] ? security_file_ioctl+0x89/0xb0 [ 1276.845454] SyS_ioctl+0x8f/0xc0 [ 1276.848802] ? do_vfs_ioctl+0x1060/0x1060 [ 1276.852941] do_syscall_64+0x1e8/0x640 [ 1276.856820] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1276.861670] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1276.866850] RIP: 0033:0x459f49 [ 1276.870024] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1276.877724] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1276.884976] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1276.892246] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1276.899497] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1276.906759] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1276.916522] Bluetooth: Unknown HCI packet type 5e [ 1276.922645] Bluetooth: Unknown HCI packet type 43 [ 1276.927583] Bluetooth: Unknown HCI packet type 5e [ 1276.932535] Bluetooth: Unknown HCI packet type 50 [ 1276.937402] Bluetooth: Unknown HCI packet type 5e [ 1276.942468] Bluetooth: Unknown HCI packet type 40 11:40:15 executing program 0 (fault-call:2 fault-nth:31): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:40:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000140)=0x8) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000000), 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) 11:40:15 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = getpid() sched_setscheduler(r3, 0x0, &(0x7f0000000380)) write$P9_RGETLOCK(r1, &(0x7f0000000000)={0x2a, 0x37, 0x1, {0x2, 0x8001, 0x200000000000000, r3, 0xc, '/vboxnet0!lo'}}, 0x2a) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {0x8000}, 0x1, @canfd={{}, 0x2c, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1393426a929384a26451e7a4ffcd8265ebb8cbb134675929175ae2f754925013fcd8b39168e0800"}}, 0x41d}}, 0x880) 11:40:15 executing program 5: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x12) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCSETXW(r1, 0x5435, &(0x7f0000000040)={0x6f27, 0x4, [0x3, 0x7, 0xffff, 0x0, 0x5], 0x6}) ioctl$KDADDIO(r1, 0x400455c8, 0xc78) 11:40:15 executing program 3: ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, &(0x7f00000002c0)={0x57, 0x10000}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000280)={@multicast2, @loopback, 0x1, 0x4, [@remote, @broadcast, @rand_addr=0x7933e0e1, @multicast2]}, 0x20) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="e6c4678110000507000000ce3917150000000000a0c57a233bcdf17d8701a8bf0deeab5d33dcc763d4dac71e1ab59975100facaef9ad6d", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xcc, r4, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x40, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40000}, 0x40008a0) 11:40:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x2181c3, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1277.327501] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=311 sclass=netlink_route_socket pig=5750 comm=syz-executor.4 [ 1277.353619] FAULT_INJECTION: forcing a failure. [ 1277.353619] name failslab, interval 1, probability 0, space 0, times 0 11:40:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x300, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x1ff) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x12000, 0x0) ioctl$KDMKTONE(r1, 0x4b30, 0x100000001) [ 1277.383250] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=311 sclass=netlink_route_socket pig=5750 comm=syz-executor.4 [ 1277.394949] CPU: 1 PID: 5759 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1277.402349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1277.411709] Call Trace: [ 1277.414312] dump_stack+0x138/0x197 [ 1277.417968] should_fail.cold+0x10f/0x159 [ 1277.422143] should_failslab+0xdb/0x130 [ 1277.426136] kmem_cache_alloc_node_trace+0x280/0x770 11:40:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$EVIOCREVOKE(r3, 0x40044591, &(0x7f0000000340)=0x40) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$KDGETKEYCODE(r6, 0x4b4c, &(0x7f0000000140)={0x9, 0x40}) ioctl$KDGKBDIACR(r5, 0x4b4a, &(0x7f00000000c0)=""/82) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$FIBMAP(r7, 0x1, &(0x7f00000002c0)=0x5) ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0f85403, &(0x7f0000000180)={{0x0, 0x0, 0x4, 0x3, 0x4a}, 0x66a, 0xfc, 'id0\x00', 'timer1\x00', 0x0, 0xa01, 0x4, 0x6534}) 11:40:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1277.431253] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1277.436715] __kmalloc_node_track_caller+0x3d/0x80 [ 1277.441656] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1277.446332] __alloc_skb+0xcf/0x500 [ 1277.449964] ? skb_scrub_packet+0x4b0/0x4b0 [ 1277.454293] ? netlink_has_listeners+0x20a/0x330 [ 1277.459056] kobject_uevent_env+0x781/0xc23 [ 1277.463392] kobject_uevent+0x20/0x26 [ 1277.467197] device_add+0xa3e/0x1490 [ 1277.470922] ? device_private_init+0x190/0x190 [ 1277.475517] hci_register_dev+0x2d9/0x810 [ 1277.479677] hci_uart_tty_ioctl+0x6a8/0xa20 11:40:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000080), 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r2 = socket(0x17, 0x4, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14) [ 1277.484008] tty_ioctl+0x8f7/0x1320 [ 1277.487643] ? hci_uart_tty_poll+0x10/0x10 [ 1277.491883] ? tty_vhangup+0x30/0x30 [ 1277.495617] ? __might_sleep+0x93/0xb0 [ 1277.499508] ? __fget+0x210/0x370 [ 1277.502978] ? tty_vhangup+0x30/0x30 [ 1277.506694] do_vfs_ioctl+0x7ae/0x1060 [ 1277.510587] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1277.515342] ? lock_downgrade+0x740/0x740 [ 1277.519489] ? ioctl_preallocate+0x1c0/0x1c0 [ 1277.523903] ? __fget+0x237/0x370 [ 1277.527367] ? security_file_ioctl+0x89/0xb0 [ 1277.531786] SyS_ioctl+0x8f/0xc0 [ 1277.535186] ? do_vfs_ioctl+0x1060/0x1060 [ 1277.539342] do_syscall_64+0x1e8/0x640 [ 1277.543232] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1277.548082] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1277.553271] RIP: 0033:0x459f49 [ 1277.556463] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1277.564175] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1277.571446] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 11:40:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f00000000c0)=""/196) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) gettid() r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="77827cf354677d4e26f3b1", @ANYRES16=r5, @ANYBLOB="e54e000000000000000008000000180004001400010062726f6164634273742d6c"], 0x3}}, 0x0) sendmsg$TIPC_NL_BEARER_GET(r4, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x18c01020}, 0xc, &(0x7f0000000480)={&(0x7f0000000880)=ANY=[@ANYBLOB="2e495370438417398a2cc519630300c61dc645ca6d8d936d194aa291d1d03ad5525c29078ea7baab39f7da8479c547761202a81138aab05c420bb64b6db2ec4d985265b932b0abe06628f249247050f519de75de8e4e3cdf8ff8d7938f61e6", @ANYRES16=r5, @ANYBLOB="00042dbd7000fedbdf25040000002000020004000400080002003f0000000400040008000100000000000400040020000600080001004d0800000400020008000100f40100000800010008000000d400010044000400200001000a004e2000000007ff02000000000000000000000000000140000000200002000a004e2100000004fe8000000000000000000000000000bb00000000080003000400000008000300710900001000010069623a7465716c300000000038000400200001000a004e2200000008fe8000000000000000000000000000bb0900000014000200020000000000000000000000000000002c0004001400010002000000ac14141700000000000000001400020002004e20000000030000000000000000080003000400000034000200040004000800020004000000080001000400000008000100bf4600000400040004000400080002006c00000004000400"], 0x3}, 0x1, 0x0, 0x0, 0x444}, 0x80) sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xc0, r5, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0xac, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3a}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x161, @loopback, 0x423}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x6, @local, 0x2}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @rand_addr=0x1}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x7, @empty, 0x5}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8bf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040081}, 0x4000) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000300)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1277.578722] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1277.586010] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1277.593283] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1277.632247] Bluetooth: hci2: Frame reassembly failed (-84) [ 1277.664662] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1277.734059] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1277.920196] net_ratelimit: 22 callbacks suppressed [ 1277.920202] protocol 88fb is buggy, dev hsr_slave_0 [ 1277.930227] protocol 88fb is buggy, dev hsr_slave_1 [ 1278.400142] protocol 88fb is buggy, dev hsr_slave_0 [ 1278.405283] protocol 88fb is buggy, dev hsr_slave_1 [ 1278.960177] Bluetooth: hci0 command 0x1003 tx timeout [ 1278.965495] Bluetooth: hci0 sending frame failed (-49) [ 1279.040147] protocol 88fb is buggy, dev hsr_slave_0 [ 1279.045263] protocol 88fb is buggy, dev hsr_slave_1 [ 1279.050418] protocol 88fb is buggy, dev hsr_slave_0 [ 1279.055586] protocol 88fb is buggy, dev hsr_slave_1 [ 1279.680183] protocol 88fb is buggy, dev hsr_slave_0 [ 1279.680188] Bluetooth: hci1 command 0x1003 tx timeout [ 1279.680242] Bluetooth: hci1 sending frame failed (-49) [ 1279.685304] protocol 88fb is buggy, dev hsr_slave_1 [ 1279.701199] Bluetooth: hci2 command 0x1003 tx timeout [ 1279.706539] Bluetooth: hci2 sending frame failed (-49) [ 1281.040183] Bluetooth: hci0 command 0x1001 tx timeout [ 1281.045486] Bluetooth: hci0 sending frame failed (-49) [ 1281.760277] Bluetooth: hci2 command 0x1001 tx timeout [ 1281.765579] Bluetooth: hci2 sending frame failed (-49) [ 1281.770942] Bluetooth: hci1 command 0x1001 tx timeout [ 1281.776220] Bluetooth: hci1 sending frame failed (-49) [ 1283.120167] Bluetooth: hci0 command 0x1009 tx timeout [ 1283.200170] net_ratelimit: 18 callbacks suppressed [ 1283.200174] protocol 88fb is buggy, dev hsr_slave_0 [ 1283.210232] protocol 88fb is buggy, dev hsr_slave_1 [ 1283.215317] protocol 88fb is buggy, dev hsr_slave_0 [ 1283.220369] protocol 88fb is buggy, dev hsr_slave_1 [ 1283.840196] protocol 88fb is buggy, dev hsr_slave_0 [ 1283.840249] Bluetooth: hci2 command 0x1009 tx timeout [ 1283.845311] protocol 88fb is buggy, dev hsr_slave_1 [ 1283.855547] protocol 88fb is buggy, dev hsr_slave_0 [ 1283.860714] protocol 88fb is buggy, dev hsr_slave_1 [ 1283.865964] Bluetooth: hci1 command 0x1009 tx timeout [ 1284.160171] protocol 88fb is buggy, dev hsr_slave_0 [ 1284.165279] protocol 88fb is buggy, dev hsr_slave_1 11:40:26 executing program 2 (fault-call:2 fault-nth:38): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1287.562560] FAULT_INJECTION: forcing a failure. [ 1287.562560] name failslab, interval 1, probability 0, space 0, times 0 [ 1287.573876] CPU: 1 PID: 5798 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1287.580806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.590153] Call Trace: [ 1287.592729] dump_stack+0x138/0x197 [ 1287.596355] should_fail.cold+0x10f/0x159 [ 1287.600492] should_failslab+0xdb/0x130 [ 1287.604450] kmem_cache_alloc_node_trace+0x280/0x770 [ 1287.609534] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1287.614971] __kmalloc_node_track_caller+0x3d/0x80 [ 1287.619918] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1287.624578] __alloc_skb+0xcf/0x500 [ 1287.628186] ? skb_scrub_packet+0x4b0/0x4b0 [ 1287.632496] ? netlink_has_listeners+0x20a/0x330 [ 1287.637237] kobject_uevent_env+0x781/0xc23 [ 1287.641546] kobject_uevent+0x20/0x26 [ 1287.645331] device_add+0xa3e/0x1490 [ 1287.649027] ? device_private_init+0x190/0x190 [ 1287.653594] hci_register_dev+0x2d9/0x810 [ 1287.657722] ? __raw_spin_lock_init+0x2d/0x100 [ 1287.662286] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1287.666604] tty_ioctl+0x8f7/0x1320 [ 1287.670217] ? hci_uart_tty_poll+0x10/0x10 [ 1287.674431] ? tty_vhangup+0x30/0x30 [ 1287.678133] ? __might_sleep+0x93/0xb0 [ 1287.682006] ? __fget+0x210/0x370 [ 1287.685453] ? tty_vhangup+0x30/0x30 [ 1287.689149] do_vfs_ioctl+0x7ae/0x1060 [ 1287.693029] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1287.697767] ? lock_downgrade+0x740/0x740 [ 1287.701901] ? ioctl_preallocate+0x1c0/0x1c0 [ 1287.706294] ? __fget+0x237/0x370 [ 1287.709747] ? security_file_ioctl+0x89/0xb0 [ 1287.714140] SyS_ioctl+0x8f/0xc0 [ 1287.717488] ? do_vfs_ioctl+0x1060/0x1060 [ 1287.721667] do_syscall_64+0x1e8/0x640 [ 1287.725902] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1287.730742] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1287.735919] RIP: 0033:0x459f49 [ 1287.739133] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1287.746837] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1287.754097] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1287.761349] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1287.768601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1287.775853] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:40:26 executing program 0 (fault-call:2 fault-nth:32): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:40:26 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50baeffffd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:40:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = getpid() sched_setscheduler(r1, 0x0, &(0x7f0000000380)) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001440)={{{@in=@loopback, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000001540)=0xe8) r4 = getegid() r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = getpid() r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) r9 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) getsockopt$bt_l2cap_L2CAP_CONNINFO(r5, 0x6, 0x2, &(0x7f0000001640), &(0x7f0000001680)=0x6) setregid(0x0, r10) sendmsg$unix(r0, &(0x7f0000001600)={&(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001400)=[{&(0x7f0000000240)="65e67e8b375ffd0647eccce639fc0e45a6b70bba248d8a7bf1f186b7265f6f575b4ad5e58d448594b15d830a61ae1414f89a12bc34096c0235185b1cd7b8857df94bc0abfd43e049499ad13c843788fafedddf85d08002d08b7a1cf7e2c0d3b33d013231bb84efe73e7f4ba3bc86b9345a25910c44188c270cf5369d2332b8f1c52429d9", 0x84}, {&(0x7f0000000300)="d0afeb3de34e5b8e4cd2f341cad3f6fd77ad0ae66ee3ffb490fcc0e66e7c16368e9d7b60b9113eaf497d639801f5ea676417dfce3b49ab94868bcdb3fff490613dbc13711d6ec806b5e5257ef547188905eeb23a3d1baa44a137044357f26863ca30c266051206288abc1613399ca0712069591423f611a4ffd5fd0a39392ec6bc0acea483dcf533a1e896094d36c6c99d15a2d935edb443450aa5be622769ee065be9b3129f7397a00f14473c5e066aa24bed96ab0edfc0351fed57b3ae43bc0a59789f7fd6170c3c0647a2a814c6fe87eab70bf5346abef34255f69c9db326dd69b14547", 0xe5}, {&(0x7f0000000400)="e8d4c81425be6d08d6fd97f30cc3243034b23d0d53ccdb713574cb883612207b02e2d085f17cbeff8aabc36b48f7893f629e24f2487c8a0a0bc51887ced724472634c245fa167a47ab8873bb8181f66a71d00e81ca99a87851147784313ec4ab2f8823a6fc03d4c79d80f366633aa8d64cc6d21830228583244e92e2f50356a7d154ae086c0c3d9ce274bcdf5176b8dec52c635a7c59eec8d6c2d7677ec900bd000d5a35a421a69137f88f4f9e3bc44c241ce38308c6ba2e5d44626fd511f83c1d5a66e0ed21cf944893be6c2bf41b7689f8bead2b677c6ac46821f816ecf23344562ec4a23c53f2e12682cceb60be9c712384d3da0711cc4573b79d45f243b064ab4e0f1a29282e17cef0686ba6793c9733aaaea1694302ba3381a254bad73928cfc5fa415d38dea64ecfe860ee979d744ea37b83345d0748257cffef8080843d407ea9c3c87e5b9686e110698eabd8852866f3017f0562852bd41678083b2bc496611bc5e225cf84464b15a864f6b67153b2fdf899e8a57789bed7b5bec9f5a840089deb2620fc302f3401c6f4b7e6a3923a1c848243cc395ed576f19026015b28c5644f66c152e0b69113b12a5d8749cec05a293583e44e4a69acbd67417932499ad8ca204fc01c107f9f8b80569a74219dbdd355859ac50bfac37f311ca6339f0bf849cbd89dd31d7c44ee2891f209426068fed00210fcb0ca06a8e1936084082cd209a0d1aee2e84dec8afa3589ba0a69b03784172e8a01810208de3d194cac7be60ca7d4e64ea8ca2db0347a0d58162678a8841a43381fee4ebf77fbd3a3bcf04b8f4a33e4f2003072345a3e74c793361a4676ef5bc547cb291a4fcb94ac4d3c8cb26e88db601d1fe0da9c3870de02a4b5e7a0535b4450cf8127c8dff99841d9a37ab79872513af407ce3ffe2b94cc33501976312bc149b702d8ea3bde1b66d73532ffcaef54ac1956f8e8fb97d16aa990fdf8de1266573bc35176d58d106d74bd5dfefc216541b1cce6663e8d400461cbfb4fa3740eaff374a3e12727ee222a0aca10f1670e81eb4c39370fe1d396f987523793af60ab85fb0eefe691ff6377048aa4623a088b0069416d2db87c678b3499c4cf2ef3445722fd833653e321ea57d1061960c1486eadf62355c7110b59a64e8912984f6fa0e11aa368bf6387dbc9b5fc77fc69baebdaaf7d136df6288fca53a1177957a99e7664770aa21f15a251436ea5062ab5b036cf938c63c856fcdef5f670430fe1bf749ab2d5613fa3fce512207efaaa14382f70bf6654473bbc5dd8d7bee197cd3ae4874ec43c6b1276f61998d1c8b2a359209184c3c0078259d9b438624f1a28c3915e3314c02e32856e7223c86259b16de328482c46e1c26a6c5646a474aa2418668baf5ce7cd48a14cf21c4cd4a343b0b9685bc8caba293faf8c0ddc2bc5e3f8dcdc60396b0a99fb49ed14897366f2bf37256c762f60c0bda13a0d88b0847138bed182e7600217405655e885ec3e72e4e2a3531daa7481dfbdac56a0de6bbc0cedde13ca88661d03a2712726e6b6cbb48f0aab957101c4efd999b80c73ac33c193bb42de987523fb996a2550f961a49529719a01c5ad89c6dad55b9d2f08acb7b8150dadd90f433d0886cadcbeebd90f70a814c02e77661ba56a2d63b7199963f7a76b93091037874ca70bbbb1e2c8406f3ec6c38ccfa22cbd6d08f3970f7dcc74705d186f0e430e0c473d13c26d39089e2e97a4f2c2d2e76d0fc57e0cb3283395ac0741c588bb65e424efb8f5af9f2be7a689dbf0b40198bbc323480d1d5a4689a4a43ae331925e72ae56fc31d8df39f0c5d8f70ad5b329f841cb26f0cba1b610adfbf9879cd47d1ba0372feef2353d1e250f10276463e23ba6f95d949b32e788c3ca7b0ccd9f8ca9ce9ebeae6056084625eef59d1f60a456da05d686923bc6c27ef03d94d479c87a7efbf214ffad9c0200e9fb5bff0158945e3a54433eb8c792aca8ede5e697e098e0efbb5e787659aedb6bd4bfe469e98c9299632b2e8cbb291310d424b6532fd1a1e129cc7204731275bbd98a32a001dbedbe84125a803fa4e64969e3a172f4702c120f1d4cc0b49c08fdc1e0c60b220402b88022a42dada25004f8e495bfb8fa8d8dc02821eb58a354135c880144183dbbe2d150c3ea83b3366bc547022af7b25394ebfab1777bd70d676541668b6b13aa11a6175a9c719824d998253c5b229b1b092e80a23885de58d942db490741d46144abd9120b9cc8ce81f7de6f06b0d458f2cd00d74beb4fe38b9535350c4e18b7aaca84925833e5a65e59ff361aaa916a63783c795172ec2ef5209d54921a038807ac7685376b6d85e849fd723f58ad7de32693b6239a6ae6ca526267c6548dee81cd271b846437c1a6f33bdce80b5bb3b87f19f7e21bc5d4a881d5e8a62cc989ad55d6ff33972f5554534fae2d396c003db8e5b7efa9b03ee80e166c674cc9ccc94118c90478c9aab5d6d0240414a8cedf776cfcb39d56b71032704bb1642227f045d9c184e3000fe81d6dc08890c0497794b3190359c279f9f795e92fe864ba472cfb777eecec3526d774857497b350bdd31451633a9f2fc8cb5af724c831619a16e1a8d5cd32e5999fcb96afeb65c31a395b783ef24352a972abdf08c273f8a000eb5a1dd590f41d6fc6c8937ffd6fb4dca264cb48f8bd9d692fb35f12eb5d915343de2f621fe8287cbd71d2adbb3ab7f59eacc356907d950fae61557bfea7da78c1c59dab5e3562d72001f370222cad302d7d23ca8a26b743129c803fe560893f1254bea599b6113d564fb120aac57cc155839c36981950af535106c198a65581f69e7f8256592ccdf5ad4dff2db88828b98e23b354357f75bb3a0d90a642310ba5f8b7dcb0668b34e9c37b82050450bcb7dd359659bbe9724f0dc2647e7fcd8aee3458a8400ce3dc9807dea01476ca6579bb2b1af4e9f6079e7fa7789a6cd1e07741ff068aa328ac6119af1e56bf21c337cd017922454222a00faeeda748956afd45fcf129ae18f075d6d6ba1508e49ab163d5f5e3f7595ed55133a7290e16cc373ed5646cd255c3a68ad6fb2ef58b11f67c630dbaf92b03c6c4b2a60effe69007a9498c241274747fb4122ad3f174da4f0db0ed8eeacb980c2c500b27cdf632c285b10871e97fb7792c4612a949d8c6b863c7abd48fd6ae92e86ab4a8b272f3478cef0abc80634e2192a9b43f7ccde8381938ea6821ab8e34bb01daeeae86af433ef35b75fa28ba51a34568435fc14a0388137cb158e8611d8ff0440cb35a27bcea7565ecad0f38207c472e65bb37b341ddde09e7281af9490054a86dddb8e22f7d34f5c4aac0c72ba293504779e33ddc2bde55be9bd698f8127ed2454604fa85bbb101890a62afe229a06f361edc4984009fbf6b23a5addaa5be3b755d34e0122f4fc22a09cfcde34ae8e7f7e7e22a1d9a787594359db0baca53075cc90b6dbacb4995f35498f69a75b0186928394108459c8cdfcd8420538777852273f260356de240e2ab599160a0ac4e7bdca998978eceaac50e52af6ad93f326f3b9d1ca4e8c5e694fc0c9420649525ee5fa7109f0be37f88519011af770ea85b19f48eadd6c4971fcaf8cc90272b24069cdfb42d66097e812c3d3b57d2e22bc8cd9ed39fc12dad33c2963fb1ceaf9b0a8875afaa59210e7e3d5c6289273edfd5ba3d2e51c05f356213f50fa696008160f50572715230882a431f7b0139323a927985893594078fbc49d0bf5c739583d69603bbd8ba520abd727db2bca58d1eef04a8ca7ddca8dfcb4e003eb5b845d2b240c3ae9c3e4a43ab21116d4d8bc38353c8c85a6c1ca00319bce2ffc96ae8a9c77e8c433bbc456bdb3576390649635860ff9336870537c63bf7bdf9f72a428c8e070ea3c30b62c6383b0a2fe39447d55d91a8e0d76df23b7c1ad2f83941d56d28fb4d939807f580e0bf00d258d30aa424d5efaebae9980791fdc60fc6c1a1e199d0f3449c5ec35381ea6305f9e03353f1fccfa139de6e7a6701e3b7689ee48c75a1935737666d023d097128271b82574d7c7bbc3c9964dd8fe18b7ef533db7d5ba2a275488aabc8560ea12acba871ef30e7a448b065ada58353fe701f47a1769954c488124810b8e8a4abed4f4cb8a13731bec0a64d203fb7cdaa9d2e04d4f2da26b7eaa75ce68f08e5484a3f0a60b2b06a22f22bd0330eed6ce83c10e1dc0afc3606a4854a725e9ff054da11483d2ef0cc7911ffecbecf763de45962a6b899773c48173726c4a3e9e0a5989eb565b7eac3e721d313cd8dcf0709ee79cb7b3fbd3fbbc67b4fe287701aca8cc38d4831363369075fe29de8d479b69b4809eb74cc5d16f8f4577577d5151e19963d47c3558b3029b17f9fa5fedb7cc3a5a52fae309b95663008883489bab04e91a7d054c812be383ffd4d01ff499e928cbd4071b6f48d1bc81f19ec2f1ff23bf604db37974f31504b0c21cb934fda3251f6cc778c0f9bd1afb9e32fd2c18e554302736a43372863493ff6447b7ee35cbbfee8c22aace0681ac85c9e7c143034c56de3a9ad175508ab079149a3fef5eee03f8bc1a8b5dc94455c585e520de8ea75421b6e8482c03b398dda2ea86fb0b14da7cb14c5f48852cc52f67b41f3efa1feefc5a79d1f07c5f4e0068ff1ea1f5b50e48818f7ad71835f1e5779aee17556793c4fce08859927e31b53fb43521994f7ac3610b0c377a4c4a44e781e4bb2bce4ab614b7360949efd2c1eb16e920e1543d9cad6cb642ff4341445d7e1090a5f57ed7a8c3fd87c6cd32343054f5bb3e98f6615f85015a5573f357e2ec1ff1cf76597616546a6a348046027aaeaf52eb9fd97e575088b94cdae0f60a2b6f654d312844abe745bb1d5af1e334b30b678f6f3288fe80cd78f60cab642334eeda60b783e56353fa6681d027ea5eb7f08932667a1eb3e4c4f8c9d9256cfe8574428c197512fbca84cfe8cfaf302dcb1507e083117b8b4c3480ad2844a46c2d3545dfffd0649034583b42e9fec91ae49ec911ea5d3e29fce540aae22da700f7539345e65b19739821a9f9d53922d44e5971d853755474b050e291f72557af2ec982c2bdc34db27dc2ad476908273c4b603a515639c45d888bc77cbc4c2cf0891142badcba990b499b285030702a115dfeaf7832bd22c37ccfb9ff7bcb6aab31f1ae87677d8984c2cb91d0439dd1e53a7779a6500510c2ec35d9f98a07ad7fcc0080ec5f6445b3a0138b4454d4db55e7d32b9f97842327a5a09c2e1dd3852bc06e0040a9ec47c57faca0fcf5e18b8417dec7f33c9b8af0d2acdc1313d1c6bd40a7244892a43d8828e7ea0d8aab321633732767ab864c9bbcc441eae46dd22d59d40a6c10aa582fcecebac54127a8ec240b7b019fee6c873af26eccff6fc8a0ec37921568c897c8fb6245db5b6b323130d6b28159ef1723fee5fafe5faacf17f52ce8193c852c4cbcec64963ac4d8422629c497ad2a848a01b647ca1c887feb5b8a5a5a4042844e2f88f816babcb52c1f2b16f7b9154c188620b36e4215e7b50f6554170c07aa135bc652382130fb2ed0639aedf22ade9490fa35de1a988553c9e5a347f10619d808f57fb9dc4be2b468fcf1d529ec01a269e302de85992259668889111e7f3ce7253d6769605213da117b9ca9470b3bdcc6ca0214f04dc46794199e3e5cb2a1ef5b3ce15c69164c755ca392b41200fb8e00d224c4ee70a56d7598b0689fe02233e167e19cecc7929528b16379ae9998d8fd37b4c770b54aedcafe7c22957541b08191843ef4e9ce70a17569f88f8", 0x1000}], 0x3, &(0x7f0000001580)=[@cred={{0x1c, 0x1, 0x2, {r1, r3, r4}}}, @rights={{0x14, 0x1, 0x1, [r5]}}, @cred={{0x1c, 0x1, 0x2, {r6, r8, r10}}}], 0x58, 0x550e76f983e5d600}, 0x80) fsetxattr$security_evm(r0, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@v2={0x5, 0x0, 0x8, 0x4, 0xa9, "4dbe930074fc4949f00a61c7a36b62a4da137f0a133be3d35152fe06b1b7140d4e6b7de869414772a3c68414a7fe3175fad54020c8e52bc186911d3197b28de9b05fa562027aff9b0298d84903e0373b433653f11d3a0d4610ecf3b12d3e6a9b48a32fbac53afc8db3760428b54a337fa98c1deb71a5d89ca2a643681f512765a26e0e6aa60aab5c0d84379ae76c62713b8580fab7e757f07afaecfe78846793a74cccfcdc0b87d914"}, 0xb3, 0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f0000000000)={0x6, 0x2}) 11:40:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000000)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r3, &(0x7f00000017c0), 0x331, 0x0) 11:40:26 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x80000, 0x0) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f00000000c0)={0x8000, 0x7f}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 11:40:26 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r3, &(0x7f0000000380)=@hci, 0x80) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)={0x0, 0x800, 0x3, {}, {}, {}, 0x1, @canfd={{}, 0x33, 0x1, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1288.295435] FAULT_INJECTION: forcing a failure. [ 1288.295435] name failslab, interval 1, probability 0, space 0, times 0 [ 1288.309712] CPU: 1 PID: 5812 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1288.316665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.326020] Call Trace: [ 1288.328615] dump_stack+0x138/0x197 [ 1288.332352] should_fail.cold+0x10f/0x159 [ 1288.336517] should_failslab+0xdb/0x130 [ 1288.340507] kmem_cache_alloc_node_trace+0x280/0x770 [ 1288.345620] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1288.349273] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1288.351083] __kmalloc_node_track_caller+0x3d/0x80 [ 1288.351105] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1288.351117] __alloc_skb+0xcf/0x500 [ 1288.351126] ? skb_scrub_packet+0x4b0/0x4b0 [ 1288.351141] ? netlink_has_listeners+0x20a/0x330 [ 1288.351158] kobject_uevent_env+0x781/0xc23 [ 1288.351182] kobject_uevent+0x20/0x26 [ 1288.351200] device_add+0xa3e/0x1490 11:40:27 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x30000) sendto$unix(r0, &(0x7f00000000c0)="40bbe394ddea833984b1297991ff2ae9fe2efcc4bd778c69466717cbed474a829f24fbf233e5bcdfe4cde8ad6816735611ac1af3e1cb3a3ab706be6fb3cabbcd547e330dae94af836a2787020c34acf51d0fd7d02f0078048060becd586513230b1f9c987188b309a174a0095562381ea765e1f89fef6d", 0x77, 0x20007, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r1, 0x400455c8, 0x0) [ 1288.364709] ? device_private_init+0x190/0x190 [ 1288.364730] hci_register_dev+0x2d9/0x810 [ 1288.364749] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1288.373015] tty_ioctl+0x8f7/0x1320 [ 1288.373024] ? hci_uart_tty_poll+0x10/0x10 [ 1288.373035] ? tty_vhangup+0x30/0x30 [ 1288.373057] ? __might_sleep+0x93/0xb0 [ 1288.386435] ? __fget+0x210/0x370 [ 1288.386458] ? tty_vhangup+0x30/0x30 [ 1288.386471] do_vfs_ioctl+0x7ae/0x1060 [ 1288.386485] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1288.386498] ? lock_downgrade+0x740/0x740 [ 1288.386510] ? ioctl_preallocate+0x1c0/0x1c0 [ 1288.386522] ? __fget+0x237/0x370 [ 1288.386540] ? security_file_ioctl+0x89/0xb0 [ 1288.386552] SyS_ioctl+0x8f/0xc0 [ 1288.399013] ? do_vfs_ioctl+0x1060/0x1060 [ 1288.399033] do_syscall_64+0x1e8/0x640 [ 1288.399043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1288.399063] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1288.399071] RIP: 0033:0x459f49 [ 1288.399077] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 11:40:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000), &(0x7f00000000c0)=0x8) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1288.399088] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1288.399093] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1288.399099] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1288.399105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1288.399110] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1288.403474] net_ratelimit: 22 callbacks suppressed [ 1288.403479] protocol 88fb is buggy, dev hsr_slave_0 [ 1288.403532] protocol 88fb is buggy, dev hsr_slave_1 11:40:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RSTAT(r2, &(0x7f00000000c0)={0x81, 0x7d, 0x1, {0x0, 0x7a, 0x0, 0xa4b6, {0xa8, 0x1, 0x7}, 0x24000000, 0xe097, 0x2, 0x8, 0x32, 'cgroup\'md5sum]eth1,vmnet1vboxnet1.^md5sumselinux:&', 0xa, '/dev/ptmx\x00', 0x5, '%lolo', 0x6, 'cpuset'}}, 0x81) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1288.558529] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:40:27 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$EVIOCSABS3F(r4, 0x401845ff, &(0x7f0000000000)={0x147e, 0xe, 0x6, 0x6, 0x10000, 0x1}) 11:40:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f00000000c0)={{0x1, 0x0, @identifier="c7dfee207423fea065aed63f83250c67"}}) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1288.810161] protocol 88fb is buggy, dev hsr_slave_0 [ 1288.815328] protocol 88fb is buggy, dev hsr_slave_1 [ 1289.440186] protocol 88fb is buggy, dev hsr_slave_0 [ 1289.445324] protocol 88fb is buggy, dev hsr_slave_1 [ 1289.450537] protocol 88fb is buggy, dev hsr_slave_0 [ 1289.455877] protocol 88fb is buggy, dev hsr_slave_1 [ 1289.840093] Bluetooth: hci0 command 0x1003 tx timeout [ 1289.845412] Bluetooth: hci0 sending frame failed (-49) [ 1290.080170] protocol 88fb is buggy, dev hsr_slave_0 [ 1290.085279] protocol 88fb is buggy, dev hsr_slave_1 [ 1290.320079] Bluetooth: hci1 command 0x1003 tx timeout [ 1290.325374] Bluetooth: hci1 sending frame failed (-49) [ 1290.560118] Bluetooth: hci2 command 0x1003 tx timeout [ 1290.565404] Bluetooth: hci2 sending frame failed (-49) [ 1291.920178] Bluetooth: hci0 command 0x1001 tx timeout [ 1291.925488] Bluetooth: hci0 sending frame failed (-49) [ 1292.400179] Bluetooth: hci1 command 0x1001 tx timeout [ 1292.405475] Bluetooth: hci1 sending frame failed (-49) [ 1292.640148] Bluetooth: hci2 command 0x1001 tx timeout [ 1292.645443] Bluetooth: hci2 sending frame failed (-49) [ 1293.600259] net_ratelimit: 18 callbacks suppressed [ 1293.605252] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.610474] protocol 88fb is buggy, dev hsr_slave_1 [ 1293.615721] protocol 88fb is buggy, dev hsr_slave_0 [ 1293.620919] protocol 88fb is buggy, dev hsr_slave_1 [ 1294.000140] Bluetooth: hci0 command 0x1009 tx timeout [ 1294.240192] protocol 88fb is buggy, dev hsr_slave_0 [ 1294.245459] protocol 88fb is buggy, dev hsr_slave_1 [ 1294.250579] protocol 88fb is buggy, dev hsr_slave_0 [ 1294.255610] protocol 88fb is buggy, dev hsr_slave_1 [ 1294.480177] Bluetooth: hci1 command 0x1009 tx timeout [ 1294.640192] protocol 88fb is buggy, dev hsr_slave_0 [ 1294.645256] protocol 88fb is buggy, dev hsr_slave_1 [ 1294.720139] Bluetooth: hci2 command 0x1009 tx timeout 11:40:37 executing program 2 (fault-call:2 fault-nth:39): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1298.462140] FAULT_INJECTION: forcing a failure. [ 1298.462140] name failslab, interval 1, probability 0, space 0, times 0 [ 1298.473604] CPU: 0 PID: 5845 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1298.480532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1298.489924] Call Trace: [ 1298.492521] dump_stack+0x138/0x197 [ 1298.496148] should_fail.cold+0x10f/0x159 [ 1298.500405] should_failslab+0xdb/0x130 [ 1298.504363] kmem_cache_alloc_node_trace+0x280/0x770 [ 1298.509455] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1298.514905] __kmalloc_node_track_caller+0x3d/0x80 [ 1298.519829] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1298.524486] __alloc_skb+0xcf/0x500 [ 1298.528123] ? skb_scrub_packet+0x4b0/0x4b0 [ 1298.532440] ? netlink_has_listeners+0x20a/0x330 [ 1298.537196] kobject_uevent_env+0x781/0xc23 [ 1298.541509] kobject_uevent+0x20/0x26 [ 1298.545290] device_add+0xa3e/0x1490 [ 1298.548986] ? device_private_init+0x190/0x190 [ 1298.553568] hci_register_dev+0x2d9/0x810 [ 1298.557709] ? __raw_spin_lock_init+0x2d/0x100 [ 1298.562277] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1298.566585] tty_ioctl+0x8f7/0x1320 [ 1298.570204] ? hci_uart_tty_poll+0x10/0x10 [ 1298.574441] ? tty_vhangup+0x30/0x30 [ 1298.578156] ? __might_sleep+0x93/0xb0 [ 1298.582023] ? __fget+0x210/0x370 [ 1298.585483] ? tty_vhangup+0x30/0x30 [ 1298.589183] do_vfs_ioctl+0x7ae/0x1060 [ 1298.593064] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1298.597819] ? lock_downgrade+0x740/0x740 [ 1298.601967] ? ioctl_preallocate+0x1c0/0x1c0 [ 1298.606359] ? __fget+0x237/0x370 [ 1298.609799] ? security_file_ioctl+0x89/0xb0 [ 1298.614214] SyS_ioctl+0x8f/0xc0 [ 1298.617571] ? do_vfs_ioctl+0x1060/0x1060 [ 1298.621712] do_syscall_64+0x1e8/0x640 [ 1298.625589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1298.630441] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1298.635626] RIP: 0033:0x459f49 [ 1298.638800] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1298.646494] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1298.653753] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1298.661022] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1298.668279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1298.675533] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1298.685942] Bluetooth: Unknown HCI packet type 5e [ 1298.694644] Bluetooth: Unknown HCI packet type 43 [ 1298.699491] Bluetooth: Unknown HCI packet type 5e [ 1298.704393] Bluetooth: Unknown HCI packet type 50 [ 1298.709260] Bluetooth: Unknown HCI packet type 5e [ 1298.714230] Bluetooth: Unknown HCI packet type 40 [ 1298.800172] net_ratelimit: 22 callbacks suppressed [ 1298.800178] protocol 88fb is buggy, dev hsr_slave_0 [ 1298.810216] protocol 88fb is buggy, dev hsr_slave_1 11:40:37 executing program 0 (fault-call:2 fault-nth:33): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:40:37 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$IMCTRLREQ(r1, 0x80044945, &(0x7f0000000000)={0x4004, 0xfffffffc, 0x2, 0x3}) connect(r0, &(0x7f0000000380)=@hci, 0x80) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r4, &(0x7f0000000380)=@hci, 0x80) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$PPPIOCGMRU(r8, 0x80047453, &(0x7f0000000080)) sendmsg$can_bcm(r4, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r7}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) connect$can_bcm(r4, &(0x7f0000000040)={0x1d, r3}, 0x10) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{0x1}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x0) 11:40:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') io_setup(0x4, &(0x7f0000000000)=0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = open(&(0x7f00000004c0)='./file0\x00', 0x2000, 0x80) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r11 = socket$netlink(0x10, 0x3, 0x0) r12 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r14 = socket$inet6_tcp(0xa, 0x1, 0x0) r15 = dup2(r14, r14) ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200) r16 = socket$netlink(0x10, 0x3, 0x0) r17 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r17, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r17, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r16, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r18, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r19 = eventfd(0x40) r20 = socket$netlink(0x10, 0x3, 0x0) r21 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r21, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r21, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r20, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r22, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) io_submit(r5, 0xa, &(0x7f0000000840)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x2, r1, &(0x7f0000000100)="447aee89dc7fd5b47046e9777aa9e7cf850472f6414072795bd55dc30f1160baf0", 0x21, 0x6}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8, 0xfff, r2, &(0x7f0000000180)="65badcee69405078db9cc38edc2d45470fcd0671e7ba12b9c116d08c228928abf4452cd9300d8bfe2afbcfbd635192ea33ba6463ece8f74f4582db3acf3e6c71e09ee6129f7e6d9b484731", 0x4b, 0x1}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x7ff, 0xffffffffffffffff, &(0x7f0000001280)="5a560345fa34c53cee3a880fda53d6fd4a890c4e4eecd9fcb9d2f768b56984ae7c17ac840a66c6f620d22266cdb7d9517e4390b994a3c6670149dde673d1c79737088820ad95afad0fedfb32c400a94d8fcd46e7d067808530303f2bc93d7b51a860126a855d1137ce63c9a1b0c9c6fc84285b06927ace665fc9f4bb44f979050e8871ba39d45a8b04061b49cc15760d67c40e412441aa23165f5ec3fe629ba4f5c0b9bfc095dbc0a56779cfe78dae2588b13bbb16139448a22270089573ba8ac2a12348a58bce863debe44e579fce423791252f8d51313f898ef069a98c61922da9b5b77340c98340d03e20c214ed5df431721615ec1af9b827a6b27f77e2a889e73ced592347e8a28881b10ad034db0756cf19c55287bfdbc5fe5cf1b5318150ae374da8fb8655f261655c778a1f68a409db38d964f78eae8a48c92038d6d8895ed905adac41736eedf6bbee4b448f3e2a6be1c078b0a450d78a882c69502fc400d5a0c35f2a7f336b23f103a633542068640c79b655d2a5331f9ade7e11674a59bc320f57884d414c3a5326eefb991db9973c53fac6964276eaa27a4fe64901f8768b09d6f5407d8debec35a52261ea170433ad49725b955ad8c0b95e07570c57373f2e0d54d5bb1c7e45665982cceb7d92fa8cf20179f8788aea1c80b886358c187edab8b0fe71a035f3af00fc61d99a471a0bec8b2f3e1dbea760128cc8f9b7c04e445a3329c7bf998e6d9131a3be5a745e7682cf3c2dcf61b1bf95ce5fd7d713326b583dba7a4029ea45e90477032be9078b156c66f4d87404dbe52568afd6cfa7827bc0f0e6c9ba84f91f0c87461da5f310d0684e8bf844509df2159ee6426f651585b49eded9e765db02669bb9d04e238d9c5ce3522ad3d95a8854b06ccced6e7340ac75a5c79aec51b8d08faada1350d6d6bf8a961e32ad24ee8633a1a5da45d102a7d5833ea8aea2249d751747df47f2895b2671bdb8b42ab1f6cac1fd818a91bf8140be5ffc88897f5a8c7f685ec9bafc74b49fb0d7c33ee05e91545d37cbcfe67d058013c15700938d1f4a44cd3dbf85dcc65ed06333564aa4f222935908b0e7ad3197b7eda5340e38147a3573d762d8a3d64c37c72f02271cf345e2a21aea45090c27121db9518ed806f0fc06a0849c98c7496aa9d277a67c3221b9e35c475598ac3733f83619c9421a9921ece4949c7479178c7b39fcdcc7966f820afe1757b80ad70caa4f20d2ce1df4b55c35b89c449064dd35d91a0d83b74af11ef71f13f24e45b7874b637af1f9ba4705c6d36acf5affed91ba25279059ee84dfc0fc174a2e788cd920f9687dc55e0d869abd81a7f8ad0ec7d418f3536175ede7a3a61c098f9195afbc5b5e061733260afb41e6912774ddf9db079be6a4e63b9a6e214349b500d903feb23a797c4aec998ac6957cc07c6ab63ca6e6dd8e18c1cfd613b5c65a5449bd99d878ac8f0927c607512242438b6f77a6033c65456cb175a1e5b7ad5ff2cb7d2d8984f40870d8dd2f0cebbe0185b2fd393909140d92097ae059349b0a677e5d59d3740855cc68d4ef49d385d6caf5da5849a5923bd25a70313fc8c63b38b11ae9cb2d7f86f0e3e18081e693e6d938be69e5ee32a5f407e7c78df657bed08ec77bc21f8587e333f8aa0c8b7ae727b9bc633089e2a0d089ef8841935bb524ba728bda32afd7769377ef906566d526bcdc77130f076307ce729b20722085d29473a3d77e8e0c32c410753f02005bba646e0945b00e72e420957d3ced5b36ef0ec94b93d72a917ff98c7044e0cedfd3328728ed386e1a2124316b8d6e6bffff24195860435cf4d5f808c1606fdb37170dfee74bcf436e8c8bb257c6d36300a387f800255ec9e5adca7b309d596b4d0fca8ebb0ee7164965a8a4ac158af13f154709fdccc6295f516046396635fbf9dacbb2b4a478662ae8267085d6f7041d8eb79b0f6782b90c714631d309e39e1373ffe01c10e720c56893fdccc58af3bbf8f7f10ff7bdf522a1fba86b6425bda0297a613f223e51a640c6903f00a438b11a1ff0d52c73a47bc2bd6e8325b60c7342a0f36f67a2c91e5980928e4749703de2d10bfc49e22cfc1864032b3864038462076e8db15a36d8fe50bb2f883251461242afd28436a9c8b9e9e669e80b485b2480c9ee73233119155fb988878f0e466cad5381916afdcc28a7bfefec3466180dc6f9314bb4a4d1e1bd9bafdd69ff6cccc6c9594551e776949786f33e58fbd7de9d62ff9b0c03b02148389c73e70e6b2613c840f687636135ff336a42924a6daacc84afe4a954412121375aee2c8f4f4398658b2c50076f51af2dc2a7193a908d055e9f4cccc726bee6e7168ab74391def02d69a105f0919d45c309b8848c786df6302a190cca872c1bdb01a0ff2f251e87d334b32a941e0f15b6d913867b02a7f4783a7abeaf77d633eeae4bebf244245d89be9ce628ba013b011475db2f4975a03af1eb7b872103002b91218f23d3132a8330ad36e1190cf6fac8bb031a7800cea5e05c66d77952a87128fc43c16d15970ca32122fba8ad8d4e4aeeee6435034924679098ce059a9a43df610cba38ad816ad0b0dac1d696f232dab1dec5b9d03bd00e0954c3cb962a14c3e1998eeae5a7e8f6d7c69e82a9adb87d7c42c6e29dae3bb67964a28585676bc0d8ad924992c324e4f2409e2a3a29e298caca64a75c417fb05b6fbf94fb0307f3960a1add18850684fd16b275f03916856ff504525c6dac3b51b84e563941f2d893a9c3a2c077f3fcf1436b1ce8735542379bf80af1d03b78ac19547c447f9a8cd018a309ba4204e0bc34cb20be0706f892eaff6544047a9aa6bdab914dff07c79f6997284167b032aee19e281cac6c90b7df304d4e7469a56ffedd22df9c36fa6cf3b43498f0a3d15300e29a37c02c96df09b6030e09067345ea415428401c96945e2b46060f466e49bd94e76a9ec67c4464911c401b0e1b2be6b2bf275222bb0d0324d7fb800e5445b31c7db47d93fdce2af5b36bae965b1a08e0b4e16336400c8b88338ff02fcc217731ca2d455657f53fc6a0108cf5709997127fe7d5d8c002c936306d269bc50142e5542b81f7454b91e1f87b7b85a29100c6d3bd29d68a6d7e602b6525aea3c2b51983566dac346bde176d6e4427d7a645858c3d20cd446ec6eb3ba2565b67c9b489a62c724242a60ba8310f18e150ad845a8906a51d90afd57bdd56716e1c9f964f49d71108bf4b2be1051e7192ca3e7869cb44f8ae0c8fe7054ed421a81dcf031dec3895764981e8f65b29112b1e900278b8cd256f7782d14edb6198c8a35a6ea443902a549272c3a8a1e7410032e9d0df98e89630e80c6838a547c34cbb510dffbeb6221addbe277b24a6a0606abb1c2d6f2526a6904090970b4b7752b77e15b18d4230ae242e71c08b7db457bf65ef7dcc657124b864b07874217b5ca54a5b6ea8721ab08a9ec783076c3e35a519c50d7c7e4045d8dfda7cc79f63715c692f836f8175a753cc3360fed9a1db2808653a9febc12d85e2fd28aa3193291a174470bfb620b8980ed26d487d2206b7d7884984aa3366d94dc0e9c1b6159cde665ff94bc31c2b8d86b427d84b03adbfd4eeed898bc9ea9c690fcea17c126e830daa95513e9a3ae5a888f2f61f109a55362480626cd222476124f1b19e2df1e8525b2236c0d41e0161813793e0db326e610600f24298f2f3fb09ebe9089873ae1388f9fb455426e8c73cb58619b069bbba2e2fdf5bec1d87d1735c14154a72b36b9db6643051bd859af794a61451eb98a1bf69d9cd5fc7428259b8c79ac322a17df9d7e76b2bed691df6cdb8903096878cfc1b95fb94d5bd8dc29f7e877a937a593642c2fa113d1402d48ee77636bf8b6549e465d2b7b6b4de5467f0ef086dfc9f392f68e4421923c5a89e39362603c2b129c357948fe0ba614503db6e19e807f9bddc7406a179b26a2fb8643c3bb82edf2c33b6759aa6980be6e08dfdfaa67075ed7143f637fd557a817d3de6a4ea14c99236d3710cdea9ac94c3954c7b786309bfcbacd4af15c9520a5501ca7f7d9e6cade429dcdd64cdd6dd5f8e044ef7d205b04fd7034a583e1fdd0e0a5a9a62b1277c533df4f361b5cfcd8a8aa8c2cd38bed71b6875d1359e6fc8cf8525406902b6e356848a9fc94057e8d2f53edcf545064602fa0422f139062afa9f089af50c715c92bf7d9c14f9d1569b147cdcebe8958bbbd1b7167294e509e7461fe7e44e9786a567e9a1a27ea49ae0d95fc8ee3da016d7279581dce4259ee0e4a447c8d2ec1c0694d909fa7ed43d1dbfb493cb4d1e1fd23672441a7f81e44c701aa4bf02cc07395ab54b7a588ce7f658c7ad98215d639cb42c1ded73cc6ce4b92ed822aed5af8c5c0424bddf53a32baed00fbe01583952edf32aa4ed7c1adc41b752324feb524475df3a8862893bcb0c16665ee4fe66f8a846086bea82feb5aa91b20ecbc0f239dba0ede7c24dee7f8b1cc81e705bbcce92d72fd90a3dc2c3aa9a4317045d3e39873a981897c2617a6db21729bb5dd91a1658a8a02bc18f7bb2d0714b564c06384492f616ed43f11403387b4809956a58d714a384db3587ddb5c5e597a617c46b17bdd49d4408411dfc90929b50ec4eebd5b9a6263c753840f42b4b6190fd0af0a5865cc35f3ede667aa7c7e845ccc30371c0c6721875a1f6adef4b1b574a39b5cecb4802a8422163d3eaad1f18380fc9346cf35f7c2d1bcf6d8e8639fe6a42c86f6ce2d1cbc7345cd3c29cd4c1e70517719f1d488288f1dc62d5d3d2702b1c91e67cd4e4063380f64b5ba05a2c0cc8c74a1758ecf391419f0848cf953d11311d6e42eca177d1628bb3a5372283b932362f129e426243cb2b652f06dde7039290409eb6d8859e01570f2613a621c429ea0e3650616ba2186244ed30b596694202f6f4bd767609211d8001c84351069cdd3b8fea3436ca51fc6e9e9b2d7086e9a74cca765954a8c0118677931e567e322ce1e8f3720d0dd7c6433df994513442d3767583e77e25482e7ed1209067d60004f4c77796c98a397e6e159dd459a25e82810ed4c0446f10b57389db33b0e3060a6de43edce7b1296783bbcffcb69fde77b3d50f7104160df52e367dc4d91441695df049c7f76aa718011a8a6fc0deee9af17a9a9c1cbfa5b191f5a021f08ffe52032b975366ea7ff010ef1aa2273346237c9691b179da889967b5e1f0f2a1aee6498b2f5f6de3b61cba8bc7e5f833468f3a54d07d96056f7afb74ed0835205580836a43a4559f7b430f6259629273089fca48bfb2eba76e2479ab4b15b4fc62eb48ff5fa7f975bfccae330f93044440777e2877ac822449dd1837bc0b892c547b7f7ca38096166c6bacc98f977c94b8ba6779018b356f8745795a66b5f22a4e582b1f15afa80da1fafff01d77dd6e0e4597ebde64d9bb9e3db6e95ea769c3fa35972492b0f6cb4cc67a5921814a744f1dc8418283e528cf26f815571fe8058ab4305afc4be63d5702207a970dc2e405e6efbab4a806d5d022c0c802cf3b84e2605bb7edb211bdb652a1dc10f86b2a45cd1e4c2d3f95874e53dabe0e32db36fc7b906ff60ede94a9f528eeefdf5b35691d532c5dfb27a23f8ade576089cdfd4bb72e589c520688e2d14fcf475d3452b23cfc574e49d7d595c69eafbd856f5a3b53b62335b2432c47766d48408927e619d02d35a0d6795b017271e555934d377a708a1c6bd9f04d50af0d1e15a30f1bbc941a3655291f986d7b91bf6fb05ca57fc6f1b7db6c2d4ed1cb32a910fd1e352d454c", 0x1000, 0x0, 0x0, 0x3, r4}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x4c94ccdb55f50883, 0xff, r6, &(0x7f0000000300)="bc2b73589a243e18d068549fee0f3c9eb93d22f0302414b8a29d4ce688fefa490ced52cce4398e", 0x27, 0x40, 0x0, 0x0, r8}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2, 0xbd55, r2, &(0x7f0000000380)="f7e62af7bbdb13d1235f23f9841d2189614b89ddae566d5adf8cf0f0", 0x1c, 0xff}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x9, r1, &(0x7f0000000400)="322ccf2a11a2e31b800ccc5df146b09f5ff6c13ce8200af18370896adacb95907f3147feeb07235002ce854d8eaf203e0cf291f4edb497e044f48bf3887669d82bc1002b440afed56c69071f86f84f07c3457a805eb16d3b7c7c2a1fc80637dd3a9aa827bd93ddc7c5922c9909e7591a3fc53bee57d46ffb25cb063a1504dc53d5e81a7a45a67d4af991776183126ebb7fa499e512170c4b", 0x98, 0xae, 0x0, 0x0, r9}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x2, r10, &(0x7f0000000540)="24e0bf6d54a43637bb36af657c992c15e0e76bec", 0x14, 0x10000, 0x0, 0x2, r2}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x5, 0x8df6, r11, &(0x7f00000005c0)='Z*', 0x2, 0x40, 0x0, 0x1, r15}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x8, 0x1f, r16, &(0x7f0000000640)="6cd116e6495e1b9ce3e467befc267687a745e07773123637595c179ef234c1d606dcce89c297d5d50ab73337834fead8a5ccb73c8822d6df78cb0e91781a01e7034710df9f9e08c5e22e2a84f91617bd0aa0bc629fec3b5b7bfc038a8da59c6c7f3c0ec79ac8c9e8e8fe265228cb94925ee0bf2e752dc19588afeba58a0a85e5f9b34028e1292646ce11b4a86e3ddfefa04023e8872a34788da9e01332416faea5e68a0e0736f6066fa81bd76896446bdd62d72df23a6d6bb00dc9b77bec58813373b9035f39c81da2", 0xc9, 0x7f, 0x0, 0xa0feee542aefa294, r19}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x8, 0xff81, r20, &(0x7f0000000780)="f6239deb7aee23609d8c1cb4d602d2ce1a9d98f2b359143203f5c7525065adaebef4ac14df0e457dbff11003005916426fd15a68e1d5e6cc11b3a8ef9cc486f6b43a3fbdb2fcf392a3aed82ef6ffe888eb2461a72193dc01c833b1a3d9450b976617d9f6e656ba5bc6afcc59ac7df6118f81df4df3de6faac5441eafd6", 0x7d, 0x101, 0x0, 0x3, r2}]) preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:40:37 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$netlink(0x10, 0x3, 0x564285976aaea161) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@dev}}, &(0x7f0000000000)=0xe8) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) fstat(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r1, r2, r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$RNDCLEARPOOL(r6, 0x5206, &(0x7f0000000240)=0x1) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r8, 0x80045300, &(0x7f0000000280)) 11:40:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(0xffffffffffffffff, 0x111, 0x4, 0x1, 0x4) [ 1299.101393] Bluetooth: hci1: Frame reassembly failed (-84) [ 1299.105240] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1299.109042] Bluetooth: hci1: Frame reassembly failed (-84) [ 1299.138919] FAULT_INJECTION: forcing a failure. [ 1299.138919] name failslab, interval 1, probability 0, space 0, times 0 [ 1299.157477] CPU: 1 PID: 5857 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1299.164428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1299.173774] Call Trace: [ 1299.173796] dump_stack+0x138/0x197 [ 1299.173821] should_fail.cold+0x10f/0x159 [ 1299.180010] should_failslab+0xdb/0x130 [ 1299.180029] kmem_cache_alloc_node+0x287/0x780 [ 1299.180052] __alloc_skb+0x9c/0x500 [ 1299.188131] ? skb_scrub_packet+0x4b0/0x4b0 [ 1299.188143] ? netlink_has_listeners+0x20a/0x330 [ 1299.188160] kobject_uevent_env+0x781/0xc23 [ 1299.209776] kobject_uevent+0x20/0x26 [ 1299.213557] device_add+0xa3e/0x1490 [ 1299.217254] ? device_private_init+0x190/0x190 [ 1299.221822] hci_register_dev+0x2d9/0x810 [ 1299.225960] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1299.230264] tty_ioctl+0x8f7/0x1320 [ 1299.233917] ? hci_uart_tty_poll+0x10/0x10 [ 1299.238142] ? tty_vhangup+0x30/0x30 [ 1299.241910] ? __might_sleep+0x93/0xb0 [ 1299.245778] ? __fget+0x210/0x370 [ 1299.249218] ? tty_vhangup+0x30/0x30 [ 1299.252957] do_vfs_ioctl+0x7ae/0x1060 [ 1299.256837] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1299.261581] ? lock_downgrade+0x740/0x740 [ 1299.265722] ? ioctl_preallocate+0x1c0/0x1c0 [ 1299.270148] ? __fget+0x237/0x370 [ 1299.273585] ? security_file_ioctl+0x89/0xb0 [ 1299.277977] SyS_ioctl+0x8f/0xc0 [ 1299.281320] ? do_vfs_ioctl+0x1060/0x1060 [ 1299.285452] do_syscall_64+0x1e8/0x640 [ 1299.289327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1299.294162] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1299.299334] RIP: 0033:0x459f49 11:40:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x20000, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@ipv4={[], [], @local}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x2, 0x4e24, 0x2, 0xa, 0x20, 0x0, 0x3c, 0x0, r3}, {0x2, 0x5, 0x100000001, 0x7, 0x0, 0xf5e, 0x6, 0x100000001}, {0x1, 0x2, 0x6, 0xab}, 0x5, 0x6e6bbc, 0x3, 0x0, 0x0, 0x7}, {{@in6=@loopback, 0x4d3, 0xf0}, 0x19a1babcdac882b0, @in6=@empty, 0x3503, 0x3501e2e56ae0a622, 0x0, 0xa5, 0x0, 0x5, 0x6}}, 0xe8) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000200)=0x40) [ 1299.302544] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1299.310235] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1299.317488] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1299.324741] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1299.331991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1299.339240] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1299.350112] protocol 88fb is buggy, dev hsr_slave_0 [ 1299.355207] protocol 88fb is buggy, dev hsr_slave_1 [ 1299.383389] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1299.407404] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:40:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDADDIO(r0, 0x4b34, 0x7f) [ 1299.428531] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1299.451932] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:40:38 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000000)={0x58, 0x43, 0x9, 0x3ff, 0x5, 0x1, 0x6, 0x40, 0xffffff2f, 0x6}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{0x100000}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:40:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000000c0)={r6, 0xb21}, 0x14) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000000c0)={r6, 0x1, 0x3}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400201) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000000)={0x401, 0x8}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:40:38 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000000000080000a97b7c439016f3bbad4fa432fa00"/32, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001000000000000000000523426fcd8265ebb8cbb1346759291752c6ce3863155a3a49c57e36468f56460dcc0bfc90700"/80], 0x80}}, 0x0) 11:40:38 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000000400)=@ll={0x11, 0x19, 0x0, 0x1, 0x1, 0x6, @remote}, 0x80) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) memfd_create(&(0x7f0000000080)='\x85\x00', 0x7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) write(r1, &(0x7f0000000700)="83f95f812dea7742d18dd1f5f7b8dd488477c86d8801559a95815ea3aecd29f54503598541e19314260b5d176c5a58775aca24de463984479937b2aca6c30f9ef11e9e235ffb5087394311bfc77f1723c8a35f4a85c6934517142f53e8bf1a2665933f0f0f13432d774c075b20a2c2b3306cd9e2f7bab3015c3585f781ea4bd97bee452a13faa54fc18453317561b9c1239fe7c8ab8f17c50b16c69bfa3c650663e5c5de08ccf46a5b1385b533c4b1f80cc217474941a07e43ea3d33d733969a589571819a51b86e0537392a8517115d18deefa46e9d7953a60c1940384cf152213b6ad9c8acacaea7c76d3bc34b92bf1f9508f80462434e583a46bd19684e4030d6d24bc5b475cae94befaa1691039fd3d3e9ef244310cd4a84a5c500684fd4ea92b6bbb9464af45954a8766c46b9e7ac81a74b1235da7ea004f92f7c617aef783f89717c8a0083e60bae25cc18cd3a52a39f8dc152fcce3710321a36306a7076197131620df03074a54f7be00ca6e1d574127479244224ae91374271c9f082a19d658c26b2c542743223dadc587bea41fb61adcc32d9b6a0e48a0c2dc4503886c1b4c25b6e799a1fa82d59b12cdeaa9851c410b2f985079c2372837c371dcac9c1750b3db7f329800d9986eb7d7348ffe540202d52648b228ca39ad3c6b368b6f734a15446665ed91446c6b233414f784e300f0404e1f361c78bdfd53e314031b23b36cff6bc718acfde845c352a9fcfef9ca8bb2676419929923f37525211374ad4a7d96b578651f8fdbb15bd17f12befe04c32182cacca195898e058c834966b469f1d379cc9e7e94b1405a55869b5c4ea7522faae5dcd49d37c2294db5134b124cd783994ce5b08052ad21479eee73e87fa33b7a886b1d248fd490a01ebe42efa54550d38682f0ba9a49dca404b4dc57cabc6abf95e7a26dfc99eecf76d09e01fc1a81cb913fab1a4528b44e719dce50b3988efb391af4efb1618cb52443ed761d423f626fd54a37e92253eeb4d37a2a46dc5f0b8505e05051a703756ee364410531ad3a2250f76bd18fb8c87d7089ebfdf316b0b71749fb041031839a4353d2c39dbf86e3c07e67dbea387363e0249fa84786f74ff5cc703b5b7f2cf8234407037fa73947c79d254175649af6aef26ee424452bffe926b3935070610382d95c9a9f9dec7d47437541ce37218e7c99e634b026185f5032ea6657d54e68940880faf2997c597a9bdf4e90d2533af251ea149108807df5200ce069222e863819efa40407dac02da5a49b54402f1ad6d8c7a0d892f8bd96d293b250517b9b98ad637f936c72ee06a284cabe26c274911a96ee113a5ebf0232dccda83f6b55e334d176e4779202836fec9dc22beac28b9514cdaf8651ad58e8ce6f05c16c08ceb9c2fcb1f8b332c8381e0e173ec2298ea98f1dc85f48942099a82ebdc4cc50e98bd601b4daa062a19a2f8616de2c3d2f6f94edf3261000a60796afaf6c15100ff7854373b6b98f50df54def332b3ace6874609e8a5efeb7081c6d27de0ab1656223c74288aab19812d831ec69495688875da5ceaddad1289cff172a5a14b24a9a04d53341bed20fc5e1b2029aa7f4b578dc31cbd69fd85ec03bfd2c3b5f376af9fac57ab4680e59d850bce3c4aa14135361eb2c586d2a771c32f32a0e0c368718b32b984426f973c2b83e41cb5e816e7e744c5af4e424fc2a3ea46e3fbebe5cfb3676e61aa77347f929589eeffce49c9cba484b26f0ffd2fb7efc12e623aa9157b3a5a1e730ce4ae0373084ba9d610e526847f57619eaad53624b7fce6a5a2b780a599af93e0784f4aeed0d30c465a1f4a4f7e90b013bb57915b8102cc02601aa57cd71d5595e55aede0b8f38e10f88a2a4e51928f4bcf7fb1210be268919711378c87b712d840e2dc63468b466e1ba032203f8ae941c2537c31a3504a2ee8bc6b49781c71b17d80f1abebbb19153b59394894da3b6bd2fd6c8976af5692a28f6e9142b3f6b1c523115525375ebc92791e83d0acd7467a0c41185c4e9d4e341a91d0ae40a20419eaf704ed69c26f400267cff2df9c91cfca2681dbb95b1e7c1f78e2476f1b97bcdba1e27b194736ee37a9c80876e2186c648c72feac1d760663b96fa89c9d2f2d92c44334114d8d1171dd1c02fd1730a3b731c5c369b7356ebe48a617ebda5f954d59f0e2eebf5b46bd5e6eb6c40e42e2bb1c0887103e52298ef0b123e622b2a71b443f2dbcfd9e8df53f632c5d7f02eece195cf67a6f96efa24d16f05a45b203f78dbf484aa4821040904554d6ffb6f8ea9afb110b579747a78643e50a3b4bf36c82f258717c775e4851493cae2c72677527914b47c0391532de7ccc5b93baccb2524b8ca952f37939d57879e8a3e22246e9e3c305d27512c4b592bc6b57e0c7a79f6fdee0e405d6a9f4febb7bedc48de9ec69aa9eb4f708e04fcaf41ebccd8e1de546bb8638966609e2859fb16ca173c08b74b6310cbdd68dd401735ef7c7a5e1604aaf495d5ebb4c826c353f6f34a0e0c1f6e424e4b5fe9cb496a0455cae7ccf4b15d27941de2d46031e45563e1a22492790d4eeca952afa24bcd0513b42b2854095e786ee882bf533857382e61fd25f0b156d9fe796a3f93f8971af6a53a0f24121989050707c1636cc7e61e8e0973a2c35bc3ee04749a0e629f4e8b767f643c97bce2d51a1b681e6f4d4952df6a394c814051483ec81f3c53866923411dd5555d094c968b8b33f71301f4b97632a7de35e2de54afa14a0b65d2f8cb0e4d50eaa207f1963fe2554e4e52d95bd2a4433d932b0291fccc241f37d0b2d3d5b558f85c814c3a3e0404238e4952f8a9fbafaa76bf60218eb25d49b3549966321c49515b0bc04fdaf26e501b4ae5a9561d3f709cc994c9781795d2d30bce733892f97f5bf60b68424b8666ca7663cd71c68935126df2d87cded96385a7d60edeaf5d42ba2ba2c15b8dcc4c22d33b279a7a74ef84f4204fcf4ebd564dc1200b213b2a6a24f26bb1cf9188115328688d00e1ae2b8049b5fd5bf3ec4bc4eb848b18e3de13b1f146b9a3704981facedf33baa13024c509c0c7f7b30b7431adb0747c511e7d3e5c102b301e1c156e195e5a522eff6a24c5af460586b0056718a550dab5ab82d3ba8d2675b4aa4f60b341f43b9cf6ff9cb3bc6b0bb95ab98c9ff58e1a086d72621b42c906e05139b301b27af94d07d10d10fd4fcb9232ebef54038ea47520d362415490592150b4d052ded789568be78e8c69e8a0063dc77ce10063b5d196356e8ad7d427e3b7e4bd8bc9aabc1730bf1a04e25bd9d15082160c622fa553a5dea1cad07c3fdc7d02bd80bda1261bb8148e1e3b6d9fc36b0c6357c3b8a2f991799a7889f63b8316e419a1b7145530474ad96641b610b95cd27b577e3275cdd55f88a7ddd2e030541d30194e662e3c76582100def00b5213944effe2945fe2f63a833d77a849b60743cb6adc1272a241d0d3175b89966fb114ad890f039462521184aecab74ec6e91dcd4d3634594e586edd96a9929a10c20defaf3eb873a0d98dbc7e88d78673d8c907d5f1d4f85455eeb3b4638092251da4bf1c25f498cea365da59a788dbff8945ece40d79c14b5356b640950332a42cb686c91eed24d9412eee8023a9caf6558c1a563cd208f80e2a61701cd4a04b03eeb5705e9f60140f8c41663e2160ddf4decc68040c2b55fd1b9d02ec5e2e9c25305656e6efbe6f6d13204e6e16600d14865648011ad5e1692e422e42020dd055eaefe714f0a64fb0a240e5cf840297202749de24f0f9fe02e7cc7b8059b1b993d9c407282d158b7f3183c3c1397ed79e35678a277d0fd3d17a2ea38c46f7070d5404ec76fd4d9c0c66c33ec92b1b1f80043d151610e5428dd25a39ac26ab3a12ad0952d94e1738610a60244f4c03e391bddccfe2f85aa4c49e967c46808b92e80976b74a6e2617d1944bc3df949eae3b8cbe1d7677229739c82b89a0ac0f8c05f15d9234e72f6cce261044670bb7dcf48d69c7bd5a8a1bd8dee1abeb2e6224afe12b0fe457db756b7145a33922b5f284b6ef67eb58ec67e51c9d3eb60ab392c8e332cff7a8814b29605cf19345807e50f682352d6f464957fba08a360e1d9ed5906757acb6eb6c16d8b91a0369e6c5b51375b992d107d60ecaa62340a85552193633ab0eca439edca4b29df7bf352ebc505982a84f48cda00d4fbe3160fde9e3028d2a43c976a04c6bf3b89ac8ca0eec26f5bc00cc2e94e7e5cd04f5d9e577f1fb5bbb488bdebaa2167a380b8c57ff5842c757b8078b8e90820a3f155a9e1678dfbcbe6342db50de48db0e25903792d5b37353c9bd1067e8a4aba64d76034fc3e815cd210bda74a9bd76f541ee72f8a9d23f94c68e3688dbacbdb9d6021b7aeae33da77f31fa63a9955c6a8372a23aedb6b71de4dcab30631f25a924cc48d29744d3155c84268fccc07644c7910a3dd8b5c74048b8f4d4a2dfa1f2f5c5e9ac34d6c0a02252498777457cc3330005722aefe6a329b4aff9967749d5eea3b5e9b46a84d359f2e517634f31e544a0854931e59e38b7391f41ba7aa69efc255b5b5f12a7407166bfb6e1c05cbed5926e116f3a4a8e4419aae0cf8f9a36bba79820f8dc0e0aaca61bde3728ca9c88f770059f3ada7fab428ae0a26f91fa92bc46ebd81d49f084ce930abf1346cc7894323d4be06ae43b7215accb0deb68551c9844e7d99fe951165a1dceabe374d26895845400fe2bde064e684604f6221cec2884a5b22419e3dec697923cd00d05dae6ac37c6b220a0d9d5be014012a3ea0e048a43646e018b0af47cc4afe2053dc37a835e55614a8c7e1b6057f84a17f1d61d0f2e3648fc287825c2fbb22308fdada1dd3a9e9e7dfbac6d226559f167f29625b45355ffcbfa05291b6adc1b83f7a395399fa4d2702b4559cb34008ee7f0f8334e2d64b496e1398448a1176b39e37ca4ac51e247d5b0b7b016b2814b93cdf33044a2d791f7452f85c1b888a99d9fa16d4d346d96a0dbb47d2aa8de4b0b45de4a8a3bd3e6e84aefe06785540c89b9c8eb023c329ff23fcd9c33170fd2772c767d163fd90badadb2136118bec58630202a846add96a0b67fab41039bb0d94eb7e08680afbb46b7bcc1f17ec03d02ae73ec81c76d0add206e6c571a9c7be667a4f05f8cf48516627b2ab306dd4e373321a1d93eb7b737bf9c72dc217056307b41133d6b7322835567f2c41dceee8b0564cfc7e16dca0f8b5e00016eb96cfa0a19288bc178461eaef51016b7c2c374da95d0126b0b73e4a8a6358d3a9086404f40762d7e72b92ef452d5268baa455678fa350b04f5a5fd4fd50e2728430961fecd29d98311836927f93f275c2e457e93d2655a34897bbbabf5291c39015d9841548b21b8b841ef92c1cbe079dac490abca277c6fd90c9d216a309be12bf309af15234a14e3731158fe837df373cda7099b88ed508a6850c65892e2f1b3f4812dc940236178e74346d15ee269ce3839d1bfbc80c05a2f6788429d636010bacfbef55ec59e115d8eabb3792c6a6068f47a9ae13c3ff6d9c1887728f5c0f246a454cb6588b3dea1084e19b9418804e5289811c5673d6a9f0189a4cf38c914f10a782ee9757a0686aeed52f6923d3fc672d4f0c560527398e6f884b41256c965ae83de1f1476d90dffee9c22fa3c1d95c304c9c4d482dfbd46ac10b32d1ed5c1372d960963414cf1ce7574970ad94c4b070fa0ab6477228f7e16951ca5814d953814b986b9b0345576c0d51094f95584553cd78e2ac58a296d35ec8cffe108c1b488df1955e1", 0x1000) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00'/10, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) [ 1299.656660] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1299.687457] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1299.840181] protocol 88fb is buggy, dev hsr_slave_0 [ 1299.845323] protocol 88fb is buggy, dev hsr_slave_1 [ 1299.850486] protocol 88fb is buggy, dev hsr_slave_0 [ 1299.855544] protocol 88fb is buggy, dev hsr_slave_1 [ 1300.480186] protocol 88fb is buggy, dev hsr_slave_0 [ 1300.485336] protocol 88fb is buggy, dev hsr_slave_1 [ 1300.720104] Bluetooth: hci0 command 0x1003 tx timeout [ 1300.725426] Bluetooth: hci0 sending frame failed (-49) [ 1301.120201] Bluetooth: hci1 command 0x1003 tx timeout [ 1301.125522] Bluetooth: hci1 sending frame failed (-49) [ 1301.440141] Bluetooth: hci2 command 0x1003 tx timeout [ 1301.445469] Bluetooth: hci2 sending frame failed (-49) [ 1302.800160] Bluetooth: hci0 command 0x1001 tx timeout [ 1302.805469] Bluetooth: hci0 sending frame failed (-49) [ 1303.200134] Bluetooth: hci1 command 0x1001 tx timeout [ 1303.205455] Bluetooth: hci1 sending frame failed (-49) [ 1303.520155] Bluetooth: hci2 command 0x1001 tx timeout [ 1303.525469] Bluetooth: hci2 sending frame failed (-49) [ 1304.000200] net_ratelimit: 18 callbacks suppressed [ 1304.000204] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.010203] protocol 88fb is buggy, dev hsr_slave_1 [ 1304.015261] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.020336] protocol 88fb is buggy, dev hsr_slave_1 [ 1304.640248] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.645362] protocol 88fb is buggy, dev hsr_slave_1 [ 1304.650589] protocol 88fb is buggy, dev hsr_slave_0 [ 1304.655791] protocol 88fb is buggy, dev hsr_slave_1 [ 1304.880233] Bluetooth: hci0 command 0x1009 tx timeout [ 1305.040222] protocol 88fb is buggy, dev hsr_slave_0 [ 1305.045328] protocol 88fb is buggy, dev hsr_slave_1 [ 1305.280110] Bluetooth: hci1 command 0x1009 tx timeout [ 1305.600144] Bluetooth: hci2 command 0x1009 tx timeout [ 1309.200226] net_ratelimit: 22 callbacks suppressed [ 1309.200229] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.210239] protocol 88fb is buggy, dev hsr_slave_1 11:40:47 executing program 2 (fault-call:2 fault-nth:40): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1309.335103] FAULT_INJECTION: forcing a failure. [ 1309.335103] name failslab, interval 1, probability 0, space 0, times 0 [ 1309.346838] CPU: 1 PID: 5897 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1309.353772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1309.363180] Call Trace: [ 1309.365770] dump_stack+0x138/0x197 [ 1309.369393] should_fail.cold+0x10f/0x159 [ 1309.373525] should_failslab+0xdb/0x130 [ 1309.377483] kmem_cache_alloc_node_trace+0x280/0x770 [ 1309.382613] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1309.388055] __kmalloc_node_track_caller+0x3d/0x80 [ 1309.393010] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1309.397668] __alloc_skb+0xcf/0x500 [ 1309.401289] ? skb_scrub_packet+0x4b0/0x4b0 [ 1309.405680] ? netlink_has_listeners+0x20a/0x330 [ 1309.410423] kobject_uevent_env+0x781/0xc23 [ 1309.414731] kobject_uevent+0x20/0x26 [ 1309.418529] device_add+0xa3e/0x1490 [ 1309.422230] ? device_private_init+0x190/0x190 [ 1309.426813] hci_register_dev+0x2d9/0x810 [ 1309.430943] ? __raw_spin_lock_init+0x2d/0x100 [ 1309.435511] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1309.439818] tty_ioctl+0x8f7/0x1320 [ 1309.443424] ? hci_uart_tty_poll+0x10/0x10 [ 1309.447648] ? tty_vhangup+0x30/0x30 [ 1309.451361] ? __might_sleep+0x93/0xb0 [ 1309.455233] ? __fget+0x210/0x370 [ 1309.458674] ? tty_vhangup+0x30/0x30 [ 1309.462373] do_vfs_ioctl+0x7ae/0x1060 [ 1309.466244] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1309.470985] ? lock_downgrade+0x740/0x740 [ 1309.475114] ? ioctl_preallocate+0x1c0/0x1c0 [ 1309.479514] ? __fget+0x237/0x370 [ 1309.482956] ? security_file_ioctl+0x89/0xb0 [ 1309.487347] SyS_ioctl+0x8f/0xc0 [ 1309.490692] ? do_vfs_ioctl+0x1060/0x1060 [ 1309.494824] do_syscall_64+0x1e8/0x640 [ 1309.498702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1309.503546] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1309.508717] RIP: 0033:0x459f49 [ 1309.511889] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1309.519577] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1309.526826] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1309.534101] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1309.541374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1309.548633] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1309.557372] Bluetooth: Unknown HCI packet type 5e [ 1309.563954] Bluetooth: Unknown HCI packet type 43 [ 1309.568805] Bluetooth: Unknown HCI packet type 5e [ 1309.573712] Bluetooth: Unknown HCI packet type 50 [ 1309.578550] Bluetooth: Unknown HCI packet type 5e [ 1309.583480] Bluetooth: Unknown HCI packet type 40 [ 1309.680108] protocol 88fb is buggy, dev hsr_slave_0 [ 1309.685237] protocol 88fb is buggy, dev hsr_slave_1 11:40:48 executing program 0 (fault-call:2 fault-nth:34): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:40:48 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000000)={0x3, &(0x7f0000000700)=[{}, {}, {}]}) 11:40:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$TCGETS(r1, 0x5401, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x10000000000000) 11:40:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDDISABIO(r0, 0x4b37) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDSETMODE(r2, 0x4b3a, 0x5) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r3, &(0x7f0000000380)=@hci, 0x80) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$sock_SIOCDELDLCI(r3, 0x8981, &(0x7f0000000000)={'gretap0\x00', 0x9}) r7 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r7, &(0x7f0000000380)=@hci, 0x80) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r7, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r10}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r11 = socket$netlink(0x10, 0x3, 0x0) r12 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r14 = dup2(r7, r11) ioctl$CAPI_NCCI_OPENCOUNT(r14, 0x80044326, &(0x7f00000000c0)) 11:40:48 executing program 1: prlimit64(0x0, 0xa, &(0x7f0000000280)={0xd, 0x800000000035}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000000), 0xffffffffffffff9e) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x0, 0x66}, 0x0) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), &(0x7f0000000340)=[&(0x7f00000002c0)='\x00', &(0x7f0000000300)='\x00']) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) socketpair(0x8, 0x5, 0x7f, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept4(r3, &(0x7f0000000100)=@sco, &(0x7f0000000180)=0x80, 0x80800) [ 1309.960979] Bluetooth: hci1 sending frame failed (-49) [ 1309.966869] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1310.009679] FAULT_INJECTION: forcing a failure. [ 1310.009679] name failslab, interval 1, probability 0, space 0, times 0 [ 1310.027140] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1310.037733] CPU: 1 PID: 5909 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1310.044689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1310.054055] Call Trace: [ 1310.056652] dump_stack+0x138/0x197 [ 1310.060305] should_fail.cold+0x10f/0x159 [ 1310.064469] should_failslab+0xdb/0x130 [ 1310.068460] kmem_cache_alloc_node_trace+0x280/0x770 [ 1310.073579] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1310.079046] __kmalloc_node_track_caller+0x3d/0x80 [ 1310.083989] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1310.088663] __alloc_skb+0xcf/0x500 [ 1310.092294] ? skb_scrub_packet+0x4b0/0x4b0 [ 1310.096621] ? netlink_has_listeners+0x20a/0x330 [ 1310.101378] kobject_uevent_env+0x781/0xc23 [ 1310.105710] kobject_uevent+0x20/0x26 11:40:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r3, 0xa00, 0x70bd27, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback}]}, 0x28}}, 0x24004000) [ 1310.109517] device_add+0xa3e/0x1490 [ 1310.113239] ? device_private_init+0x190/0x190 [ 1310.117830] hci_register_dev+0x2d9/0x810 [ 1310.121989] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1310.126326] tty_ioctl+0x8f7/0x1320 [ 1310.129947] ? hci_uart_tty_poll+0x10/0x10 [ 1310.134179] ? tty_vhangup+0x30/0x30 [ 1310.137927] ? __might_sleep+0x93/0xb0 [ 1310.141812] ? __fget+0x210/0x370 [ 1310.145256] ? tty_vhangup+0x30/0x30 [ 1310.149015] do_vfs_ioctl+0x7ae/0x1060 [ 1310.152895] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1310.157635] ? lock_downgrade+0x740/0x740 [ 1310.161764] ? ioctl_preallocate+0x1c0/0x1c0 [ 1310.166155] ? __fget+0x237/0x370 [ 1310.169636] ? security_file_ioctl+0x89/0xb0 [ 1310.174042] SyS_ioctl+0x8f/0xc0 [ 1310.177390] ? do_vfs_ioctl+0x1060/0x1060 [ 1310.181523] do_syscall_64+0x1e8/0x640 [ 1310.185403] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1310.190257] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1310.195457] RIP: 0033:0x459f49 [ 1310.198647] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1310.206355] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1310.213607] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1310.220867] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1310.228146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1310.235413] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1310.250262] protocol 88fb is buggy, dev hsr_slave_0 [ 1310.255345] protocol 88fb is buggy, dev hsr_slave_1 11:40:48 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SG_SET_COMMAND_Q(r4, 0x2271, &(0x7f0000000000)) [ 1310.260458] protocol 88fb is buggy, dev hsr_slave_0 [ 1310.265498] protocol 88fb is buggy, dev hsr_slave_1 [ 1310.283939] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1310.321956] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1310.338384] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 11:40:49 executing program 3: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xe) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0xcfdc2a8a2b0d7d0c, 0x0) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000240)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000180)=0xe8) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f00000001c0)={r2, 0x1, 0x6, 0x6, 0x9, 0x7, 0x1}) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x9b64ce5a8039fe86) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000380)=ANY=[@ANYBLOB="c6429e0fc8c024d165c3bd44fe8bd8d3d9efa014393b211a299fdf5fd4c3b4756caf63a47d07e371ded4667801e6fa1ae9ac444869c5f68f567d2b", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000000c0)={r6, 0xb21}, 0x14) setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000340)=@assoc_id=r6, 0x4) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(0xffffffffffffffff, 0x800443d2, &(0x7f0000000300)={0x4, &(0x7f0000000280)=[{}, {}, {}, {}]}) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 11:40:49 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) connect$l2tp(r0, &(0x7f0000000280)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x4, 0x3, 0x1, 0x4, {0xa, 0x4e20, 0x5, @local, 0x2000}}}, 0x3a) accept$inet(r1, &(0x7f0000000140)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) connect(r0, &(0x7f0000000380)=@hci, 0x80) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r7 = open(&(0x7f0000000040)='./file0\x00', 0x40000, 0x120) read$eventfd(r7, &(0x7f0000000080), 0x8) getsockname$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r9 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x80000000, 0x100) r10 = epoll_create1(0x80000) fcntl$getflags(r10, 0x408) ioctl$VIDIOC_G_SELECTION(r9, 0xc040565e, &(0x7f0000000100)={0x609789a120324d56, 0x0, 0x1, {0x7, 0xe9, 0xb0, 0x401}}) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r8}, 0x10, &(0x7f0000000600)={&(0x7f0000000400)=ANY=[@ANYBLOB="0000000000080000f907ffff0000000032a2ba184686d8a8031a411e45a8befc506033491e61e45fda5bc2478e1dcc78d78a3fbcf00be1043265e0bf043761f1c83c1fa2bcdda634c54979f265b398f71cd76910a3ca660702a248c7630da66e001f4efb56dce3e18190b8e814791c242e24e7852356d0bbca077091a284f17a1f532bdda3b0e99f7325bbffcd69b39bf9416ecbdd94d02e0a0536c6d911b5f9cc6644c8ba60db3a575a111c88730c8428c14d79f25469d5ce39c2bafd56dbbf32e9293e54388f173961d884", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="02000000010000000000006006030000d250d7fbbc6e8d5a"], 0xffffffffffffff06}}, 0x0) 11:40:49 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x8, 0x5, 0x84) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYBLOB="0600000000080000000002dc581b758fa8cf1284000000000000000000000000781d317345e72200522aeaa78a71790ca1b5f1c1ad51", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000000)={0xffffffffffffffff, 0x1, 0xef9, "3f67d8bc3810e46da875920fde"}) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_inet_sctp_SIOCINQ(r3, 0x541b, &(0x7f0000000040)) [ 1310.446650] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1310.477801] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:40:49 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) [ 1310.880137] protocol 88fb is buggy, dev hsr_slave_0 [ 1310.885271] protocol 88fb is buggy, dev hsr_slave_1 [ 1311.600174] Bluetooth: hci0 command 0x1003 tx timeout [ 1311.605512] Bluetooth: hci0 sending frame failed (-49) [ 1312.010092] Bluetooth: hci1 command 0x1003 tx timeout [ 1312.015414] Bluetooth: hci1 sending frame failed (-49) [ 1312.320395] Bluetooth: hci2 command 0x1003 tx timeout [ 1312.325697] Bluetooth: hci2 sending frame failed (-49) [ 1313.680153] Bluetooth: hci0 command 0x1001 tx timeout [ 1313.685482] Bluetooth: hci0 sending frame failed (-49) [ 1314.080222] Bluetooth: hci1 command 0x1001 tx timeout [ 1314.085516] Bluetooth: hci1 sending frame failed (-49) [ 1314.400223] net_ratelimit: 18 callbacks suppressed [ 1314.405202] protocol 88fb is buggy, dev hsr_slave_0 [ 1314.410273] protocol 88fb is buggy, dev hsr_slave_1 [ 1314.415376] protocol 88fb is buggy, dev hsr_slave_0 [ 1314.420438] protocol 88fb is buggy, dev hsr_slave_1 [ 1314.425850] Bluetooth: hci2 command 0x1001 tx timeout [ 1314.431214] Bluetooth: hci2 sending frame failed (-49) [ 1315.040223] protocol 88fb is buggy, dev hsr_slave_0 [ 1315.045393] protocol 88fb is buggy, dev hsr_slave_1 [ 1315.050632] protocol 88fb is buggy, dev hsr_slave_0 [ 1315.055754] protocol 88fb is buggy, dev hsr_slave_1 [ 1315.440220] protocol 88fb is buggy, dev hsr_slave_0 [ 1315.445347] protocol 88fb is buggy, dev hsr_slave_1 [ 1315.760194] Bluetooth: hci0 command 0x1009 tx timeout [ 1316.160176] Bluetooth: hci1 command 0x1009 tx timeout [ 1316.480157] Bluetooth: hci2 command 0x1009 tx timeout [ 1319.600223] net_ratelimit: 22 callbacks suppressed [ 1319.605212] protocol 88fb is buggy, dev hsr_slave_0 [ 1319.610290] protocol 88fb is buggy, dev hsr_slave_1 [ 1320.080198] protocol 88fb is buggy, dev hsr_slave_0 [ 1320.085308] protocol 88fb is buggy, dev hsr_slave_1 11:40:58 executing program 2 (fault-call:2 fault-nth:41): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1320.215737] FAULT_INJECTION: forcing a failure. [ 1320.215737] name failslab, interval 1, probability 0, space 0, times 0 [ 1320.227813] CPU: 1 PID: 5951 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1320.234753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1320.244106] Call Trace: [ 1320.246680] dump_stack+0x138/0x197 [ 1320.250303] should_fail.cold+0x10f/0x159 [ 1320.254439] should_failslab+0xdb/0x130 [ 1320.258409] kmem_cache_alloc_node_trace+0x280/0x770 [ 1320.263497] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1320.268945] __kmalloc_node_track_caller+0x3d/0x80 [ 1320.273861] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1320.278511] __alloc_skb+0xcf/0x500 [ 1320.282117] ? skb_scrub_packet+0x4b0/0x4b0 [ 1320.286420] ? netlink_has_listeners+0x20a/0x330 [ 1320.291158] kobject_uevent_env+0x781/0xc23 [ 1320.295465] kobject_uevent+0x20/0x26 [ 1320.299248] device_add+0xa3e/0x1490 [ 1320.302946] ? device_private_init+0x190/0x190 [ 1320.307512] hci_register_dev+0x2d9/0x810 [ 1320.311639] ? __raw_spin_lock_init+0x2d/0x100 [ 1320.316204] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1320.320510] tty_ioctl+0x8f7/0x1320 [ 1320.324118] ? hci_uart_tty_poll+0x10/0x10 [ 1320.328334] ? tty_vhangup+0x30/0x30 [ 1320.332064] ? __might_sleep+0x93/0xb0 [ 1320.335932] ? __fget+0x210/0x370 [ 1320.339387] ? tty_vhangup+0x30/0x30 [ 1320.343085] do_vfs_ioctl+0x7ae/0x1060 [ 1320.346954] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1320.351693] ? lock_downgrade+0x740/0x740 [ 1320.355838] ? ioctl_preallocate+0x1c0/0x1c0 [ 1320.360229] ? __fget+0x237/0x370 [ 1320.363667] ? security_file_ioctl+0x89/0xb0 [ 1320.368063] SyS_ioctl+0x8f/0xc0 [ 1320.371409] ? do_vfs_ioctl+0x1060/0x1060 [ 1320.375552] do_syscall_64+0x1e8/0x640 [ 1320.379424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1320.384254] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1320.389423] RIP: 0033:0x459f49 [ 1320.392594] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1320.400285] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1320.407534] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1320.414783] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1320.422080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1320.429340] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1320.438103] Bluetooth: Unknown HCI packet type 5e [ 1320.443327] Bluetooth: Unknown HCI packet type 43 [ 1320.448182] Bluetooth: Unknown HCI packet type 5e [ 1320.453227] Bluetooth: Unknown HCI packet type 50 [ 1320.458108] Bluetooth: Unknown HCI packet type 5e [ 1320.463125] Bluetooth: Unknown HCI packet type 40 [ 1320.640147] protocol 88fb is buggy, dev hsr_slave_0 [ 1320.645267] protocol 88fb is buggy, dev hsr_slave_1 [ 1320.650424] protocol 88fb is buggy, dev hsr_slave_0 [ 1320.655466] protocol 88fb is buggy, dev hsr_slave_1 11:40:59 executing program 0 (fault-call:2 fault-nth:35): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:40:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000040)={0x7, 0x2, 0x2, {0xffff, 0x10001, 0x7, 0xb7}}) connect(r0, &(0x7f0000000380)=@hci, 0x80) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:40:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000000)='dummy0\x00') ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:40:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000000380)=@hci, 0x80) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) recvmmsg(r1, &(0x7f0000004a80)=[{{&(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000140)=""/114, 0x72}, {&(0x7f00000001c0)=""/234, 0xea}, {&(0x7f00000002c0)=""/4096, 0x1000}], 0x3, &(0x7f00000012c0)=""/179, 0xb3}, 0x1}, {{&(0x7f0000001380)=@nfc, 0x80, &(0x7f0000001540)=[{&(0x7f0000001400)=""/171, 0xab}, {&(0x7f00000014c0)=""/127, 0x7f}], 0x2}, 0x3f}, {{&(0x7f0000001580)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000002600)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, &(0x7f0000002640)=""/13, 0xd}, 0x9}, {{&(0x7f0000002680)=@l2, 0x80, &(0x7f0000003d00)=[{&(0x7f0000002700)=""/65, 0x41}, {&(0x7f0000002780)}, {&(0x7f00000027c0)=""/82, 0x52}, {&(0x7f0000002840)=""/4096, 0x1000}, {&(0x7f0000003840)=""/199, 0xc7}, {&(0x7f0000003940)=""/219, 0xdb}, {&(0x7f0000003a40)=""/60, 0x3c}, {&(0x7f0000003a80)=""/179, 0xb3}, {&(0x7f0000003b40)=""/237, 0xed}, {&(0x7f0000003c40)=""/168, 0xa8}], 0xa, &(0x7f0000003dc0)=""/230, 0xe6}, 0x9}, {{&(0x7f0000003ec0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f00000041c0)=[{&(0x7f0000003f40)=""/199, 0xc7}, {&(0x7f0000004040)=""/177, 0xb1}, {&(0x7f0000004100)=""/178, 0xb2}], 0x3}, 0x1000}, {{&(0x7f0000004200)=@nfc, 0x80, &(0x7f0000004600)=[{&(0x7f0000004280)=""/170, 0xaa}, {&(0x7f0000004340)=""/143, 0x8f}, {&(0x7f0000004400)=""/152, 0x98}, {&(0x7f00000044c0)=""/22, 0x16}, {&(0x7f0000004500)=""/29, 0x1d}, {&(0x7f0000004540)=""/129, 0x81}], 0x6, &(0x7f0000004680)=""/10, 0xa}, 0x101}, {{&(0x7f00000046c0)=@in={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000004a00)=[{&(0x7f0000004740)=""/204, 0xcc}, {&(0x7f0000004840)=""/241, 0xf1}, {&(0x7f0000004940)=""/135, 0x87}], 0x3, &(0x7f0000004a40)=""/63, 0x3f}}], 0x7, 0x10043, &(0x7f0000004c40)) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000004c80)=0x810, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:40:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x3, 0x0, 0x3}, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = accept$nfc_llcp(r3, &(0x7f0000000400), &(0x7f00000005c0)=0x60) setsockopt$nfc_llcp_NFC_LLCP_RW(r4, 0x118, 0x0, &(0x7f0000000300)=0x101, 0x4) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) listen(r9, 0x0) quotactl(0x52ca, &(0x7f0000000480)='./file0\x00', r8, &(0x7f00000004c0)="0a85370a0c38ea357ace7cb3f883dce5d838541f41fed5f8a7f6abb827b1127e154296a442bd61c859d8981c05a864192ab2c6d62f9b5b577f1ead418d901f51e848a974399316192a61ced784e675279dd8df2c9619568fff4d41b3a65d3c26ead1d8bc40193fa3703bfff515063070908088") r10 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r10, &(0x7f0000000380)=@hci, 0x80) r11 = socket$netlink(0x10, 0x3, 0x0) r12 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r10, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r13}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r14 = socket$netlink(0x10, 0x3, 0x0) r15 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r15, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r15, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r16, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r17 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r17, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r17, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r18 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r18, &(0x7f0000000380)=@hci, 0x80) r19 = socket$netlink(0x10, 0x3, 0x0) r20 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r20, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r20, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r19, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r21, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r18, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r21}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r22 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r22, &(0x7f0000000380)=@hci, 0x80) r23 = socket$netlink(0x10, 0x3, 0x0) r24 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r24, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r24, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r23, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r25, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r22, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r25}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r26 = socket$netlink(0x10, 0x3, 0x0) r27 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r27, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r27, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r26, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r28, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r29 = socket$netlink(0x10, 0x3, 0x0) r30 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r30, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r30, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r29, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r31, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r32 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r32, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r32, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r33 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r33, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r33, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r33, &(0x7f00000000c0)={0x0, 0xfffffffffffffe19, &(0x7f0000000000)={&(0x7f0000000a00)=ANY=[], 0x8}, 0x1, 0x0, 0x0, 0x10}, 0x40) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8c29000000000000006ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) 11:40:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) write$cgroup_type(r3, &(0x7f0000000040)='threaded\x00', 0x9) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1320.871012] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1320.909930] FAULT_INJECTION: forcing a failure. [ 1320.909930] name failslab, interval 1, probability 0, space 0, times 0 11:40:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000000380)=@hci, 0x80) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) getsockopt(r1, 0x2, 0x2, &(0x7f00000000c0)=""/158, &(0x7f0000000000)=0x9e) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:40:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000), &(0x7f0000000040)=0x4) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1320.949032] CPU: 1 PID: 5966 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1320.956007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1320.965366] Call Trace: [ 1320.967963] dump_stack+0x138/0x197 [ 1320.971610] should_fail.cold+0x10f/0x159 [ 1320.975771] should_failslab+0xdb/0x130 [ 1320.979755] kmem_cache_alloc_node_trace+0x280/0x770 [ 1320.984866] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1320.990323] __kmalloc_node_track_caller+0x3d/0x80 [ 1320.990341] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1320.990355] __alloc_skb+0xcf/0x500 [ 1320.990365] ? skb_scrub_packet+0x4b0/0x4b0 [ 1320.990377] ? netlink_has_listeners+0x20a/0x330 [ 1320.990392] kobject_uevent_env+0x781/0xc23 [ 1320.999971] kobject_uevent+0x20/0x26 [ 1320.999987] device_add+0xa3e/0x1490 [ 1321.000004] ? device_private_init+0x190/0x190 [ 1321.000022] hci_register_dev+0x2d9/0x810 [ 1321.000041] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1321.000056] tty_ioctl+0x8f7/0x1320 [ 1321.000064] ? hci_uart_tty_poll+0x10/0x10 [ 1321.000075] ? tty_vhangup+0x30/0x30 [ 1321.000098] ? __might_sleep+0x93/0xb0 [ 1321.026605] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1321.029137] ? __fget+0x210/0x370 [ 1321.029160] ? tty_vhangup+0x30/0x30 [ 1321.029172] do_vfs_ioctl+0x7ae/0x1060 [ 1321.029187] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1321.037633] ? lock_downgrade+0x740/0x740 [ 1321.037648] ? ioctl_preallocate+0x1c0/0x1c0 [ 1321.037662] ? __fget+0x237/0x370 [ 1321.037680] ? security_file_ioctl+0x89/0xb0 [ 1321.045514] SyS_ioctl+0x8f/0xc0 [ 1321.045525] ? do_vfs_ioctl+0x1060/0x1060 [ 1321.045541] do_syscall_64+0x1e8/0x640 [ 1321.045550] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1321.045567] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1321.045576] RIP: 0033:0x459f49 [ 1321.045581] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1321.045592] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1321.045601] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1321.053172] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1321.053177] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1321.053183] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1321.166518] Bluetooth: hci2: Frame reassembly failed (-84) [ 1321.175377] Bluetooth: hci2: Frame reassembly failed (-84) [ 1321.190170] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:40:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$packet_int(r1, 0x107, 0xc, &(0x7f0000000000), &(0x7f00000000c0)=0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:40:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@x25={0x9, @null=' \x00'}, 0xffffffffffffffab) r1 = socket(0x10, 0x803, 0x0) r2 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x8, 0x10000) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r3, &(0x7f0000000380)=@hci, 0x80) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000000018000211fd0001004b000000", @ANYRES32=0x0, @ANYBLOB="e6d275b6328fc2fdce49830b8f82569488bc98fed1fd8b482a1b6df1be4b8af87074763ef8c3c6b1915ec1d32cd4fd6367e4a3ffad4ab9ef2060068df4793b53387c0a5b08ff338880000000000000000000c5666747ea4b23ef96ff453093210b71cc69380d3cbd16adf77495569ec3cdc592e671cf13f4ecfc4fe1d3dbc72d5f7f9c4216154208592c381da90bd85dbee920a6d8e7429e3261efb77e5cbbf0a2a060074f0af55233b986d151dbc661e28bbf6e36ed372636cb8b0a7e6a7ba17d1dc4508ab73c31443e4f91ec3a87cec6cd21a0b870ed15e2d77660ee4fd672419dc908632e646e23cf7f3a7012bc"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000140)={'team0\x00', r6}) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r7}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000000000800000000000081000000000080aaadf820d46ee91151dedc80007ffa", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) [ 1321.217003] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1321.226219] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 11:40:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000000)) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) [ 1321.280128] protocol 88fb is buggy, dev hsr_slave_0 [ 1321.285308] protocol 88fb is buggy, dev hsr_slave_1 [ 1322.480067] Bluetooth: hci0 command 0x1003 tx timeout [ 1322.486093] Bluetooth: hci0 sending frame failed (-49) [ 1323.200088] Bluetooth: hci2 command 0x1003 tx timeout [ 1323.200101] Bluetooth: hci1 command 0x1003 tx timeout [ 1323.205461] Bluetooth: hci2 sending frame failed (-49) [ 1323.210695] Bluetooth: hci1 sending frame failed (-49) [ 1324.560264] Bluetooth: hci0 command 0x1001 tx timeout [ 1324.565572] Bluetooth: hci0 sending frame failed (-49) [ 1324.800176] net_ratelimit: 18 callbacks suppressed [ 1324.805351] protocol 88fb is buggy, dev hsr_slave_0 [ 1324.810579] protocol 88fb is buggy, dev hsr_slave_1 [ 1324.815798] protocol 88fb is buggy, dev hsr_slave_0 [ 1324.820939] protocol 88fb is buggy, dev hsr_slave_1 [ 1325.280238] Bluetooth: hci2 command 0x1001 tx timeout [ 1325.280263] Bluetooth: hci1 command 0x1001 tx timeout [ 1325.285536] Bluetooth: hci2 sending frame failed (-49) [ 1325.295614] Bluetooth: hci1 sending frame failed (-49) [ 1325.440189] protocol 88fb is buggy, dev hsr_slave_0 [ 1325.445408] protocol 88fb is buggy, dev hsr_slave_1 [ 1325.450531] protocol 88fb is buggy, dev hsr_slave_0 [ 1325.455582] protocol 88fb is buggy, dev hsr_slave_1 [ 1325.840243] protocol 88fb is buggy, dev hsr_slave_0 [ 1325.845303] protocol 88fb is buggy, dev hsr_slave_1 [ 1326.640172] Bluetooth: hci0 command 0x1009 tx timeout [ 1327.360163] Bluetooth: hci1 command 0x1009 tx timeout [ 1327.360167] Bluetooth: hci2 command 0x1009 tx timeout [ 1330.010179] net_ratelimit: 22 callbacks suppressed [ 1330.010184] protocol 88fb is buggy, dev hsr_slave_0 [ 1330.020246] protocol 88fb is buggy, dev hsr_slave_1 [ 1330.480180] protocol 88fb is buggy, dev hsr_slave_0 [ 1330.485290] protocol 88fb is buggy, dev hsr_slave_1 11:41:09 executing program 2 (fault-call:2 fault-nth:42): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1331.040243] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.045423] protocol 88fb is buggy, dev hsr_slave_1 [ 1331.050703] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.055767] protocol 88fb is buggy, dev hsr_slave_1 [ 1331.095045] FAULT_INJECTION: forcing a failure. [ 1331.095045] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.106469] CPU: 0 PID: 6001 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1331.113395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1331.122742] Call Trace: [ 1331.125337] dump_stack+0x138/0x197 [ 1331.128963] should_fail.cold+0x10f/0x159 [ 1331.133100] should_failslab+0xdb/0x130 [ 1331.137064] kmem_cache_alloc_node_trace+0x280/0x770 [ 1331.142161] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1331.147659] __kmalloc_node_track_caller+0x3d/0x80 [ 1331.152576] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1331.157228] __alloc_skb+0xcf/0x500 [ 1331.160848] ? skb_scrub_packet+0x4b0/0x4b0 [ 1331.165162] ? netlink_has_listeners+0x20a/0x330 [ 1331.169912] kobject_uevent_env+0x781/0xc23 [ 1331.174235] kobject_uevent+0x20/0x26 [ 1331.178072] device_add+0xa3e/0x1490 [ 1331.181789] ? device_private_init+0x190/0x190 [ 1331.186382] hci_register_dev+0x2d9/0x810 [ 1331.190522] ? __raw_spin_lock_init+0x2d/0x100 [ 1331.195096] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1331.199422] tty_ioctl+0x8f7/0x1320 [ 1331.203046] ? hci_uart_tty_poll+0x10/0x10 [ 1331.207280] ? tty_vhangup+0x30/0x30 [ 1331.210986] ? __might_sleep+0x93/0xb0 [ 1331.214868] ? __fget+0x210/0x370 [ 1331.218308] ? tty_vhangup+0x30/0x30 [ 1331.222016] do_vfs_ioctl+0x7ae/0x1060 [ 1331.225907] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1331.230649] ? lock_downgrade+0x740/0x740 [ 1331.234781] ? ioctl_preallocate+0x1c0/0x1c0 [ 1331.239189] ? __fget+0x237/0x370 [ 1331.242641] ? security_file_ioctl+0x89/0xb0 [ 1331.247043] SyS_ioctl+0x8f/0xc0 [ 1331.250394] ? do_vfs_ioctl+0x1060/0x1060 [ 1331.254528] do_syscall_64+0x1e8/0x640 [ 1331.258396] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1331.263238] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1331.268423] RIP: 0033:0x459f49 [ 1331.271596] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1331.279299] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1331.286556] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1331.293810] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1331.301073] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1331.308338] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:41:10 executing program 0 (fault-call:2 fault-nth:36): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:41:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000040)='\x00', 0x1, 0x1, &(0x7f0000000100)=[{&(0x7f0000000080)="e818ffb96e5eb725cd3b6316eab6f424567f00623b4f9ac87c4ac6db54cc668a10e42125c661623158e9289488ed840c419aa703b4e52f8efd8fcd958ce7378ee498fd084a6ddfd95f89aa131be2d7b42614c410144ea2ee465709c85b441be61394842223e216bf725d9c1a34733723ea1383381fdb2dbb2a815349dc5c7c", 0x7f}], 0x2000, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340), 0x10, &(0x7f0000000600)={&(0x7f0000000700)=ANY=[]}}, 0x0) 11:41:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x65) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f00000001c0)={0x8}, 0x1) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x8000, 0x0) getsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$TCGETS(r3, 0x5401, &(0x7f0000000000)) 11:41:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$P9_RVERSION(r1, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x3, 0x8, '9P2000.u'}, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) [ 1331.680161] protocol 88fb is buggy, dev hsr_slave_0 [ 1331.685276] protocol 88fb is buggy, dev hsr_slave_1 11:41:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='\x00\x00\xdc\xadEb\xab\xdf\xa4\r', 0xc80, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCGRS485(r2, 0x542e, &(0x7f00000000c0)) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) semop(0x0, &(0x7f0000000080)=[{0x0, 0x2}, {}], 0x2) semop(0x0, &(0x7f0000000000)=[{0x0, 0xffffffff}], 0x1) semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x20}], 0x1, 0x0) semctl$SETVAL(0x0, 0x3, 0x10, &(0x7f0000000140)=0x80000000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:10 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/\xecev/snd?pcmC#D#p\x00', 0x401, 0x400000) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000100)={0x10000, 0x0, &(0x7f0000ffc000/0x4000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCSIG(r4, 0x40045436, 0x21) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) [ 1331.776348] FAULT_INJECTION: forcing a failure. [ 1331.776348] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.814444] CPU: 0 PID: 6011 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1331.821410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1331.830768] Call Trace: [ 1331.833357] dump_stack+0x138/0x197 [ 1331.836983] should_fail.cold+0x10f/0x159 [ 1331.841124] should_failslab+0xdb/0x130 [ 1331.845087] kmem_cache_alloc_node+0x287/0x780 [ 1331.849704] __alloc_skb+0x9c/0x500 [ 1331.853325] ? skb_scrub_packet+0x4b0/0x4b0 [ 1331.857643] ? netlink_has_listeners+0x20a/0x330 [ 1331.862437] kobject_uevent_env+0x781/0xc23 [ 1331.866750] kobject_uevent+0x20/0x26 [ 1331.870549] device_add+0xa3e/0x1490 [ 1331.874269] ? device_private_init+0x190/0x190 [ 1331.878847] hci_register_dev+0x2d9/0x810 [ 1331.882982] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1331.887288] tty_ioctl+0x8f7/0x1320 [ 1331.890906] ? hci_uart_tty_poll+0x10/0x10 [ 1331.895175] ? tty_vhangup+0x30/0x30 [ 1331.898878] ? __might_sleep+0x93/0xb0 [ 1331.902753] ? __fget+0x210/0x370 [ 1331.906196] ? tty_vhangup+0x30/0x30 [ 1331.909920] do_vfs_ioctl+0x7ae/0x1060 [ 1331.913800] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1331.918585] ? lock_downgrade+0x740/0x740 [ 1331.922716] ? ioctl_preallocate+0x1c0/0x1c0 [ 1331.927106] ? __fget+0x237/0x370 [ 1331.930564] ? security_file_ioctl+0x89/0xb0 [ 1331.934967] SyS_ioctl+0x8f/0xc0 [ 1331.938313] ? do_vfs_ioctl+0x1060/0x1060 [ 1331.942446] do_syscall_64+0x1e8/0x640 [ 1331.946315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1331.951160] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1331.956338] RIP: 0033:0x459f49 [ 1331.959510] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1331.967198] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 11:41:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x8840, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1331.974550] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1331.981814] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1331.989064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1331.996340] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:41:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x8000, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="30000000000400000000001000000000e3ddfb8449ca", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x6}}, 0x0) 11:41:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = dup(r0) getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000000)=0x9, &(0x7f00000000c0)=0x4) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xe) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KDADDIO(r7, 0x400455c8, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$KVM_GET_MSR_INDEX_LIST(r9, 0xc004ae02, &(0x7f0000000240)=ANY=[@ANYBLOB="0a00000000000000000020000000000000000000000000000000000000000000000000000000000000000000bf5c9ab3288d506406e9c6c9b449275b7f24f8749726b274870df97bf3929f6cbd924104d3b74951442f2dc87fd7f7e43a9ccce15500f1195068518c2f164eaaf4ee6de16f237ca8621bba7341329dd2131720ce9b8a245e115522ef35a63332d3b2eb66e759d19470a89306790f0ad5e8d70a99bf2e84deb9c4409e144d931c3729a8b9e04bf804f809a2ed1c15bfc79269ea12867f17fa"]) 11:41:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:41:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='.d\xadv\xae\x00\x00x\x00\x80', 0x86000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0xfffffffffffffeab, &(0x7f0000000180)={0x0}}, 0x8004) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000140)=@ccm_128={{}, "ccaebe88157a1850", "042147b11267e0fd0c568d6cfbe941e9", "e90761cf", "5e1e8657f1b3e46b"}, 0x28) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$USBDEVFS_RESET(r4, 0x5514) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) ioctl$SIOCX25GFACILITIES(r4, 0x89e2, &(0x7f0000000280)) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) ioctl$sock_inet_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000240)) [ 1333.360136] Bluetooth: hci0 command 0x1003 tx timeout [ 1333.365448] Bluetooth: hci0 sending frame failed (-49) [ 1334.080120] Bluetooth: hci1 command 0x1003 tx timeout [ 1334.085422] Bluetooth: hci1 sending frame failed (-49) [ 1335.200191] net_ratelimit: 18 callbacks suppressed [ 1335.200194] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.210180] protocol 88fb is buggy, dev hsr_slave_1 [ 1335.215254] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.220331] protocol 88fb is buggy, dev hsr_slave_1 [ 1335.440152] Bluetooth: hci0 command 0x1001 tx timeout [ 1335.446145] Bluetooth: hci0 sending frame failed (-49) [ 1335.840247] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.845434] protocol 88fb is buggy, dev hsr_slave_1 [ 1335.850498] protocol 88fb is buggy, dev hsr_slave_0 [ 1335.855516] protocol 88fb is buggy, dev hsr_slave_1 [ 1336.160185] Bluetooth: hci1 command 0x1001 tx timeout [ 1336.165487] Bluetooth: hci1 sending frame failed (-49) [ 1336.240146] protocol 88fb is buggy, dev hsr_slave_0 [ 1336.245268] protocol 88fb is buggy, dev hsr_slave_1 [ 1337.520223] Bluetooth: hci0 command 0x1009 tx timeout [ 1338.240193] Bluetooth: hci1 command 0x1009 tx timeout [ 1340.400210] net_ratelimit: 22 callbacks suppressed [ 1340.405190] protocol 88fb is buggy, dev hsr_slave_0 [ 1340.410374] protocol 88fb is buggy, dev hsr_slave_1 [ 1340.880160] protocol 88fb is buggy, dev hsr_slave_0 [ 1340.885271] protocol 88fb is buggy, dev hsr_slave_1 [ 1341.440202] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.445311] protocol 88fb is buggy, dev hsr_slave_1 [ 1341.450592] protocol 88fb is buggy, dev hsr_slave_0 [ 1341.455741] protocol 88fb is buggy, dev hsr_slave_1 11:41:20 executing program 2 (fault-call:2 fault-nth:43): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1341.953251] FAULT_INJECTION: forcing a failure. [ 1341.953251] name failslab, interval 1, probability 0, space 0, times 0 [ 1341.964898] CPU: 0 PID: 6059 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1341.971847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1341.981197] Call Trace: [ 1341.983792] dump_stack+0x138/0x197 [ 1341.987421] should_fail.cold+0x10f/0x159 [ 1341.991560] should_failslab+0xdb/0x130 [ 1341.995519] kmem_cache_alloc_node_trace+0x280/0x770 [ 1342.000626] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1342.006080] __kmalloc_node_track_caller+0x3d/0x80 [ 1342.010997] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1342.015651] __alloc_skb+0xcf/0x500 [ 1342.019259] ? skb_scrub_packet+0x4b0/0x4b0 [ 1342.023584] ? netlink_has_listeners+0x20a/0x330 [ 1342.028331] kobject_uevent_env+0x781/0xc23 [ 1342.032639] kobject_uevent+0x20/0x26 [ 1342.036555] device_add+0xa3e/0x1490 [ 1342.040283] ? device_private_init+0x190/0x190 [ 1342.044869] hci_register_dev+0x2d9/0x810 [ 1342.049006] ? __raw_spin_lock_init+0x2d/0x100 [ 1342.053580] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1342.057889] tty_ioctl+0x8f7/0x1320 [ 1342.061510] ? hci_uart_tty_poll+0x10/0x10 [ 1342.065741] ? tty_vhangup+0x30/0x30 [ 1342.069443] ? __might_sleep+0x93/0xb0 [ 1342.073320] ? __fget+0x210/0x370 [ 1342.076760] ? tty_vhangup+0x30/0x30 [ 1342.080468] do_vfs_ioctl+0x7ae/0x1060 [ 1342.084360] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1342.089112] ? lock_downgrade+0x740/0x740 [ 1342.093253] ? ioctl_preallocate+0x1c0/0x1c0 [ 1342.098087] ? __fget+0x237/0x370 [ 1342.101545] ? security_file_ioctl+0x89/0xb0 [ 1342.105956] SyS_ioctl+0x8f/0xc0 [ 1342.109305] ? do_vfs_ioctl+0x1060/0x1060 [ 1342.113437] do_syscall_64+0x1e8/0x640 [ 1342.117360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1342.122202] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1342.127383] RIP: 0033:0x459f49 [ 1342.130554] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1342.138296] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1342.145548] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1342.152804] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1342.160060] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1342.167325] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1342.174886] protocol 88fb is buggy, dev hsr_slave_0 [ 1342.180100] protocol 88fb is buggy, dev hsr_slave_1 [ 1342.188199] Bluetooth: Unknown HCI packet type 5e [ 1342.193533] Bluetooth: Unknown HCI packet type 43 [ 1342.198436] Bluetooth: Unknown HCI packet type 5e [ 1342.203546] Bluetooth: Unknown HCI packet type 50 [ 1342.208450] Bluetooth: Unknown HCI packet type 5e [ 1342.213398] Bluetooth: Unknown HCI packet type 40 11:41:21 executing program 0 (fault-call:2 fault-nth:37): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:41:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x6c3677d4064e0ef1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:21 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_G_CTRL(r3, 0xc008561b, &(0x7f0000000000)={0x80, 0x3f}) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="e2553bbcd5425d27a5794e736e8bca1e247c2a6ca4320f95a6f42c72be480518ed65875e8564f696d902770c0000bec95b04289cc04f2e2da33868261ec9269d98246e82a859defd0d4ac2448beb09ec0a9ad34545c8ac584e47968be4bd1ceb1811"], 0x1}, 0x1, 0x0, 0x0, 0x8000}, 0x4000807) 11:41:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000140)={0x7, 0x81}) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffffffffd8e, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) ioctl$VIDIOC_S_TUNER(r3, 0x4054561e, &(0x7f0000000240)={0x1f, "3151a9e3fa3029646b10a87247b9cdf6735c2528fa64da88d6fdd87d4a7676c2", 0x3, 0x1000, 0x1, 0x9, 0x4, 0x4, 0x3, 0x4}) ioctl$TIOCGDEV(0xffffffffffffffff, 0x80045432, &(0x7f0000000040)) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f00000001c0)={0x5, 0x27, &(0x7f00000000c0)="aa3d105ea93a0e31673de46ce162426c0fddcd5949305195bc18f342b740f3e7e8b62955587b32"}) 11:41:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{&(0x7f0000000100)=@ethernet={0x0, @random}, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/12}], 0x0, &(0x7f00000002c0)=""/163}, 0x2}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000380)=""/195}, {&(0x7f0000000480)=""/103}, {&(0x7f00000001c0)=""/52}, {&(0x7f0000000500)=""/128}, {&(0x7f0000000240)=""/9}], 0x0, &(0x7f0000001280)=""/4096}, 0x101}, {{&(0x7f0000000600)=@pppol2tp, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000680)=""/59}, {&(0x7f00000006c0)=""/151}, {&(0x7f0000000780)=""/221}, {&(0x7f0000000880)=""/58}, {&(0x7f00000008c0)=""/25, 0xffffffffffffffc1}, {&(0x7f0000000900)=""/27}, {&(0x7f0000000940)=""/78}]}, 0x5}], 0x299247aa199512d, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="77a900009e810000000000000000"], 0x14}}, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r3, &(0x7f0000000c80)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1200040}, 0xc, &(0x7f0000000c40)={&(0x7f0000000b40)={0xd4, r5, 0x8, 0x70bd29, 0x25dfdbfc, {}, [{{{{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x4, 0x2}}, {{{{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x4, 0x2}}, {{{{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}}, {{{{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x40000a0}, 0x408c8) 11:41:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$KDADDIO(r1, 0x4b34, 0x6b704974) ioctl$KDADDIO(r0, 0x400455c8, 0x9c2) [ 1342.624912] FAULT_INJECTION: forcing a failure. [ 1342.624912] name failslab, interval 1, probability 0, space 0, times 0 [ 1342.654236] CPU: 1 PID: 6071 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1342.661201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1342.661206] Call Trace: [ 1342.661223] dump_stack+0x138/0x197 [ 1342.661244] should_fail.cold+0x10f/0x159 [ 1342.661261] should_failslab+0xdb/0x130 [ 1342.661274] kmem_cache_alloc_node_trace+0x280/0x770 [ 1342.661288] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1342.661306] __kmalloc_node_track_caller+0x3d/0x80 [ 1342.661323] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1342.661337] __alloc_skb+0xcf/0x500 [ 1342.661348] ? skb_scrub_packet+0x4b0/0x4b0 [ 1342.661359] ? netlink_has_listeners+0x20a/0x330 [ 1342.661372] kobject_uevent_env+0x781/0xc23 [ 1342.661392] kobject_uevent+0x20/0x26 [ 1342.661403] device_add+0xa3e/0x1490 [ 1342.661419] ? device_private_init+0x190/0x190 [ 1342.661435] hci_register_dev+0x2d9/0x810 [ 1342.661450] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1342.661467] tty_ioctl+0x8f7/0x1320 [ 1342.661475] ? hci_uart_tty_poll+0x10/0x10 [ 1342.661486] ? tty_vhangup+0x30/0x30 [ 1342.673432] ? __might_sleep+0x93/0xb0 [ 1342.758117] ? __fget+0x210/0x370 [ 1342.761586] ? tty_vhangup+0x30/0x30 [ 1342.765306] do_vfs_ioctl+0x7ae/0x1060 [ 1342.769200] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1342.773967] ? lock_downgrade+0x740/0x740 [ 1342.778126] ? ioctl_preallocate+0x1c0/0x1c0 [ 1342.782550] ? __fget+0x237/0x370 [ 1342.786022] ? security_file_ioctl+0x89/0xb0 [ 1342.790442] SyS_ioctl+0x8f/0xc0 [ 1342.793815] ? do_vfs_ioctl+0x1060/0x1060 [ 1342.797985] do_syscall_64+0x1e8/0x640 [ 1342.801879] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1342.806731] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1342.811919] RIP: 0033:0x459f49 [ 1342.815105] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 11:41:21 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x17) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000000c0)={0x0, 0x51, 0x4, &(0x7f0000000000)=0x80008}) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x3ff, 0x20) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f00000000c0)="ee11e40e237c5a6c4b68730310d158833925e315f2715856bb51da6f6083813d61248d8193d2b0daead90abe2be7a2f0d1599f8b58696497f3a9a1d9") ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/devx\x00:\xba\x00\xec', 0x600a2, 0x0) r1 = epoll_create1(0x40000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)={0xa0002002}) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_mreq(r4, 0x0, 0x24, &(0x7f0000000000)={@dev={0xac, 0x14, 0x14, 0x17}, @dev={0xac, 0x14, 0x14, 0x13}}, 0x8) 11:41:21 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x101000) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 11:41:21 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) read$alg(r2, &(0x7f0000000240)=""/224, 0xe0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1342.822813] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1342.830084] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1342.837360] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1342.844633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1342.851906] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1342.922268] Bluetooth: hci2: Frame reassembly failed (-84) [ 1344.240339] Bluetooth: hci0 command 0x1003 tx timeout [ 1344.245619] Bluetooth: hci0 sending frame failed (-49) [ 1344.880156] Bluetooth: hci1 command 0x1003 tx timeout [ 1344.885461] Bluetooth: hci1 sending frame failed (-49) [ 1344.960143] Bluetooth: hci2 command 0x1003 tx timeout [ 1344.965496] Bluetooth: hci2 sending frame failed (-49) [ 1345.600147] net_ratelimit: 18 callbacks suppressed [ 1345.600151] protocol 88fb is buggy, dev hsr_slave_0 [ 1345.610203] protocol 88fb is buggy, dev hsr_slave_1 [ 1345.615284] protocol 88fb is buggy, dev hsr_slave_0 [ 1345.620367] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.320145] Bluetooth: hci0 command 0x1001 tx timeout [ 1346.320162] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.330715] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.335946] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.341061] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.346212] Bluetooth: hci0 sending frame failed (-49) [ 1346.640185] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.645303] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.960209] Bluetooth: hci1 command 0x1001 tx timeout [ 1346.965499] Bluetooth: hci1 sending frame failed (-49) [ 1347.040171] Bluetooth: hci2 command 0x1001 tx timeout [ 1347.045481] Bluetooth: hci2 sending frame failed (-49) [ 1348.400330] Bluetooth: hci0 command 0x1009 tx timeout [ 1349.040147] Bluetooth: hci1 command 0x1009 tx timeout [ 1349.120170] Bluetooth: hci2 command 0x1009 tx timeout [ 1350.800191] net_ratelimit: 22 callbacks suppressed [ 1350.805279] protocol 88fb is buggy, dev hsr_slave_0 [ 1350.810467] protocol 88fb is buggy, dev hsr_slave_1 [ 1351.280172] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.285267] protocol 88fb is buggy, dev hsr_slave_1 [ 1351.840177] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.845235] protocol 88fb is buggy, dev hsr_slave_1 [ 1351.850363] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.855511] protocol 88fb is buggy, dev hsr_slave_1 [ 1352.560174] protocol 88fb is buggy, dev hsr_slave_0 [ 1352.565260] protocol 88fb is buggy, dev hsr_slave_1 11:41:31 executing program 2 (fault-call:2 fault-nth:44): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1352.835462] FAULT_INJECTION: forcing a failure. [ 1352.835462] name failslab, interval 1, probability 0, space 0, times 0 [ 1352.846887] CPU: 0 PID: 6110 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1352.853819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1352.863161] Call Trace: [ 1352.865742] dump_stack+0x138/0x197 [ 1352.869366] should_fail.cold+0x10f/0x159 [ 1352.873502] should_failslab+0xdb/0x130 [ 1352.877461] kmem_cache_alloc_node_trace+0x280/0x770 [ 1352.882550] ? refcount_dec_and_test+0x1b/0x20 [ 1352.887115] ? kobject_put+0x6d/0x80 [ 1352.890816] __kmalloc_node_track_caller+0x3d/0x80 [ 1352.895735] devm_kmalloc+0x62/0x170 [ 1352.899431] hci_leds_init+0x30/0x1b0 [ 1352.903216] hci_register_dev+0x2ee/0x810 [ 1352.907346] ? __raw_spin_lock_init+0x2d/0x100 [ 1352.911917] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1352.916232] tty_ioctl+0x8f7/0x1320 [ 1352.919837] ? hci_uart_tty_poll+0x10/0x10 [ 1352.924138] ? tty_vhangup+0x30/0x30 [ 1352.927849] ? __might_sleep+0x93/0xb0 [ 1352.931775] ? __fget+0x210/0x370 [ 1352.935218] ? tty_vhangup+0x30/0x30 [ 1352.938911] do_vfs_ioctl+0x7ae/0x1060 [ 1352.942783] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1352.947573] ? lock_downgrade+0x740/0x740 [ 1352.951721] ? ioctl_preallocate+0x1c0/0x1c0 [ 1352.956117] ? __fget+0x237/0x370 [ 1352.959566] ? security_file_ioctl+0x89/0xb0 [ 1352.963977] SyS_ioctl+0x8f/0xc0 [ 1352.967323] ? do_vfs_ioctl+0x1060/0x1060 [ 1352.971453] do_syscall_64+0x1e8/0x640 [ 1352.975320] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1352.980177] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1352.985356] RIP: 0033:0x459f49 [ 1352.988527] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1352.996217] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1353.003469] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1353.010719] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1353.017973] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1353.025224] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1353.035308] Bluetooth: Unknown HCI packet type 5e [ 1353.044120] Bluetooth: Unknown HCI packet type 43 [ 1353.048979] Bluetooth: Unknown HCI packet type 5e [ 1353.053922] Bluetooth: Unknown HCI packet type 50 [ 1353.058762] Bluetooth: Unknown HCI packet type 5e [ 1353.063694] Bluetooth: Unknown HCI packet type 40 11:41:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) 11:41:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)}, 0x3}, {{0x0, 0x0, 0x0}}], 0x3, 0xc682de93296f92e3, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r2, &(0x7f00000017c0), 0x331, 0x0) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f0000000000)={0x3ff, 0x1, [0xff, 0x1, 0x3ff, 0x6800, 0x1000], 0x6}) 11:41:32 executing program 0 (fault-call:2 fault-nth:38): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:41:32 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = add_key(&(0x7f0000000180)='rxrpc\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_TSS_ADDR(r4, 0xae47, 0xd000) keyctl$read(0xb, r2, 0x0, 0x0) keyctl$setperm(0x5, r2, 0x2) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000000)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYBLOB="00000000000800000000000000000000ade687b2ce9687534559bea4cabcb6b58b32f45b48ad0b8378fd7174d4647e3dc3ccc0fca331d41994951c470815984d3de338865a6dc6726538b948f689ed2321613ec43a7054f78ff221e71f2de3a9a76743cf807e2782ebf25d8c8b8038a94badd9a6eb0f72c62c84c3e37388e8f72ffdbb3fcbd837896a453444fde9878b20014704af14", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000400100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:41:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000000)=[0x3f, 0x6]) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 11:41:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r3, &(0x7f0000000380)=@hci, 0x80) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYRESDEC=r3, @ANYPTR64=&(0x7f0000000300)=ANY=[@ANYRES64, @ANYRES32=0x0], @ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x5}}, 0x4040800) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="2321202e2f66696c653020656d312beddd70db59dd14431979599046b5f78251d2e02d696a3c9a91bd19ed5850b9568b99b20f8f59b6662a1b23dcd44e3fa5830fd5eff91104704beac7c960c0d12ac7f93bebf5af7ca1a622417903fa2d2b2f4d02b39c68319f0f123bc923193350157bcfdc5873b89f9f33ff6b2e4de460d5c23d50f256c99d8c56545a09144d73f1beb1fd6026f1d8cb331ebfd94406fdc2333af388c8852e"], 0xa7) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:32 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x13) [ 1353.603872] FAULT_INJECTION: forcing a failure. [ 1353.603872] name failslab, interval 1, probability 0, space 0, times 0 [ 1353.615804] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1353.623590] CPU: 1 PID: 6126 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1353.631420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1353.631425] Call Trace: [ 1353.631441] dump_stack+0x138/0x197 [ 1353.631461] should_fail.cold+0x10f/0x159 [ 1353.631477] should_failslab+0xdb/0x130 [ 1353.643411] kmem_cache_alloc_node_trace+0x280/0x770 [ 1353.643428] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1353.643448] __kmalloc_node_track_caller+0x3d/0x80 [ 1353.643463] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1353.643476] __alloc_skb+0xcf/0x500 [ 1353.643486] ? skb_scrub_packet+0x4b0/0x4b0 [ 1353.643500] ? netlink_has_listeners+0x20a/0x330 [ 1353.651257] kobject_uevent_env+0x781/0xc23 [ 1353.651280] kobject_uevent+0x20/0x26 [ 1353.651294] device_add+0xa3e/0x1490 [ 1353.651310] ? device_private_init+0x190/0x190 [ 1353.651327] hci_register_dev+0x2d9/0x810 [ 1353.651344] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1353.651358] tty_ioctl+0x8f7/0x1320 [ 1353.651367] ? hci_uart_tty_poll+0x10/0x10 [ 1353.651378] ? tty_vhangup+0x30/0x30 [ 1353.651400] ? __might_sleep+0x93/0xb0 [ 1353.651409] ? __fget+0x210/0x370 [ 1353.651427] ? tty_vhangup+0x30/0x30 [ 1353.662353] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26159 sclass=netlink_route_socket pig=6135 comm=syz-executor.3 [ 1353.665918] do_vfs_ioctl+0x7ae/0x1060 [ 1353.665937] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1353.665949] ? lock_downgrade+0x740/0x740 [ 1353.665960] ? ioctl_preallocate+0x1c0/0x1c0 [ 1353.665972] ? __fget+0x237/0x370 [ 1353.665990] ? security_file_ioctl+0x89/0xb0 [ 1353.666003] SyS_ioctl+0x8f/0xc0 [ 1353.666012] ? do_vfs_ioctl+0x1060/0x1060 [ 1353.666025] do_syscall_64+0x1e8/0x640 [ 1353.666032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1353.666049] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1353.794240] RIP: 0033:0x459f49 [ 1353.797424] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1353.805130] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1353.812385] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1353.819635] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1353.826892] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1353.834147] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:41:32 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x400800, 0x0) r3 = add_key(&(0x7f0000000180)='rxrpc\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r3, 0x0, 0x0) keyctl$assume_authority(0x10, r3) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:41:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3c) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0xffffffffffffff80, 0xf0080) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0x7fffffff, 0x0, 0x9, 0x1f, 0x7ff, 0x1, 0x6, 0x3, 0x1, 0xfff], 0xa, 0x0, 0x2, 0x1, 0x2, 0x9, {0xb88f, 0x8, 0x200, 0x7, 0x3, 0x8, 0x239, 0x0, 0x6, 0xabcb, 0x1ff, 0x81, 0x800, 0xbb, "ca74398f94697cb4a4c1e93bb2162ccbff245c35dc40e8e32a13f5c32808373a"}}) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000000)='vxcan1\x00') [ 1353.871205] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1353.904009] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26159 sclass=netlink_route_socket pig=6138 comm=syz-executor.3 11:41:32 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x3, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:41:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ptmx\x00', 0x410400, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000880)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000940)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc081101}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x14, r3, 0x200, 0x70bd27, 0x25dfdbfb, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x8000) sendmsg$inet6(r1, &(0x7f0000000840)={&(0x7f00000000c0)={0xa, 0x4e21, 0x2, @mcast2, 0xffffffff}, 0x1c, &(0x7f0000000700)=[{&(0x7f0000000100)}, {&(0x7f0000000140)="3e14b1d0e28f0615d2e0c109394094a260576ffa176212591d8e615d1d242908c408c1f4d5f73c4661999ad28bfc0a1774", 0x31}, {&(0x7f0000000180)="385993b5a016a6b3f37cf642886973d5901e79944fb384f1c8af92f903c6423654f7388ae1e69bc8aa29fd55ac67370fd43bb09689791abff69dd1a326baffd7d054e06a780783206488c16ce139ef6a081903953fa52c8be9b3b080ceb02f40986f0c1e0bdb86d1af4151c64562ec523cc7cc12b65e817d8e472138cea79bd37eb719c9d44a2d70f8fd4bf0995e1071ab4ba87f2d48f3c653644fbf2d226931c35112e90318749aaf2d2f2f55e01e0971b1", 0xb2}, {&(0x7f0000000240)="275a0665240b34d32d20dd03b77e0f2f0c1d8c1bf801298bbcd07798f1a9bd8db4d1aca1e2dea1b279b96142e4a73053522cef4296262682e6bcb1778f9f916798e7d1162135abfe9b29534d041865fdc2c04dec0fbc0c8b9e32dd4ba2c56c89123fefdcfd3588165a561abfbf0f10b232a95f6c90db8eef808c60075918716c1c3979cbd59a25e0a71079c2ae24205550066a33aaa5f71f1ef3f32915ffd461ad33e0fec639", 0xa6}, {&(0x7f0000000300)="07476be8c2a5fe6671db45fa8d0c02054b6b9cbb9dcdc10f958337d5ba6902fb41841f2dad3b069ec3b13aad5115cce5343b18d093f75cebeba0e2788c9d5478c530a646068f30795ccc5a27da2be8cd76d76ea429199a1ae416cdde01d94910d523486964132dd17e5b4fcf7eb4cc8073a02eeff149a4d1f990304cc1f30b563109072c5a25723176bae854f80a6db29e15971f248f147d6522b36b9f5e601ec9da8e630c6c7cd69eb44c537d8adf6c906793a72bff", 0xb6}, {&(0x7f00000003c0)="1234a36ef991437df9728c13090bd5263f52b72f749dc82a39a9c5d4e1f1743ce3a000323ce55e7aa4c319b33500cd7a579ef4dd5e2da19be571fff585baef2391673dc21a9918d12c4cbdcaa0ea0861265df508c106ec8b9766e47c115882573a8bd7f390d2453b9f62d4467eb45cd740ac342b66d13a0b15bfd0c437b4215dba4e0c5178d0cbbd0490f83a0bfee00b5029a3e56dd643e2ce4aa9dc46345d0545800aa7a9db170d0f477bc334f420ec94581ea4473c366312eb157c1a71ae4e0ca370074d5c6753f15847b8c593d241f28d7c3c5b511cc7dc54afac886e65f7c91e3814252dd6e3", 0xe8}, {&(0x7f00000004c0)="0827a88818144fe29bf43e7e283a8c1db0b294d6dd03d9578750b7ff4a941e12b75a0b2d27040a35ccfab661bb16eb1b4aa0bddd81c8213058e1ed57296c1d51f627341d637f79c726b423a210f13463ab1acee79f9178d4a0dbfa57f5e9e98965f3487a3d0fa123494eb8ccf51cce112953b229f73d24927d1e1b5c064a5675f52f4401e2c3ca6666e3115ea543f97a45b39bedd6a315465a0b0ee1b4cec4e3f01988bb8b9065f40470", 0xaa}, {&(0x7f0000000580)="e71a8fcc9cb931c00a1662405e23dd8b4eb60d4fdaaca6384b3f0e16a9ae2682aacbe54884438aa4236a1288a6437dbb8340985083b9345f89baf486d33290a26bc1eb3e15b07e72236b1a1991d4174c6e235b3fdd01ca3152f0f963fcf3a3ae510590c3a2428c9fe5f351bbe50514a271a4f030dd8413322cd2580c53d02aa07883105b5b2c05be5850cc29d850e86bc2434641bcd23497691c1a3ac5938c6cc18c42e10aa5993f16ea182587d3ec7d9e5440d027f16c9cebe4f55e7f48", 0xbe}, {&(0x7f0000000640)="901589758e308c72b20f1ddb9136c668a9e11b3428d86949f453071be64695b0102a56e6a380e583c4fda34c418b03695cadb0458015457597f2a588ada9c625ceba69aa09ac4df3ce270e9d8968f10ba4e52fb7a51b581dff1e23464aaf74f132331ea75d04e0c423339fe8eeeac6e57e1264fce11bca5058957959e04e937a5404d005a417eeae96", 0x89}], 0x9, &(0x7f00000007c0)=[@hoplimit={{0x14, 0x29, 0x34, 0x2}}, @hoplimit={{0x14, 0x29, 0x34, 0x4}}, @rthdr={{0x28, 0x29, 0x39, {0x37, 0x2, 0x0, 0x7, 0x0, [@loopback]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x86}}], 0x70}, 0x10000840) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1354.024273] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6153 comm=syz-executor.3 [ 1354.053896] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6154 comm=syz-executor.3 [ 1355.040252] Bluetooth: hci0 command 0x1003 tx timeout [ 1355.046308] Bluetooth: hci0 sending frame failed (-49) [ 1355.600099] Bluetooth: hci1 command 0x1003 tx timeout [ 1355.605429] Bluetooth: hci1 sending frame failed (-49) [ 1355.920185] Bluetooth: hci2 command 0x1003 tx timeout [ 1355.925493] Bluetooth: hci2 sending frame failed (-49) [ 1356.000144] net_ratelimit: 18 callbacks suppressed [ 1356.000151] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.010298] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.015367] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.020446] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.720164] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.725556] protocol 88fb is buggy, dev hsr_slave_1 [ 1356.730679] protocol 88fb is buggy, dev hsr_slave_0 [ 1356.735959] protocol 88fb is buggy, dev hsr_slave_1 [ 1357.120222] protocol 88fb is buggy, dev hsr_slave_0 [ 1357.120226] Bluetooth: hci0 command 0x1001 tx timeout [ 1357.120285] Bluetooth: hci0 sending frame failed (-49) [ 1357.125358] protocol 88fb is buggy, dev hsr_slave_1 [ 1357.680275] Bluetooth: hci1 command 0x1001 tx timeout [ 1357.685650] Bluetooth: hci1 sending frame failed (-49) [ 1358.000284] Bluetooth: hci2 command 0x1001 tx timeout [ 1358.005659] Bluetooth: hci2 sending frame failed (-49) [ 1359.200162] Bluetooth: hci0 command 0x1009 tx timeout [ 1359.760194] Bluetooth: hci1 command 0x1009 tx timeout [ 1360.080200] Bluetooth: hci2 command 0x1009 tx timeout [ 1361.280206] net_ratelimit: 22 callbacks suppressed [ 1361.280210] protocol 88fb is buggy, dev hsr_slave_0 [ 1361.290485] protocol 88fb is buggy, dev hsr_slave_1 [ 1361.680229] protocol 88fb is buggy, dev hsr_slave_0 [ 1361.685411] protocol 88fb is buggy, dev hsr_slave_1 [ 1362.240160] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.245256] protocol 88fb is buggy, dev hsr_slave_1 [ 1362.250458] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.255576] protocol 88fb is buggy, dev hsr_slave_1 [ 1362.960149] protocol 88fb is buggy, dev hsr_slave_0 [ 1362.965226] protocol 88fb is buggy, dev hsr_slave_1 11:41:41 executing program 2 (fault-call:2 fault-nth:45): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1363.074236] FAULT_INJECTION: forcing a failure. [ 1363.074236] name failslab, interval 1, probability 0, space 0, times 0 [ 1363.085678] CPU: 1 PID: 6159 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1363.092605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1363.101953] Call Trace: [ 1363.104528] dump_stack+0x138/0x197 [ 1363.108144] should_fail.cold+0x10f/0x159 [ 1363.112282] should_failslab+0xdb/0x130 [ 1363.116242] kmem_cache_alloc_node_trace+0x280/0x770 [ 1363.121339] ? refcount_dec_and_test+0x1b/0x20 [ 1363.125911] ? kobject_put+0x6d/0x80 [ 1363.129632] __kmalloc_node_track_caller+0x3d/0x80 [ 1363.134544] devm_kmalloc+0x62/0x170 [ 1363.138244] hci_leds_init+0x30/0x1b0 [ 1363.142028] hci_register_dev+0x2ee/0x810 [ 1363.146159] ? __raw_spin_lock_init+0x2d/0x100 [ 1363.150738] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1363.155046] tty_ioctl+0x8f7/0x1320 [ 1363.158651] ? hci_uart_tty_poll+0x10/0x10 [ 1363.162872] ? tty_vhangup+0x30/0x30 [ 1363.166572] ? __might_sleep+0x93/0xb0 [ 1363.170438] ? __fget+0x210/0x370 [ 1363.173879] ? tty_vhangup+0x30/0x30 [ 1363.177573] do_vfs_ioctl+0x7ae/0x1060 [ 1363.181449] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1363.186187] ? lock_downgrade+0x740/0x740 [ 1363.190313] ? ioctl_preallocate+0x1c0/0x1c0 [ 1363.194704] ? __fget+0x237/0x370 [ 1363.198149] ? security_file_ioctl+0x89/0xb0 [ 1363.202538] SyS_ioctl+0x8f/0xc0 [ 1363.205882] ? do_vfs_ioctl+0x1060/0x1060 [ 1363.210016] do_syscall_64+0x1e8/0x640 [ 1363.213905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1363.218736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1363.223908] RIP: 0033:0x459f49 [ 1363.227080] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1363.234769] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1363.242018] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1363.249270] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1363.256534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1363.263786] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1363.273136] Bluetooth: Unknown HCI packet type 5e [ 1363.278065] Bluetooth: Unknown HCI packet type 43 [ 1363.284721] Bluetooth: Unknown HCI packet type 5e [ 1363.289571] Bluetooth: Unknown HCI packet type 50 [ 1363.294504] Bluetooth: Unknown HCI packet type 5e [ 1363.299338] Bluetooth: Unknown HCI packet type 40 11:41:42 executing program 0 (fault-call:2 fault-nth:39): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:41:42 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$USBDEVFS_GETDRIVER(r4, 0x41045508, &(0x7f0000000400)={0x0, "a6415073084a721725a1c5a5085a0d226fa5e6bb7719bed17cf757c4760c945c14e3242ee06d0bb1900f7a6bd761350400730097f1df778916770b4909404c61186c521a7cc48fb55144422258b443f7bdcac9456e8c1df98c7ffeaf7fe59526bae3e5c78e97fbdf1b3c38c31a9f89df8e9fe7467933b520ed8765c00140c8e54831a4b313bd7cf2a7c1c731c52a3d2c6dac207effa1372b0b05ee5859080784ddb1ed898f20716682e139a1c46f937506ec7a9ce402d44211dcee649ecef665abfd6078df1dd284ee59cb6cbc9337ff2794f13f57e1e0ab6797f2c50e7f5771ec6dece165161d0b442b8558c4b9b539fe9c6d40504e6736c720fe6919d2d7e4"}) 11:41:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) fcntl$addseals(r1, 0x409, 0x8) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, &(0x7f0000000140)='\x00', 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x1b0, 0x24, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x1, 0x8}, {0x9, 0xe}, {0x0, 0x10}}, [@qdisc_kind_options=@q_skbprio={{0xc, 0x1, 'skbprio\x00'}, {0x8, 0x2, 0x1f}}, @qdisc_kind_options=@q_cbs={{0x8, 0x1, 'cbs\x00'}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x40, [], 0x7f, 0x4, 0x1, 0x9}}}}, @TCA_STAB={0x120, 0x8, [{{0x1c, 0x1, {0x4, 0x80, 0x5, 0x10000, 0x2, 0x9, 0x2, 0x8}}, {0x14, 0x2, [0x101, 0x5, 0x4, 0x4, 0x5, 0xdfd, 0x0, 0x1]}}, {{0x1c, 0x1, {0x5c, 0x3f, 0x0, 0x7, 0x0, 0x1, 0x31, 0x3}}, {0xc, 0x2, [0xffff, 0x20, 0xf4a5]}}, {{0x1c, 0x1, {0x8, 0x3f, 0xfffd, 0x68fd, 0x0, 0x7, 0x7f, 0x6}}, {0x10, 0x2, [0x4, 0x4, 0x7f3b, 0x3, 0x7, 0x938]}}, {{0x1c, 0x1, {0x2, 0x0, 0x1f, 0x4, 0x2, 0x950, 0x6, 0x2}}, {0x8, 0x2, [0x7, 0x800]}}, {{0x1c, 0x1, {0x0, 0x20, 0x800, 0x400, 0x7, 0x101, 0x1000, 0x5}}, {0x10, 0x2, [0x7ff, 0x2e63, 0xa8, 0x5, 0x6]}}, {{0x1c, 0x1, {0xf9, 0x2, 0x1673, 0x1, 0x3, 0x9, 0x1ff, 0x2}}, {0x8, 0x2, [0xfff, 0xff]}}, {{0x1c, 0x1, {0x7f, 0x0, 0x6, 0x4, 0x3, 0x7, 0xfff, 0x2}}, {0x8, 0x2, [0xab, 0x0]}}]}, @TCA_STAB={0x30, 0x8, [{{0x1c, 0x1, {0x5, 0x81, 0x7, 0x80000001, 0x3, 0x10000, 0xfffffffa, 0x5}}, {0x10, 0x2, [0x344d, 0x8, 0x8, 0x20, 0x0]}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x41}, 0x10) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r6, 0x111, 0x1, 0x3, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r7, &(0x7f00000017c0), 0x331, 0x0) 11:41:42 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e23, 0x80000001, @ipv4={[], [], @local}, 0x5}, {0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x80000001}, 0x8899, [0x7f67, 0x8, 0x3, 0x2, 0x0, 0x20, 0x7, 0x84]}, 0x5c) 11:41:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x400001, 0x0) syz_open_pts(r0, 0x40) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f00000000c0)=""/20, &(0x7f0000000100)=0x14) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1364.371693] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1364.392191] FAULT_INJECTION: forcing a failure. [ 1364.392191] name failslab, interval 1, probability 0, space 0, times 0 [ 1364.410506] CPU: 1 PID: 6172 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1364.417454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1364.426830] Call Trace: [ 1364.426847] dump_stack+0x138/0x197 [ 1364.426868] should_fail.cold+0x10f/0x159 [ 1364.426886] should_failslab+0xdb/0x130 [ 1364.426899] kmem_cache_alloc_node_trace+0x280/0x770 [ 1364.426914] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1364.426933] __kmalloc_node_track_caller+0x3d/0x80 [ 1364.426950] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1364.426962] __alloc_skb+0xcf/0x500 [ 1364.426972] ? skb_scrub_packet+0x4b0/0x4b0 [ 1364.426987] ? netlink_has_listeners+0x20a/0x330 [ 1364.451823] kobject_uevent_env+0x781/0xc23 [ 1364.451846] kobject_uevent+0x20/0x26 [ 1364.451861] device_add+0xa3e/0x1490 [ 1364.451879] ? device_private_init+0x190/0x190 [ 1364.451895] hci_register_dev+0x2d9/0x810 [ 1364.451912] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1364.451925] tty_ioctl+0x8f7/0x1320 [ 1364.451933] ? hci_uart_tty_poll+0x10/0x10 [ 1364.451944] ? tty_vhangup+0x30/0x30 [ 1364.451965] ? __might_sleep+0x93/0xb0 [ 1364.451974] ? __fget+0x210/0x370 [ 1364.451990] ? tty_vhangup+0x30/0x30 [ 1364.452001] do_vfs_ioctl+0x7ae/0x1060 [ 1364.452014] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1364.452025] ? lock_downgrade+0x740/0x740 [ 1364.452038] ? ioctl_preallocate+0x1c0/0x1c0 [ 1364.465271] ? __fget+0x237/0x370 [ 1364.490681] ? security_file_ioctl+0x89/0xb0 [ 1364.490698] SyS_ioctl+0x8f/0xc0 [ 1364.490709] ? do_vfs_ioctl+0x1060/0x1060 [ 1364.490724] do_syscall_64+0x1e8/0x640 [ 1364.490734] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1364.490752] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1364.490760] RIP: 0033:0x459f49 11:41:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSISO7816(r2, 0xc0285443, &(0x7f0000000000)={0x6, 0x54, 0x10000, 0x1ef92d66, 0x5}) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1364.490765] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1364.490776] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1364.490782] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1364.490788] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1364.490794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1364.490800] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1364.625039] Bluetooth: hci2: Frame reassembly failed (-84) [ 1364.635825] Bluetooth: hci2: Frame reassembly failed (-84) [ 1364.650929] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:41:43 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:41:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = open(&(0x7f0000000100)='./file0\x00', 0x38200, 0x40) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r1}) r2 = syz_open_dev$radio(&(0x7f0000000180)='/dev/radio#\x00', 0x2, 0x2) ioctl$TCSETSF(r2, 0x5404, &(0x7f00000001c0)={0x6, 0x10000, 0x20200004, 0x10000004, 0x7, 0x3c, 0x1f, 0x7, 0xfdfe, 0x801, 0x1ff, 0x400}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGDEV(r4, 0x80045432, &(0x7f0000000200)) ioctl$KDADDIO(r0, 0x400455c8, 0xda) r5 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r5, 0x8935, &(0x7f0000000000)={'ipddp0\x00', 0x100}) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r6, 0xc0506617, &(0x7f0000000240)={{0x1, 0x0, @reserved="d39515408a313dd8f01de652ee06adc4e90e01ef1440bcbff559ac037fda74b4"}, 0x1000, [], "ec16c60838e24e994d76f6717306734c61e277c5853d79e8cf672b0716a6639dfa441b189a85a6c7ba2fe7b7888e4a8b0c5743fe15e6f76366342131221344e26776cf0fab0d70ae0e3680b1e68f16e0c2f40dc489573d37e54059eb04a5f6521cea823ee0a25ee34141921342cb731ae7d795837f2345024c22fb5c653d26902f828acb7e31a286b3461bc1c07063a791084a3c641dc2dd410838ab3bfd95006a635cb89ba57cdb37a0cd8c849202070c2b924c0724499149a2381269811d65dabc638019b050d12f76232e3acbbae52ca78970ace94e91e697139b470e2848a6904a33d4f9af237078737d001bed364be9b49482b339d2cbae1f59a0f96dfe44e596969652ec920f8eab89a5475e97752200aa71f360972f6abc769ef5eb7ad7c9436c7fa9e503f14796f92fb79dd3fb14f2ccd46056f2eab14a3235c6fcc0a7014cffcf8606e4f179d77e2291048f4b8c6749e39be77ecd505d8db7a9450ec9b50d3a0122fa73e6bcaa04c5bf4c6e81ef050912153b07b946772cf9d9c3af1bf6e42bf803c1411cea6a90c1b9f4ff8668f91470004aa18b921026437627ed7359b2cdf0b0e2cc7209c63c04d2c2d0de80f0f3793010823a84fb928abf0546977ed758fda9213890d001a659688fca9a080ff15b1f3304beb92113ce5cdf5427c65183d548b07a7ac193bba01459ae467fe4e23d05f43b5d86a7ee8ab406046c5cc906a0207aaff7f045bee3fba43fb1b2d0e53869451cd0cf1e2a6b77d42b93c3a21c87a307e67109dc8d2881b51786a110eb7f5f483aadfff591cdc4ccdd5e2c52cabcf246a9e0f15e0e1c44c7ecd5e7bd0cf528320a64cbed8c413134f1a611959f2b323435f5c3c1d1942bf6a6f0407a93777b0ac9da11c3c1ab295c47b29d089f8eb9dcf637a1fdffbb4464cf075ff5fa11f06628763d1c8da4059b5c765578a421e0ae58d80b44f6b65a56eae1811d3c242de8c80dccf4cae2fa25deba60bfd196d81451c3cc973e5dfdd9ed1d2d01577b42ac6e5b8b2d67e37ff8bf4c24d48e23fea5e74ad97be1833204715c7203b5a09725f182b26cceb93614c411a3378088bae02cdb2a122b808cbc122fffa9d02beab1c3523003af3f00607efb1433ea95883b7492f4fd59f6265d01d31c334f06d535ed7d85a5239b51c95ba8d1d5e5e42e83b8b2207df5adbafb17c612c0d47ef5c41257ff4afe0789420cd16b7e545ee2bb4199105592d3a0c8a913a6bc06928bc9649fb13a5fc67fa5ce7033adfa3c5c7ffc11700bf27848fd585ca569dd00e5abc7a781d332c5b8040cd1545fc48018d458a14dbc3f1fa894e7e8dd9e5c40095e7ca93598fba0fc68209fefbb1e5e1ea1cf84b7d1ba892f68a6cdc069d1e6d2e0ce973af9911720adf5e40258f95a3d84c858c61cee20d87f7e274638448f6d9f307a5b00be57ab1f78ca0f3ff466836498fb48ef71a17b06f2440297b0b1983c1bb0d6bc9ceb86d254900757a6794d23419454d65c17cecafa860b068f09c98df92eb407ccb6d57a85c824a00997b650afaf10414537f4ff10da8cb412ead969e03e5a0e07aab3bf67748f1961f5f9a5bc029dbd2df9abc8f4bfa251b7bea3fe8c10b73ac10aa8cb5b6cb5c343aa99723b6d7b3f63e17c962c6f811e2c5984962cfb0602d8b645265b84ae7025cf468f8cb8058fef768da4d9f38e6054edb22339238fd9fd7053993bf87d7dca8e743e533f6a072d2696a358601a82339a68e87be147797de4e6761b44d55ff88bc2c8176f953ab4d57bf0b554d9fc6ae9c066fb067553c0f4bc34f5d4a0eb59243ec6783cbe51b718ae9601f9e84b64224f4b7165f013d16cc659c15203d32e89c6eaffe848151a9ac473f081925ed3e925bb7eccc2bbbadc0f8d171e5a99298dafb0d8d2a9968bffba47d6f7cbda41a0bda8d2621cdffa7b4cb811b4120c3ccccb05440a51858f9366c5ef661e5f454ba7bdf7ec064cfd2d592ac408f28de640f91891800e1131e768a99e78a004c919df87efc1129fdab4abd73efd4466035adc3d494c78fcaf93b15dec6e4583ee1b9459e78c02049778b999754572e3be37a8f4bc497922ad9d38fcade1b5840f5657d8de057acacdaccc65148c0d14be8f1964f9ecec39f2c5e13ed2c0adb25fde36896f9843c7ff6cd988c109b39d7c82be180748c2b4726989a31dd373fc2b6382ba6fadd5baf2b380ce36f1b507a983c31ecf2936ab9d00d56d2781bcd5b9006994823ae1d92c3b47ba57f2da8bb8106eee1445e8b1db925c8eb55d579f28972de02a33d368ee371f3212e636bf41c40556a41b518d8175823ffd144bc3bed508e6b61bc7ed711666ba56f6bdc5d9926ee8514bc36364ccf854b1cf0f8296b0cdf2474688dac80662ed71c318a99c80698e37000258d7cfb4bbb2cbb25751dcc4bc7ca35b80a7625218d27c88a679e7c0505c854a30fe4341ae58189629a26236340574843a2d5668936962a5f82ea9c892455a44ddab4943f8d495ab396d4326456000eec4f037ec3dc38131d382a66ec3427528333e8c10b37c5069088a2fa5f73c9722bf24c603c49c9b503e8a9fa1d6fadab502e18957d92f5073e8a1126b3eff16a2b38f8477f0b1fde1b4607cc88004177496afa82bfc0e31ee4475797669f48999a9a598c751635548b1c3665da51ce8858a809dcd212cfa319be2900f76bb942f23f947cf439100e8794c84c008cefe30e187358a573ce85590aeff4eedb513077d3f74590f720c69390f4561a5c5f1dc13da824e38e43d9e594a59283cf053e0fcd32388c66fc4d8ee231ce209c7cd29eb140d27417ef0dccdf120a5b73d62d1475d576e05b64ba57d699b7bc8b51386b5219500070b09666e110d31b85458f91f91562182f619fbae944a807092d9fd9d58a195d8ac08051fee1600554f447ac0acf82686f8ee34283f33246240b5b9d05c5dc2b0a651206094e2787fdc74a482afadee6b653c653278ba76652aec50947971c34ab15faf41939705381948df74038830ed06c2ce6bc733927eb2b63e0b122e3be424d65173144621cd53f2a2773e016c0412e201db1ea5afdfa0f140cd24cfb5f6c54ed6a279b5194242b0d85c1dcff0e24a16740ea11ded62329ec5e2109b020f6dcaab92d03d258bd89859ca4bf9b5601f1bfddf1e4fafcd5842e16172566285dabb8796c42c0298248ebb9a017ac87e383cb5b5606008f60300c5361356ac20d5c6cd3c2d368ec20e3dee4ebc848272ca24b303ef7b9c68b956b0d0ef4612d44da8704c8b5906fd14ee59a4ffaaba675534ae7e07ae675cda99757804eda67e9e8f18d68a766729d6c5f0e626c5f02c124b494e095d75bdd921514fccf2a5c3001076d2769f00d76518b140cc65ae86cce23232e7015a47ae427b1e00133cac3e70ca599a6c2bcf16d57563d115f3d7807515dc13b51d1ba708f5840095db9b5486caa2ed89e4aef543a5cf529cbf66f3a602361e42361d5ab747870549ccfe13385aea881787e1eccb476a7ad7ed6664b67b6ff82ee242745d23d967181ae25b50b6df702ec66b618766dba9419af486c334d41b8434d197557043d08bd204678ecc64b4ae4ebe0a0a7d05aa6d661f2c3effdc828edc53b3ea51c8d10abc67af687dfd5d18b88dbc995384f4770c8199269794696e62ceca3ed96db227ec39573102a09eac66a4bface1d3d072f35dc9440c8172063e1c3d5d7a127c26ccfc3679ba5b5c3b16c916d240e3a5ee749cdcfcbf0b1df71093b063b609e2613e5b8ed1022048e856a98c28032717269a359b72980a8cbfcf6c85cfa5d2c094c59928a0d5a9be8b35f98f4b8ba431ee0140d8b9b8435d63ee0f9b46d71f4015e671c5a3e795cd247b5066392b4a103536d2c1e2a4221e1b9639972ad75999b6bc123cb62a8fb519fb353417d561dbd31d2cc45c2bd4851f0d665ca1558aaa5e385f435d65ae8934c777826fb28e12c16d1c1bdb9d6d82a211815dcfed8da1ad7cd3e9d8d0cf1aa71ab4ec0cb59cc2876bdc82ac489c4c0de510cf9dfbc5da57fde73c21bd5cc06b06875c86d9dbe87aa525750de66301a7a36aa485e2f4297c92c923978039b800c84c5a2bab3796fe999620e97da9d7f8a3cf1fc6a33029b8c2c2444c494b6423f424810907b5b49dc8938f3d4f0acfaf44314301a00715bda539c4b3492380f4e8a63175b6cc97b1c1d8e472efde0734490e1ae19b5797d7b101514f8c2fe25e3b54274c87a485ef9cb253f8d5cf97276c2992e1572c5e4ce275428c3b3f8e49eaac0e0d8da96f8c8d3c8751923d45d235a33e2a9bd5f7b66e71b28fff185e69ce03a90271a72769c52c06459383f1c052212ec9f7b7d7dec0815576c525850983fd4ca43a68658e13e18a6448c9fefcea8e1210e61cb5dd69c62c398cb9ca127847983578a407744c84aa71f5d8e0f53d9edccdc9aa67ba7f0db342729b114f66ae75228a8d628f9bbf08237402c894547b37abf47d42536548ff9ee6dac18f865f69724a98a736395be9dce0b2b9c7f2bf635b77b9dda0d620c492ddeeb6355304dd24d57079091b6f7dd034bb29bf102503ac8732f363aef7529ece4b1a1dfd5fe15bc541460c738efe115aaa26f2f1ebb7de556905c34a2a8356181eb7edd1f85295096e53f8817de7da96c7fe5eb5707cb4df4e3e3526b6dd5cfb51c87accc4efc9ceccc4f8f7472b6bd25d7c4d7869498121b2bc0ddb8bd0eddb61a76d10b85a591307ec0eb18163f998e3401b431a2724fed41e21a15097b4f4fde3fa321fa6e771c1f0d20a2e23580e11d8d779d4e8edc0220340d38fe1101f7e0da86cbf0e8e5bdc6bd5d79be850aff43d23d0c37e62b02b3bde638498d9f28eaae2494188ec48b704ae2fe8f5483a33e7a69f55fd643825efa51d767ca638a11ec04f4e453c375f3483c64c2dabf5de965aa0f889c019feec0cd33f06fe09ecbbf10b6b51aee31e318cfacee1cf48a544beed1d25858beff908ceb8db475cbfce1b1772f5bf930a06ce57da68d360e7cdfc1e14faf29d1f2cf832453030fe17bbe704e7e5328077ff000d0a29cc3b03851289e6a68b2165a476fa4996b89bb4bbb7a1a0b6d025a7a158c02e83a6bd73891396a39ab2867254ce83f30d9e39272d2bc85227b5ce6d61ac5e28a22af139d0189d704942bd69785f44bcbd22716c7ba7da23d75a95e78cc96cd9d57593113f5fc99b89054532bb2b562d11ae7635fdc1201d67b8cb15b94ec0ede9e0a2f08a95715b516e09fe946e745c21820105465fed388b75093f993b2ac8e8727f19965b5f2b1c0fe69e1ab490798e9f47072efc08151a134e7b8e88ccdb627a00d2810f6d4317462c267197d4fa6dc8a90935ca1d568f701d33253364b894bbf91687c0da7ace6c7871abddee1c6c46c2171d2100fc38cf6317284867b01664ec27d6cc0c07936d6573dbadf85fa9f718552183716a426bcc67711704f95af162c1a7ada3597e0c3a2b6aec8344859cc475605a0ce939a321d96bd54c6bcea4663785e39b440607030da287633b859e7cbab39cdd8d3a180e816270a670288f7fedb9f31024a4f90c51f567543dc7b1d73b7e4f1824f59c0d32416cacb927aa92b75140dc4842668dea365a9f57a2ddde86eabdb41743c330f9d09e9c97b43093dadcc034d6254c980d7f6dcb0cd808f08cc1031b6dba78eb5274f24f78ca3e93852afebf8678ca3e895af10c64b45408abb4ca51f62f60fd30d4a17fca42a8fb90b0d4201bbbc8950dd943aae15fcc5d17d7d60f20b705ccadf471291cc8"}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f00000000c0)={0x20, 0x8, 0x3f}) 11:41:43 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="00000000000800001000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r3, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x6}}, 0x0) 11:41:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/lev/pJ\f\x00', 0x8000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1365.280093] Bluetooth: hci0 command 0x1003 tx timeout [ 1365.285382] Bluetooth: hci0 sending frame failed (-49) [ 1366.400192] net_ratelimit: 18 callbacks suppressed [ 1366.400198] protocol 88fb is buggy, dev hsr_slave_0 [ 1366.410285] protocol 88fb is buggy, dev hsr_slave_1 [ 1366.415364] protocol 88fb is buggy, dev hsr_slave_0 [ 1366.420445] protocol 88fb is buggy, dev hsr_slave_1 [ 1366.640078] Bluetooth: hci1 command 0x1003 tx timeout [ 1366.645400] Bluetooth: hci1 sending frame failed (-49) [ 1366.650791] Bluetooth: hci2 command 0x1003 tx timeout [ 1366.656032] Bluetooth: hci2 sending frame failed (-49) [ 1367.120123] protocol 88fb is buggy, dev hsr_slave_0 [ 1367.125254] protocol 88fb is buggy, dev hsr_slave_1 [ 1367.130382] protocol 88fb is buggy, dev hsr_slave_0 [ 1367.135536] protocol 88fb is buggy, dev hsr_slave_1 [ 1367.370120] Bluetooth: hci0 command 0x1001 tx timeout [ 1367.375415] Bluetooth: hci0 sending frame failed (-49) [ 1367.520128] protocol 88fb is buggy, dev hsr_slave_0 [ 1367.525201] protocol 88fb is buggy, dev hsr_slave_1 [ 1368.720108] Bluetooth: hci2 command 0x1001 tx timeout [ 1368.725368] Bluetooth: hci1 command 0x1001 tx timeout [ 1368.725453] Bluetooth: hci2 sending frame failed (-49) [ 1368.730682] Bluetooth: hci1 sending frame failed (-49) [ 1369.440161] Bluetooth: hci0 command 0x1009 tx timeout [ 1370.800133] Bluetooth: hci2 command 0x1009 tx timeout [ 1370.800146] Bluetooth: hci1 command 0x1009 tx timeout [ 1371.680135] net_ratelimit: 22 callbacks suppressed [ 1371.680139] protocol 88fb is buggy, dev hsr_slave_0 [ 1371.690127] protocol 88fb is buggy, dev hsr_slave_1 [ 1372.080189] protocol 88fb is buggy, dev hsr_slave_0 [ 1372.085270] protocol 88fb is buggy, dev hsr_slave_1 [ 1372.640215] protocol 88fb is buggy, dev hsr_slave_0 [ 1372.645316] protocol 88fb is buggy, dev hsr_slave_1 [ 1372.650441] protocol 88fb is buggy, dev hsr_slave_0 [ 1372.655527] protocol 88fb is buggy, dev hsr_slave_1 11:41:51 executing program 2 (fault-call:2 fault-nth:46): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1373.313987] FAULT_INJECTION: forcing a failure. [ 1373.313987] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.325453] CPU: 0 PID: 6209 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1373.332658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.342005] Call Trace: [ 1373.344581] dump_stack+0x138/0x197 [ 1373.348212] should_fail.cold+0x10f/0x159 [ 1373.352368] should_failslab+0xdb/0x130 [ 1373.356341] kmem_cache_alloc_node_trace+0x280/0x770 [ 1373.361434] ? mark_held_locks+0xb1/0x100 [ 1373.365571] __kmalloc_node_track_caller+0x3d/0x80 [ 1373.370493] ? led_trigger_unregister+0x2e0/0x2e0 [ 1373.375324] __devres_alloc_node+0x39/0x120 [ 1373.379631] devm_led_trigger_register+0x36/0xc0 [ 1373.384380] hci_leds_init+0xe8/0x1b0 [ 1373.388178] hci_register_dev+0x2ee/0x810 [ 1373.392312] ? __raw_spin_lock_init+0x2d/0x100 [ 1373.396887] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1373.401192] tty_ioctl+0x8f7/0x1320 [ 1373.404799] ? hci_uart_tty_poll+0x10/0x10 [ 1373.409018] ? tty_vhangup+0x30/0x30 [ 1373.412731] ? __might_sleep+0x93/0xb0 [ 1373.416609] ? __fget+0x210/0x370 [ 1373.420063] ? tty_vhangup+0x30/0x30 [ 1373.423763] do_vfs_ioctl+0x7ae/0x1060 [ 1373.427635] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1373.432380] ? lock_downgrade+0x740/0x740 [ 1373.436520] ? ioctl_preallocate+0x1c0/0x1c0 [ 1373.440911] ? __fget+0x237/0x370 [ 1373.444348] ? security_file_ioctl+0x89/0xb0 [ 1373.448738] SyS_ioctl+0x8f/0xc0 [ 1373.452103] ? do_vfs_ioctl+0x1060/0x1060 [ 1373.456259] do_syscall_64+0x1e8/0x640 [ 1373.460131] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1373.464962] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1373.470141] RIP: 0033:0x459f49 [ 1373.473326] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1373.481030] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1373.488291] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1373.495591] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1373.502844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1373.510104] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1373.517666] protocol 88fb is buggy, dev hsr_slave_0 [ 1373.522801] protocol 88fb is buggy, dev hsr_slave_1 11:41:53 executing program 0 (fault-call:2 fault-nth:40): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:41:53 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f00000000c0)=0x4) 11:41:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = add_key(&(0x7f0000000100)='ceph\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="ca0494531001256d29259055043a977c2e23e6c40ef19af6866befe4192d0762df6de1350c21369ecc89a3e4216fd336582681a1a4872b341830773d036cccffa774e672a667b5e502de0e5d3317591f43358cd9905fa4a4592e02b9ea33d5c34ce08fc1fad315", 0x67, 0xfffffffffffffff9) keyctl$KEYCTL_PKEY_QUERY(0x18, r1, 0x0, &(0x7f0000000240)='net/fib_triestat\x00', &(0x7f00000002c0)) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000000), &(0x7f00000000c0)=0xb) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x12a, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}, 0x5}], 0x3, 0x0, 0x0) r6 = getpid() sched_setscheduler(r6, 0x0, &(0x7f0000000380)) r7 = syz_open_procfs(r6, &(0x7f0000000300)='loginuid\x00') ioctl$NBD_DISCONNECT(r2, 0xab08) preadv(r7, &(0x7f00000017c0), 0x331, 0x0) 11:41:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x80000) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x4, 0x8000}, 0x4) 11:41:53 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0xa, 0x803, 0x5b) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000300)={0x0, 0x2e6820193c62dede}) r5 = fcntl$dupfd(r1, 0x406, r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000400)={r4, 0x80000, r5}) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000700)=ANY=[@ANYBLOB="07000000000000000000002e67af6e56c38a07ce7662b5596f01609761b4ed0bf2ba7b14f568a69dc6988986f9aa339f0d030f1f9d770c36739a474b27dba56145f1b0b212518533a15bb2360668a19f423af204d6d46dd541f1cdd0beec305e7cd6962bf0eb9da259e79e23937e6490f7ce1616"]) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000640)={{0x0, @multicast1, 0x4e21, 0x4, 'nq\x00', 0x4, 0x81, 0x6b}, {@local, 0x4e24, 0x10000, 0x5, 0x8, 0x8cd8}}, 0x44) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$tipc(r7, &(0x7f0000000480)=@id={0x1e, 0x3, 0x7, {0x4e20, 0x2}}, 0x10) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x41}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x68, r8, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x54, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x6}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x27}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x40}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8005}, 0x40000) 11:41:53 executing program 3: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x100080, 0x0) ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f00000000c0)={0x28, "7dca1f6127407391464b1c273f43dff8d81adff544574593402526a265385e929e49fda14c44ad42ef9d0cac90c4072f49030c9253dee6f37336022b2f9ea3e76184eab7bb0f6953547ad3339d0bcd5cd8efd7e9e9aff2d2b787254fa4e39efd2ed4d0e9a1d8fbd227316530080d017ff9d5f9649b3ace38f1b73aee059183c1"}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x400000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x10) ioctl$KDADDIO(r1, 0x400455c8, 0x0) [ 1375.292687] Bluetooth: hci1: Frame reassembly failed (-84) [ 1375.303656] FAULT_INJECTION: forcing a failure. [ 1375.303656] name failslab, interval 1, probability 0, space 0, times 0 [ 1375.327277] CPU: 1 PID: 6223 Comm: syz-executor.0 Not tainted 4.14.151 #0 11:41:54 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) connect$can_bcm(r0, &(0x7f0000000000), 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r1, 0x400455c8, 0x0) [ 1375.334222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.343580] Call Trace: [ 1375.346179] dump_stack+0x138/0x197 [ 1375.349823] should_fail.cold+0x10f/0x159 [ 1375.353982] should_failslab+0xdb/0x130 [ 1375.357962] kmem_cache_alloc_node+0x287/0x780 [ 1375.362544] __alloc_skb+0x9c/0x500 [ 1375.366166] ? skb_scrub_packet+0x4b0/0x4b0 [ 1375.370493] ? netlink_has_listeners+0x20a/0x330 [ 1375.375339] kobject_uevent_env+0x781/0xc23 [ 1375.379654] kobject_uevent+0x20/0x26 [ 1375.383448] device_add+0xa3e/0x1490 [ 1375.387164] ? device_private_init+0x190/0x190 [ 1375.391735] hci_register_dev+0x2d9/0x810 [ 1375.395876] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1375.400184] tty_ioctl+0x8f7/0x1320 [ 1375.403833] ? hci_uart_tty_poll+0x10/0x10 [ 1375.408053] ? tty_vhangup+0x30/0x30 [ 1375.411758] ? __might_sleep+0x93/0xb0 [ 1375.415627] ? __fget+0x210/0x370 [ 1375.419076] ? tty_vhangup+0x30/0x30 [ 1375.422790] do_vfs_ioctl+0x7ae/0x1060 [ 1375.426683] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1375.431444] ? lock_downgrade+0x740/0x740 [ 1375.435613] ? ioctl_preallocate+0x1c0/0x1c0 [ 1375.440024] ? __fget+0x237/0x370 [ 1375.443491] ? security_file_ioctl+0x89/0xb0 [ 1375.447896] SyS_ioctl+0x8f/0xc0 [ 1375.451264] ? do_vfs_ioctl+0x1060/0x1060 [ 1375.455412] do_syscall_64+0x1e8/0x640 [ 1375.459330] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1375.464169] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1375.469341] RIP: 0033:0x459f49 [ 1375.472511] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1375.480206] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 11:41:54 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000001000)='devlink\x00') sendmsg$DEVLINK_CMD_GET(r3, &(0x7f00000010c0)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x282014}, 0xc, &(0x7f0000001080)={&(0x7f0000001040)={0x14, r4, 0x8, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1094}, 0x4040080) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="000000000000000028000d000c000100766574680000000018000200fd00010050f0bac7", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000f00)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce38681684a168e087e66c97c34d7b84eac02c326a1dff1aff3da6ede5635b8bd67bf84ff8c2070ca00"/112], 0x80}}, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000000b00)={{{@in6=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}}}, &(0x7f0000000300)=0xe8) sendmmsg$sock(r1, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@xdp={0x2c, 0x3, r6, 0x33}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000240)="db728250ef2fa86f1ab5384c32b02780bd02997102212fa755383ff678ffd9d3df01b1b430c79530bf13e0ad6c26368f5a295a97eb0f0ca9ebc3b0930f9c694c63f36d368b7dff99338bd3ab98b0e3289b99398ff9fcd5f3d9975cb522a1899b605e3a37e542f80ba147a740b34b93bf71a56afc3f7013327b592231c1d6d0a2c5388ba75131504f23", 0x89}, {&(0x7f0000000080)="963fa4ca238e321d6f2936b27a3024100bd264dabae320d714f7cfe3e59fd0cd4f8b9fc01cd8220d", 0x28}, {&(0x7f0000000400)="550e4e5652fdaf81123064837d5828ce68bd13f257da0182d9829454da7775983a99859ccad28bb20eb57e87cad10b9b81eef0217c0f12904ee1a6da3d368afdccb781f01b773820f36d383d5b2b5695c1909818480c04b4929d3ca323dea6abf051f6e106a6335846f413156fd7add2f88150ec304b3e8efa716e4502264e29521b77bfaa717a7a255320f0d38e26f176ca737a3dec44374a7e1977a6488ef4f5d504cb29f3169a12b2cbce81679be579139c55d082799f1bac4758b5a8a54cf7dddcd10e", 0xc5}, {&(0x7f0000000640)="975fde7630bf3cee0f974e48d16684e52b268e46adb67a1b11b6f0e474a0c502b95c7de048df63ea29c7d71d713b03292639420d4c13cb062d82fd17abd4c51aab5b66c2805085483880cebc1644e12ea2d7e12897836c74486034ad807b92fc0ea4c38d98caf57f739084", 0x6b}, {&(0x7f0000000700)="b449e339b7f8c6d26f92dff56646cc20ffd6724f67352c1e25d97953ff48271bea02dc2db4646dcfd2963bc5248a234adfcd732ca560bee2d76e83dd10e38fd28c94a3cc57ff9923ddc48a26665ec8d34e8040ab1ecf91d04ff27d8bfdd804ca9e20e64428f647f54bc06895f1a5e2c438cd13bd016a66d6f0fe0eaa0d51fdda1a9658144b3cd0a396423ab25293cecf5c4d7f1d5efb897c3ed50b0bbe8a3e34b1efc6c0ba", 0xa5}, {&(0x7f00000000c0)="cbe5d9d248e1586ecfd1481e94c4d22bb5144f9c899b7d2584ee9e53960dd945b456c4c0238d4013c59f8984747af38f0bd6a7752a3dcaf767848c50c66201f1", 0x40}, {&(0x7f00000007c0)="91a2ff7eed1484f3db638879c8d3bb98072a5c43c0205c1f9cd7e1fdc200a8f9a3b5942b910a8f03c65a8e0dbea153777ec6349657bfbff24b7175ecc6e47ae8c7aa5246d79cfd3340b132bd959e3b534fb87c6425ccb84f088180d7347a1207097adbb51b859b49225321d1a5bf5fb37b48e26edb639c61e6855b051bcd1ca9ff7c194f3dea928d1f8283229d8b0d5100ae3ab1e778ca6b4f6025480c81e14f048c14f83132618b6b2aba137d768ec48b9e83de0c5e56bfee626021d8a690f182cb68fc", 0xc4}, {&(0x7f00000008c0)="42e7b08d04883242af4d4c85ce9ca61a5061953b0c601faae95367b28f94bf97a069211874742a2e6a6116f40fbab3e14bd0dd292398db03b4844638b92963fee46bc6f6223de0735013da746603d23fab8122113ff3e4e47289ec9efd09c3d9b99d7c20c060ac2a70d1c126d02eba30c946d4a7a1d9c4cfd5749572085b726a1a590df2c6720f1cfbb684c19627053fd5156848b5290ae79b88fc38f7f721da5d1396194acdb3eda28c2839806a6469d5011b1af340379e541ac214026db1d6ebc91cb27a2af54670a947a4343a40c6bf4284ef53f434", 0xd7}, {&(0x7f00000009c0)="8bd28491b4ebf711b01f07207b05bf60e81ce784c5d62de26bc3ddf14201b52ae966562c8c9e02ddbdf43171ca231bef5bcf339bd9951c6bdef78350489ad7a1f32f4a076ab9d752ccfc12fd5e2e55f6a5658ca92a18abeba5f1bb0ab765e0bcf4e4c46c0832feaacc67a6616ee60e720f856c6a19", 0x75}], 0x9, &(0x7f0000000140)=[@timestamping={{0x14, 0x1, 0x25, 0xfb85}}, @txtime={{0x18, 0x1, 0x3d, 0xfff}}], 0x30}}, {{&(0x7f0000000c00)=@hci={0x1f, r8, 0x1}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000500)="35c79ba103519ba481557d9e9e5b1a", 0xf}], 0x1}}, {{&(0x7f0000000c80)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e21, @multicast2}}, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000d00)="364ad79d8883738a89c11b62dee372a11a4847ecef51bc009ad3904b5b1846df2f7cc14af6b5739bad40733413912a8d9a408b5da3eded859c7a67f8697f1ece5bcdf6758be82384e6e1dff6e56226c87c4aeea8ebdf05c2e5a2cc5ca912ec00c380e716db46a83c5a6b925a9b737ddb359bed4e6b0cffb8c05413cf1824b59ae3", 0x81}], 0x1, &(0x7f0000000e00)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x3}}], 0x30}}], 0x3, 0x4000000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r9}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1375.487469] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1375.494728] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1375.501987] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1375.509239] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:41:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RSYMLINK(r4, &(0x7f0000000000)={0x14, 0x11, 0x2, {0x0, 0x2, 0x8}}, 0x14) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:41:54 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r1, 0x800443d2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c013724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b9b00a34d10e9fa3df56e5ffd67d215b37ca15643e95ef9f3cecd2d551b90581917c1eec4e55c93f1d02895a660b097f6b22b8f75926261add2d8f6427247e5535fa9878eba33f5c254efb180a95f01cabc85a2"], 0x48}}, 0x0) fremovexattr(r3, &(0x7f0000000080)=@random={'system.', ')vmnet1\x00'}) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:41:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000100)={0x9, 0x9, 0x0, 0x1, 0x16, 0x4, 0x7, 0x7, 0x9, 0x69, 0xfffffffa}) ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, &(0x7f00000000c0)) [ 1375.610573] Bluetooth: hci0 command 0x1003 tx timeout [ 1375.647231] Bluetooth: hci0 sending frame failed (-49) [ 1375.678770] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1375.707886] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1376.800168] net_ratelimit: 18 callbacks suppressed [ 1376.800173] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.810427] protocol 88fb is buggy, dev hsr_slave_1 [ 1376.815516] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.820619] protocol 88fb is buggy, dev hsr_slave_1 [ 1377.360128] Bluetooth: hci1 command 0x1003 tx timeout [ 1377.365455] Bluetooth: hci1 sending frame failed (-49) [ 1377.520158] Bluetooth: hci2 command 0x1003 tx timeout [ 1377.525489] Bluetooth: hci2 sending frame failed (-49) [ 1377.680184] Bluetooth: hci0 command 0x1001 tx timeout [ 1377.685508] Bluetooth: hci0 sending frame failed (-49) [ 1377.690906] protocol 88fb is buggy, dev hsr_slave_0 [ 1377.690955] protocol 88fb is buggy, dev hsr_slave_1 [ 1377.691013] protocol 88fb is buggy, dev hsr_slave_0 [ 1377.691034] protocol 88fb is buggy, dev hsr_slave_1 [ 1377.920166] protocol 88fb is buggy, dev hsr_slave_0 [ 1377.925418] protocol 88fb is buggy, dev hsr_slave_1 [ 1379.440187] Bluetooth: hci1 command 0x1001 tx timeout [ 1379.445726] Bluetooth: hci1 sending frame failed (-49) [ 1379.600223] Bluetooth: hci2 command 0x1001 tx timeout [ 1379.605611] Bluetooth: hci2 sending frame failed (-49) [ 1379.760412] Bluetooth: hci0 command 0x1009 tx timeout [ 1381.520190] Bluetooth: hci1 command 0x1009 tx timeout [ 1381.680181] Bluetooth: hci2 command 0x1009 tx timeout [ 1381.840191] net_ratelimit: 18 callbacks suppressed [ 1381.840196] protocol 88fb is buggy, dev hsr_slave_0 [ 1381.850342] protocol 88fb is buggy, dev hsr_slave_1 [ 1381.855408] protocol 88fb is buggy, dev hsr_slave_0 [ 1381.860499] protocol 88fb is buggy, dev hsr_slave_1 [ 1382.080281] protocol 88fb is buggy, dev hsr_slave_0 [ 1382.085366] protocol 88fb is buggy, dev hsr_slave_1 [ 1382.480213] protocol 88fb is buggy, dev hsr_slave_0 [ 1382.485484] protocol 88fb is buggy, dev hsr_slave_1 [ 1383.040274] protocol 88fb is buggy, dev hsr_slave_0 [ 1383.045564] protocol 88fb is buggy, dev hsr_slave_1 11:42:02 executing program 2 (fault-call:2 fault-nth:47): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1384.196413] FAULT_INJECTION: forcing a failure. [ 1384.196413] name failslab, interval 1, probability 0, space 0, times 0 [ 1384.208326] CPU: 1 PID: 6256 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1384.215279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1384.225199] Call Trace: [ 1384.227788] dump_stack+0x138/0x197 [ 1384.231417] should_fail.cold+0x10f/0x159 [ 1384.235570] should_failslab+0xdb/0x130 [ 1384.239708] kmem_cache_alloc_node_trace+0x280/0x770 [ 1384.244947] ? vsnprintf+0x290/0x1560 [ 1384.248750] __kmalloc_node_track_caller+0x3d/0x80 [ 1384.253871] devm_kmalloc+0x62/0x170 [ 1384.257903] devm_kvasprintf+0xaf/0x100 [ 1384.261879] ? devm_kmemdup+0x60/0x60 [ 1384.265681] ? mark_held_locks+0xb1/0x100 [ 1384.269937] devm_kasprintf+0xa5/0xd0 [ 1384.274000] ? devm_kvasprintf+0x100/0x100 [ 1384.278238] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1384.283339] ? devres_add+0x40/0x50 [ 1384.286964] hci_leds_init+0xb1/0x1b0 [ 1384.290759] hci_register_dev+0x2ee/0x810 [ 1384.294904] ? __raw_spin_lock_init+0x2d/0x100 [ 1384.299495] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1384.304331] tty_ioctl+0x8f7/0x1320 [ 1384.307954] ? hci_uart_tty_poll+0x10/0x10 [ 1384.312185] ? tty_vhangup+0x30/0x30 [ 1384.315899] ? __might_sleep+0x93/0xb0 [ 1384.319782] ? __fget+0x210/0x370 [ 1384.323241] ? tty_vhangup+0x30/0x30 [ 1384.326986] do_vfs_ioctl+0x7ae/0x1060 [ 1384.330946] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1384.335704] ? lock_downgrade+0x740/0x740 [ 1384.339919] ? ioctl_preallocate+0x1c0/0x1c0 [ 1384.344338] ? __fget+0x237/0x370 [ 1384.347798] ? security_file_ioctl+0x89/0xb0 [ 1384.352325] SyS_ioctl+0x8f/0xc0 [ 1384.355687] ? do_vfs_ioctl+0x1060/0x1060 [ 1384.359875] do_syscall_64+0x1e8/0x640 [ 1384.363887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1384.368735] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1384.373921] RIP: 0033:0x459f49 [ 1384.377108] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1384.384815] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1384.392279] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1384.399592] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1384.406875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1384.414205] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1384.424122] Bluetooth: Unknown HCI packet type 5e [ 1384.429735] Bluetooth: Unknown HCI packet type 43 [ 1384.435994] Bluetooth: Unknown HCI packet type 5e [ 1384.440898] Bluetooth: Unknown HCI packet type 50 [ 1384.445985] Bluetooth: Unknown HCI packet type 5e [ 1384.450989] Bluetooth: Unknown HCI packet type 40 11:42:04 executing program 0 (fault-call:2 fault-nth:41): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:42:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/checkreqprot\x00', 0x40, 0x0) ioctl$VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x7) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYRESOCT=r0, @ANYRES32=0x0, @ANYRES32], 0x5}}, 0x4000000) dup(r1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$RTC_UIE_OFF(r6, 0x7004) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) connect$netrom(r7, &(0x7f0000000280)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) r8 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000300)='/proc/capi/capi20\x00', 0x200000, 0x0) ioctl$KVM_PPC_GET_PVINFO(r8, 0x4080aea1, &(0x7f0000000340)=""/108) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r9 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$SIOCGSTAMP(r9, 0x8906, &(0x7f00000000c0)) 11:42:04 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x301080, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e9, &(0x7f00000002c0)="a89d184295d7c87b475fe83e05ae94dee5545b066d5748dd418fc15dd4beff6e43529d61432a1f929aa7414527cada47733e6c78908116fed8947cf2d6cf58eb23de7e423402da7ea7615ea2390e4b641ef100a055fd8a260ff4dc5453ccba809f58ccf8e4a92068bca372e44e686530b04455e726bc9f8bde3bfe626567cffbcd0656f67187362b03eec22f786809e7c4ae62a96ec90c23408dd49897215d09f7308bb3ed14c2b66c2b") sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000100), &(0x7f0000000140)=0x4) flock(r1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_G_AUDOUT(r5, 0x80345631, &(0x7f0000000000)) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r6, &(0x7f00000017c0), 0x331, 0x0) 11:42:04 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x4c, &(0x7f0000000000)=0xffffffff, 0x4) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r4, &(0x7f0000000380)=@hci, 0x80) r5 = socket(0x10, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$can_bcm(r4, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:42:04 executing program 5: socket$inet_dccp(0x2, 0x6, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/mISDNtimer\x00', 0x0, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) [ 1386.160836] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1386.195019] FAULT_INJECTION: forcing a failure. [ 1386.195019] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.225918] CPU: 1 PID: 6273 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1386.232891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1386.242252] Call Trace: [ 1386.244846] dump_stack+0x138/0x197 [ 1386.248481] should_fail.cold+0x10f/0x159 [ 1386.248502] should_failslab+0xdb/0x130 [ 1386.256602] kmem_cache_alloc_node+0x287/0x780 [ 1386.261195] __alloc_skb+0x9c/0x500 [ 1386.264828] ? skb_scrub_packet+0x4b0/0x4b0 [ 1386.269151] ? netlink_has_listeners+0x20a/0x330 [ 1386.273920] kobject_uevent_env+0x781/0xc23 [ 1386.278248] kobject_uevent+0x20/0x26 [ 1386.282052] device_add+0xa3e/0x1490 [ 1386.285764] ? device_private_init+0x190/0x190 [ 1386.285785] hci_register_dev+0x2d9/0x810 [ 1386.294488] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1386.298811] tty_ioctl+0x8f7/0x1320 [ 1386.302440] ? hci_uart_tty_poll+0x10/0x10 [ 1386.306678] ? tty_vhangup+0x30/0x30 [ 1386.310409] ? __might_sleep+0x93/0xb0 [ 1386.314287] ? __fget+0x210/0x370 [ 1386.317726] ? tty_vhangup+0x30/0x30 [ 1386.321426] do_vfs_ioctl+0x7ae/0x1060 [ 1386.325305] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1386.330046] ? lock_downgrade+0x740/0x740 [ 1386.334174] ? ioctl_preallocate+0x1c0/0x1c0 [ 1386.338562] ? __fget+0x237/0x370 [ 1386.342000] ? security_file_ioctl+0x89/0xb0 [ 1386.346394] SyS_ioctl+0x8f/0xc0 [ 1386.349739] ? do_vfs_ioctl+0x1060/0x1060 [ 1386.353867] do_syscall_64+0x1e8/0x640 [ 1386.357744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1386.362578] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1386.367753] RIP: 0033:0x459f49 [ 1386.370924] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1386.378612] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1386.385865] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1386.393122] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1386.400374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1386.407671] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:42:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x101000, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:05 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="5433f879f249f7ed51109061c07f1974ac22c90197d40109a50033c708405e59dcb5f5b58a8688f78d7fae87a99ae57c8651499a0964a5fdd97884ab912ca727088b5a0591066e07f560b1f8063658bcbcec75b57e2e4874f2a2fdf7d56580392957b6e984fb88fb447b9cb00af52d6d571429a9ee0e0989d26978f22fc74e97abe7402b3b161fe5238b827ae56d6eda761590a1432d34e6baf2d4808f2969ecd936f5b83a85d1457d0f4416a9422516a6818d79895c41a2d0b42a930051c3614798705b76f6a51f9476e313cec2c7fb5897544b8965a777c1fe15bd4d", 0xdd}], 0x1, &(0x7f0000000700)=[@iv={0xd8, 0x117, 0x2, 0xc3, "ad642ebb5f3d420c0ded3c83b6b0dcd7f2368c591718c5d44ce4fe7460c00b7a987fd402343017600b51f219207889a005f28afce8b778e5439a3e5308b0eb36015ca6f437ad379155d7d0f8f3314aa34f5994deadc43a238e96d8723292131bd26c797f6668cde1788f50d79bf7663a4d296179f03f33506de311e18f4466d00696543022511020f6bd03a71521ce5f38d07b3c917d17396e4cb6c04cbcea9c691e5719af5d86459ccdb3415aafd813b335f9fad81fe60390020ca35a4d0e2980ce47"}, @iv={0xa0, 0x117, 0x2, 0x8a, "db6e2ea8f066e9bca974943c87d921b288467901ebc90e61f8d096ac60e4c1b944d00b186013989e4bc474697a0b62b511065ef000e318eba98fa41149e833fa0921223359763dfad67c62ffc805f9cc68b601dd7c5ef316c008b57a407c64de987d4e630ee2119d6faa3b8e1950a487660380d93d6f7511c7ab9bf4ab92c13858cd386a518db6c9f689"}], 0x178, 0x20000000}, {0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000140)="e8348cd1f938dc108a1eb2dd9c52d67aa62327bf2e2bcff0df2c96204fca01cf9510edfc868eb10e6767da985dd52385d728371b", 0x34}], 0x1, &(0x7f0000000880)=[@iv={0x100, 0x117, 0x2, 0xe9, "be5872ca112b9ee3083233479e0585a6cec355f327e132d6c974da4ae50adea4baa401ef39d1df0ac75ac95f46c3c3a7af17bb476588d24493282a8f417393f98fc5821e9d4f39516e2e5920238aa1bea5b6eab72b3236ffd266f8bf7fde76008b89602fed378cebcc5edb5a2e7c4ad3d1452fa225cf8ab04c9d454f74ef8eb7e7d00d8209117e5f4403920474a33a9211bbe24c19092b7d9f266f2aaa0eca21313339e41a6b7ad143a039c80c651235009b2254c04e151bf11505875f8ca3ed6516b4892af05d595d6cda63d35ecf87c2b9729d3b6a81cd320031b94457a809f3b512cc693685f816"}, @iv={0xc0, 0x117, 0x2, 0xa7, "b46ff5d2b793080743e7122f4e40043779e80fc30dcfcf0b0db4daaef92f0f8ece6e66dc7d9c05370435b935bc7b65c65bb9d8f11f4e2abec1095ac127a010d2b01f57070633954023893ec21ca8e90ec617c95afcdf390c57857f8f473b3e4b5da0ab6474cb57ff35d6bd85072f7b150bbff4c016be65473d70cf03b314c1a8989292acf986617f15f0c78ef870b8296857fd181a2507ba7e94fd32a1b28602f9e983cb3ec1f2"}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0xfffffff8}, @iv={0xb0, 0x117, 0x2, 0x95, "eff621c96bd226b924719c0a237fe9cf1d5ee27049746752ff5ddbeea2b66b1081f2e1f23bd5bb5ff124db134ac83f1d5036b8b8e4db1511cf28ef923623435999336cb75e3586b6f06e600aea7d4a55415f111f7c80dcf7ce2d021f6a185ab6b35b79d5c3d2ac26966b1fa5c63702129b6ced6a4507b5b441d7e5d78bcfbba00038672d828055cbdfc28f4ced2855fe960fb89a2b"}, @op={0x18}, @op={0x18}], 0x2d0, 0x6c044}, {0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000440)="f4fa8ee9c2cfffec2cffac2fd66d6d4250d8915acb42c8768de21390c0df8f0f45a0f8aea42e357d9e03df9cdcada8cfc7e9e7aad6723eedec6e0ebdfc6c8326820d96c9ae80e7a1bc70db69ae8bf4ece8", 0x51}, {&(0x7f0000000b80)="bab7c6efec93d573c4ee19927041363e68c0d4955e6e2505ab8b375a6236580b4a40bcddf310c46a5c277404ad3efaff6e4ec35681950b859f9e158f752c10928664565ad0f08581cce4e1a4b9d23230ad0ff9f53aa76880a9a04e06edba9d45386ef9987fefca40e1870937bd5f44c360fc804eb8610480315c417e22e7e96cc4dab1842cf18b73c165c1116cdea7e6ba318e77c9bd0707c21f9a9ee50976421d01d1d2f3828511ae2a739683316e3989600fc6097e3d80e53a99248fb71737d2d09616b686fb8b69e3c4f2c2e01fcc9917a06922f157dee7c01565cdcba82829ba39f5725e1a9e0224eb199eca9cfc6b7f0ad17f9867941f7c8173ee10050682d7e83f9ed58b0170690989e91b34706dbdb1b073b7d2976584fa691cf08d43505bbc19d044601b83471c206ea6150bca59b52a6127ac01004b1e95ce181020b893c06060a414f455bdfdf800bea078e586c1324873a7f1924dd6c296f4a8ee909f34d5098470a79dfad706bed195b2570897e92bb6120d9a7bba75ee1c95ca7a506be159a2de4ed572bb539d9f68c5639207b4a39709e52975c13ae62fb0540d519dad1d90f50a195e8b87082b112bf75fd8b7aa7e5241b1af63dbc405b2c40469239f12f7a6927f7c4952bfbb77ba6f6eecc3945a785540c575f3a1788cc38ca27a81f38cae3e7450ebe91f9483e49e43d5ca5b35e386518f4d5b6037432b5a12318108cce8620abacd766e7df9c7d682c4143f4a05616eddac5a617b7500b235333f9286489276f5944009159f317186d95b1db0e13dc92b16e3095650ec7e0946a2996fe5a96d8372a0a264e2bfa0a0347cd03c0dc37f49a9e58bbda45a30ac75aec51ee76be0abdf4603cc3310ae643492442e8a1b32d454393d17dce0f214e68bf9f0216f350e7f68b4e91c04193ea7ec7664287eeceb02307fae31ee29b9edd8a42918d6ca0b197a0d18605e630747d75585109eab67647841a571499af0f758a675bf34c9bbe6213b08c912c185b7dc011678d8eec0fa6c3aa8273c9420f219b420cd3aba01d6e1d1485f47f51a1a443ffb93715d0eeed1f395d6a0e57015c84de14692b1c526d08ccf70cd8c6ad83bff464dce9ca4df5c2e85b5cc986c997a9b3ad66e4433d06e3b80480e18539f5631e96530538c5a620bb23dc9ebaa7b4bba374ee361b445b5aea552bc6b88dac53a01040525eff761b0a86a659689e0d2525c3d7e2d89d39300bf2d1217e15ce96597b54df0db15fc379010836c6b7e04d7a44a0e634ef5c3df5222a739a83e47b2a6f122bb54a34d81c409d497da9e07918b597d3be9e302ef1f271674ebeb354c4c1aab24a0cdb06eb507f0fd98dd505cc52cae99826e234ad757c95131d9230fb98359af8331d53dd1d344632c66117fdf644e4baa13980ba36e8acf9cd496b0bd06f7af7c3cbc11829c6c9992c837d43406adcfe995f6fc04c1ceffbe28c0479f22f74114a0ead63f937536b009eb32a5d8cc4ae6f79e18a63f243a852f2ed414901634b92771e7c844d4b193d593e3e028d9803f767af68e96dc0cc075d7809dbea073ae0fa5ecf1d1adcf9c0ae39223630fc0f26665deaa7040e75b9e1f1d57bdac5cd9e3340e76c0e0484b21ee70ad2a2c42841b1f11d7c2810a45c79bb4b9e2143a7a32fe1a303ea0b0804bd7b698505fa52df446b26484aa75cc566f439e4fd9c7e5cf6ec0937a57c3ea99b15433b7fa5704e7d17da2c6b655322a217fe7e05f83edbbac3a26b84add37bcd3133128b9672eece5be59d5ec820a18dd76a85e51394ddb93473d919844bc7478bfc994d002c9f649d571e10073e06a1dbce4d3b1153461d79c6d4e5bbef717ce3506d3ebb32835dcf2a05154faed8c0a02ab7dc78d445232463fe2d4442d9ee34fa14e4a170a9af9ba460f39efcbd7148e765185e86e106a10cd2f7c4c2289c3b9c7306f65997f9c745dbf5d17a8d70929dff100b39f4f94eb937709ac81d53959f3c501df2d481fb55685d834e7a152d7d5dd7eb89de726d14ea0ae2c869181d3039d44c87f2fe0a46ceda9298a4685d8bb9d754f9d8ea5ef1cc91a33559fa8cb811d7c629a78d02eeea692391fd4ff480980a7d66c001f628d253222d33702c6caf543ae78b19aff5dcef2f31b7f6f7a0553e30d0b7c6eaac82e6dc62112a968cf269a3b1d50cab26e5406832ff2c0c5da74b870cf7a65ffdc61df985031c7e3e8926c338458abaef336a08c971b2788b860836fe4fe73adc5e5b58161ff0bea67f9c872a1dd5ed5b5cab27018c34fa15598fec653c7ac7c57b2a8cbb702ab499424216f7d650c6ed19b2e3b74e2d062dcbf7284068456db08d2f50d20930aae02ac3be6ab3e673b2bb8b28edcafa94de909f9bb069e2fe7f92b366c097a853200af5ebd2e17deb4682aac6fa25e121f91a310f3d8251cd27519bc46336ed8a93cca5d68b5036d4f5f5db176d174bd00892d7a5646cf8746eeceeedd5a0d45ad7336c22cf18b12f6250f3078e96fecbca8de30bde076cbcb3efe7e723ef33607ca64f91101522ed22e72a33a1d915648b8a9ed800b8c105e2dc517f11de047f47cd5cbbd58a1f807c693b611c371b0aec348165aef3092d2663e13d8496b2e59b071c8b15cc9bdcc83b268c0993e75b449b833164d34249b664d0e6ee591831836269bc8bd9d9d1d5d58268935d5be901d463a55d0550179bd2c5a26534317d736c8729ab9e277f72d5ccde3992b95b52cca3a8039dd85a71dfffcdf2dbffe4b9c34210456ff5976f7321a01431e09fc848697cccd9827ace3e477cef96517d94f0109aa72759a7991d231641e3c97b89b3c7efdb84aee01c6680a324b0bceb0c58b0da79e6684deccc702d57face51a8bf1ee5f14175d6096d33cb6096a42f059eca7afedc01a38b8e72709b8c4cbf1a540b496a0a6414b9c49a6f9d9c65dd866340c88f9dbbaff04bffe36c61d29517424ab38bd7703862df8b58949c6377ba407f68e0b8a30efa058322f57b9e533ac947fd42eca7385fbf07989d343a744dae3f4506617e792ef6dd13d61a6565d8dee976a43229d7a7e3cf076bafcb8a723897abead7c03f5b05eb9f2417acbd038b93856992c903cdce3dd2fe2a515fcaff53cdb5e97b23a71d07015a37c6154e49afb75cc027bb0289ffdd103ef679e20a5f51532da07f9481220ecb1cac8f398c1850f2fc951a24c86e052f729eb9a65d622293c1f851ab979f7e6e1f558b8babf461346ce4d7d0903330c5004dfe5cae9ae1d77f2cbc58b4343de141b89d4936ae080d40a929052742e5b77906e08bb03a8699a0df6a1a84dbf776e96c6e605e08b53578022a9cef29c59440bca9c8737519cc3cf6d28955d719ef93582e05ad4c5d605d7556eee1fca71228dc1b098a6a580265c9da1f89f2a971b298c60eec863ffdc77761458065fee1ea89ad33359acef0b3b29630d354eb4e86bab7cef39e36aef404e6a34c436035d6fd37c42006b941f56f913ef44a3776e57595eb5e20c8a1082321987803e55a62794977a7f63b9136a1fd9084e2933a7c28084e55afbc56a3354c525a2387330c8a1febb0b5c3ef2a6c07fff1a697a7d8ddf18649f575c06c1c6a319b65824a5e040f5eddcc49c139f4444b02404772a5a00636b62b67cb69f9eafaa03123c432cf5d9d59d1553f66e83236283d94d980e490944390160b4890fbd0ab27f0a823d478c7112882ab9dc5fee71d1c81c052926558e769665b3213003fcd2147a083b25dbcd0284b397200f0d5615288335ee7f66f14c3d452768a739ea9e98045d7801f394fa505ddb97767ad4573c250b47f90ff7de916a660fc1575cc2bf987a20e75084e5c8eff41f30efc366f38ebc43a38010c1d5995f92dcf50368ce76bb159c3442aa3272a2f715228759bea0fbfc84228611e9a6dbb0e49e16f9c5e42f5f69a30e5f19a9416e290423df947aeefc99dab8f461f56b82e39d62dc494b1f928a8e0ea17ab5f3b9fc38738acbfca107342490e952919f8f506de4aef6086691f821086077e956be98e6c1caf0c3060b1f8e9b5aad441c4711d0aa43d5d07684a8aee067623d8039a3c936029961ffdbf6024cb826cef8075a69f1a5dd1821e50ff03f3d930e577fe6bc473fb02896920fb946ad8358bd29b0618284719f14a3f63a6a99b5d7531d095086a915079b245e07d31f4da8ddfd41446c71b08030d6e48046487a5539d43757b4cd60b8cdfd0041254abccdc74a8e1e0e8ed7161c7df43b27b641fbf6fc34d4942e00e9a048758afca6aa0fea180c6e28e648dc4896cfb87b3201f5e10513f1d364adae4fdbdc59ddf2c909e990d85dc85ae2f2eac278dbdb2488804c6596d2e10554b7a379f040701a2c8a3826d384b8b2df7123369eafa4f3a265fbbf6859bc0ee19dcbe716de7c0326e21caa83be88fa3d208ca80adb99f7999feaddc610ea13bd525e559d0d4d37c369fe47ddbd7f8e263e4240d0e4df1154396e3d4b0a8df61c077321487b53f6b949adf62e90c0597bf3558b6ce5575b0079c7414d13e55bd10aad5dad3a746bfa696063da140306b49844e3b1cf1a5b4a07843decb215358db6aa562c73f6ddae2e766ad83329c84769f3f3d9ce44a9fd53edd658e43436110d049be4e58764fc68649e361e722c325e61a13b0a854c0385a76193e0c5650b532442a6c7960c9c6805a35c6fb492fc28ce372b603ea6e1be291a7f9bc3bce89f368d42899db0bde813285a993baf7c10cd3fad33eaa38dce824d485add7653db6ea85824c18e9a7e15df5d7e5282f211fd348a243d95ad685045afa79d1d752b1c2582c2d0faed0522cd7a29ed335fdde5e8e4abafc8edb723fb8050474a8bc746776460cd31a2f4c8beab30b983ff83996c4251dbcadf100745dcf05ab01c82ff7519073f049f1dc1d811f856bb2c488e560b8da2d7a87ba3042c10169c68b3733ae6fe87402a420edfa6dd57f24eae9cb9476bb08aec05ad5c271f73d9f1defc03ad1f7bc702ba7d9d38da69a5d525b1fbd64e7f3d3c4f866eeebcc88834ce82bfa90f2ad2f5e182e8a5005176e63c2a09c3ed101162d63c3cfa113c154bca25cf7850aafb73a808b7388e299bd2051d2ac96a3fdeacb3e448fdeec83b991c5842caaad994b377e78ebc714125539b723e60d357c2837c8428d131e3003042ecd98d6817079e96f829a3780180105fed95015ee7587b3a6bb8a05c2e41ea0257d62855c5db5325ddf67f380327bcaefde426085370969eb33117673e9b21ca6aaf4abf5502adfbbb8b0365eb97d1a82a0951b2ffd9a38afa88e8fc0b130d8b9d2b6459c46540a7c380c1ab9f3ddbabf3431ec50fdc7a98805aea34d474fac1d0e4349a626ad499fbdcede778efcd466a68e9047b7c41c9fccbb11e363baf83825e364aba7aa79db26082f2c37c2078b1348fc36b74d97a1e6e9bbb35df2d9093567cbacabe3fd841147024da847e3fbeff9dbdf9a74e617f609b6dc43ba8d7a0011051cf3b4710511a67701bfb9afabe934d4ff6dc1a5bd87a6f81d64d7977de1805f6e0f32a891fe19886c4df28ff791839cc0ef8c5c8b178c46634ea1f46ec301e9e0ea4408f63c652dc0bab51b742050913f853aad57326515caf56022a565609e796edefac7e10af6ae930ad1efef5d48754026afd416a32a18360c3edceadcc21adeddec65875b1d52f6bf1f37482d71421b11c64a243d109f52a04212258a4ecf7b2d043572b8aa3b8d3f7932d13361065417adcded8cd47989571ccbb847028081a9a02a20ec307d96383", 0x1000}], 0x2, &(0x7f0000000500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000}, {0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000001b80)="59c44cf3ae838dc94adbc22c44b6c4ed356833e4fdcc637a436b1e1984fb62ccffb83b05139a6059d377508f8e0b8bce7e40d72ff950c91cba67a37821ecbd9c447e7ac0f8bc89a381a105160843ca66c51af3d59b0faa4ecef268e4c782a1ce7fea06ee0107ef3c71b69a5d7dbb5825d761b41a18a5c7aafa0cafe2a7accb92642f97928202f27569b72a60a91a6973d54f42926a1a729af88c5deb8ff3996326e4e2332193bfb183cf0cb37928284a7ef8d1e0171a6d48c99dd79def74d6fa5a227bd530b1d902064861f75d8d5084746e93c93fd99d614377d28c13123d3567e23eb8df693d", 0xe7}, {&(0x7f00000005c0)="367002aca5948b8a0acf1be7", 0xc}, {&(0x7f0000000640)="3ee7af3e620bb8cb638a10d66ad724d8d25d42f47e2e384143f82067a8445dae7f7524961850c0ca2250abd3cb13cde32c6f9996c5c55e97b0d67140c31de3b70ac10b0936a93e2e01329bac1ac87b514a2b0eedfb66dc0bdf3ab09f254c1dfafd5cd0d4471b0b7b363e", 0x6a}], 0x3, 0x0, 0x0, 0x8024}, {0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001cc0)="aadf903e81076a99c5cbaa403ed1d016b29f853e485ba6bfc107a40dd4b16ddffb7ad18d6fae0a54d4", 0x29}, {&(0x7f0000001d00)="6dd506729319ecb231596ce455bb4adbeb4b171e41d9ace1a16e1a58bab88b10d1d5dd8b69d2af4dd2b0d0f09a4a4921ab7f2b2b33dc2f590f2ff8e54c3ace9423d87dfaecf89c5617ff278e7d0f7e9f9983c118a2", 0x55}, {&(0x7f0000001d80)="a22de45ee172fd093c603a3a0cda62a3415209615bc6aefc9d6c7f3bdb8bfa7d7cbf54f4c5c28563cce7b0f45e3c7170e490db6510f42e989769e8404597ce51545578b430c8676c5bb8", 0x4a}, {&(0x7f0000001e00)="01f871a3e2e26eff814a1ca09ac1c8dcae7c13836130a3a4e3c0a058d3e9332dee97f8bd2aa08798355173ae1b3b9abd9491d46c85335eeee3e4d969206a658a03b3078e109575249349ea186eca20dfcf5aede1c07d927c5e4b228895a92a689ffc729285b64e1e3b69a3484271151de1e8de1b1520ef86233b34e2da4d1f0d7e4a627cffebd6b0e08fecc5ebed825313cdbbfcb5587cbb2caf79b83e012e1ea845e7836fd9134fc00f1ed6b643976d86f028b4038e1a28e0366382cda554d853dadc", 0xc3}, {&(0x7f0000001f00)="0c862bf1f6da1d7755a754a3ff7ade427e385521d078729d3114de9142de741ce2444936f4f796268a91c07fe94370a3eda2465c11d65049527ee16edb88c4572459c553f2772ad397c3e56b375952214479b84daea7b0702c9f01874e71c556afd2dc250399793a91778b9c166ee1c0b9d758ff73c45aee06ad8a78bd44051cf9234d7a95b0da612d836dbbbdc8991acc1f62c24b1db31ae4e95b20a418efad78f9586a2b5d38", 0xa7}], 0x5, &(0x7f0000002040)=[@op={0x18, 0x117, 0x3, 0x2}, @assoc={0x18, 0x117, 0x4, 0x40}, @assoc={0x18, 0x117, 0x4, 0x39}], 0x48, 0x1}, {0x0, 0x0, &(0x7f00000033c0)=[{&(0x7f00000020c0)="22d8521517a3741a845f3a842a261dfda9ef35b4958ec4aeb7d9157df4dd28d6b15939228221e8e3d672bc22af9aebe72e85357b4a71ae62c5113bc2cbb8a9e02757a276af4aceddc98277cd4fa39ed00e4437a172d75a681c13de59cd749012822e1697e86aff20fd21e6f6959869eba98b2b11096c23389757ce9052b164df712588ac8962b47c0b27b4eb1b27ec4bb8997e030dc5ba1b715740f1ea4a6d99", 0xa0}, {&(0x7f0000002180)="81a64947d1ae06f197ddad9b339e7cdccc13bcba4cc18bbad64d60af252f7bdf5ea0ab081a4d6a7f62e5df7bf793666fa4064993525bb9f9c3ff466b62bd0e7e56236fe9f233bb9d65bb1db0591ff65a9bdac1dc901ab881ba78f6138dfbb3a54bdcff5cbd44eb46393c88b7e1707cc633d69435f179d082c219d350869ca562c83a4cdce2ea217c5dbf65f345b899375438a2116e0612a79efcfcb9f96679e8b17a36475f4254fe00aeb93afcf4f4139f2c08c78a0a78fb2f0b51d1bc79542bba114ceaaa282c31b50f100bfe997357cb9b77842701348568c33bec413f84678267b179a964894da9adca060c341525038bcce1ecd22cf82c5db859", 0xfc}, {&(0x7f0000002280)="dc5d7829a8fe64a74c388810d5ff594dd23ff24937ea170a17c8e726ff1a150d5864916ae11311157d310021f7720a9ab238b1c1f081d29b182613550b1bf81ab5e06a5cf8652f80bd", 0x49}, {&(0x7f0000002300)="d8e3ed5a24ed38e429c14a332e61bfaa245ee497b39ea1f6bb00dd954e3195d92497fbb7706de5f7cc7b1f063664ed576ca03d9121df23840c", 0x39}, {&(0x7f0000002340)="fce0fa4ea2c70c369f312b934a450ca1c15e745cf057cbe7edc5d2dadae5155869334cfff4b9972345529813e7e8ba6322bc97b05a5cd5460a2a42a0224be944fc2556284e7babaf09c048d5fba2833da9259238e7bd57d295d9ec835a5b9abd563502af221ac774ffb1f316133ebba04c196156ab2e63d68cd54e59a9aa6e49f948d0fc89674461eb4f34d292c512430119ac1923572d70e5baa9f16a350cfd01ac605012a9a5411e61d1b4a3796be0a5d0e36401699893473c9b653dfba98786334dffa1c3b5771ec2a6257769bd7072a7dea9d3a6cceadbcb367fb6d8c73ccb0b0f5bddc3dac064c75b5b427c8b986b9b9245fe5413da161119ed1119e59f691b43684e0006ac352728b7d668e844a6fb2666b15fd58a8dc2a015867e00aa067d7b24b60f4d2682c887af6af49e9613e12a5f8df06c3c6e2252f5d02bd4009c5f444e91cad99b7ae1be78929b1b6c0616f9a7aeeb200d77430c24b8e5c3009b698b857e9f568f27cd7bfdf1616e425c5232bca88894af267ae73b755593b9a1fad39c539f237675b8dd15e4b3236a790499a2b802bc6f1bfc9b1f7dbaf143f8112ab817bcca843c80312e196c699166c4e74d92512d0cc385124b5e0802b88a529aea70357fbd96d2097c520f27a1b4e4eca7ffcb0d91d496ec4e24dc1009a8fbb8b3a82df49e29cd146e69cde3df04b2320e75f2d03225f6313c6f549109c96bbc8ab809efc612c8d2096fe3b5fec67c714f84471abb8ca084201c06e9a5d7e235ff499fb9fa77c5a7cad6d0b22f0bc6279f829aa701c424be42af488aecc8a9bb4ff789a8ddaa54191e70f0320a6589b6b1eecf5bfa7a9e65cba7dc7e184c01649b6eba21bf3ea3d7576ac486855e0fc57bdc4a864455faa756e307bad775a852267640abd901be8ecf2430b9b67538ab2df928e62ea0b758ff60cef82090cf2ce81d64b1c53063d296c201f89b698a4911756f8f5f5d29048c89b429bfc669740a6859c62dbeb79b268919a84fd2eca94518d30c0b92e52cb326c15920e984e0750e432cf9e109697f14361f11235414db0ad59eda59d2bf7fa376cbe48b640344b71a34ee94f7abd5b5da3437d9add0bdf3509d3603ae2e0f04196b3b31147b12133abe387e33c6fc89da765b4db58c08a6158995c5ae455da29e0d7d3b1b2105625d5b0bc81f8000bf3be0f5885aeebaa30b63beeec3422a3856909b26a8f205b1f57b9122a2553b3390202513736716fb4445ae82dfb85dd56b6e8c02da347c8a2a70090cdca9124b819ecdb9a008e017e37c1afb53b35ffaf8315515ba863df8d2c3610f5f30ea9a7c3afe368976dbd33e7129093d888a7c85019304f40fc7b0ccffb62dd927f5eef8f68512f8251d93fc08eca7a5f3117b1dd2494aa588fce53c4a82c36ffa1166492cd22583279878cab347f57c29e639067917234d0d2b98d559db5a8b00d9eb0c0732a873b19695e527f773a64209ddb893be89749740f3720d34090c2a801f2bba1f201dbb7bde21cc92ce6b81ead89ae31e57056835369bb4b262d91daf2b857d11306d2996f8328f8102fa5cef555145aa6144e5a6c392d17687c0cdb20eed54561898f8764cccb10832a6c271411c35f8084873b0b5b43ebd742aaa8f2e889b7a522979b716312b352dca1e595ad56e667674efff69c0c0276f1471244f2d0396decc6b750c54cc3dff742ad7c7199487009b24e595f4feb0cde095f34e020a60a3ca6fec12361054b0d42f0afda8cf6c2d641f9c5d3ed50aab3674174235d34882f5d38125cc6aeb3a1c6f5bdf5f69bca2526b45fc2990e4abc713ebe732a1e2a26c5f839b2735b7045e188a8d15ccce9b1d7e19f05b12e5af0fcccc23850865ab33bab014007da01936bf5142784ca4a40093cabf0a1aad9c37eb9620f8ac07736be1730bd4750e842159c025f669097634b1e1b12c212378aecf12ca89881f583102d8f760c9d424b5d0d1cb7929856b94aa0cb10a04303bf8a24c4cb87883ad955119c63e49036cb9874c2d3b05d695742fdc14723df455adcbde953bcbf6c1652e930acc7eafeab13fa97adfc92a3fd1d11d6b87e5efdf54b05e67e73fa8fb67b11f29dba38190853d6a5ebd8f0c3ad846f916823f1c315ae67a8c9b75890d3644377fd959d15d5f956f10748ae9020832cb54e82e794b6a0609d81a5da045192d3e836e53992134528f70e9c6a6d7b1340f4f9add62902b540682849bdec7c13a1116f948ba8ba22148e9f5cf520b34309fec5e8241101347269a6e4b7227cb990b9572521029c51e249c9910cf548197794865b0d09984fb44cd2d28127c28ca47c6d82494cabab8accb5d481193ef71f64b0594d3e14f35f0fd869949a3260f882d7d9dd39cbde27be62fd7d08816ca87b57af1acdd8968b2d2ab4c3543bf0b270fa4f340eeb19d202fdae62c3ba60bf225dc43056fb8644d97ce36e1c238481de91c901895a2c6f27b9de047f06e1766d4679817ab3a156cf3f938e236b48f5d2b42b86de750b34150fa02ecfefc35adf74000c8e6cf84e59d140a69b56e7d3e1f21262dee7641ce236da15e3b6afec332821f207ab627a0917b496970469e46465fef8e37bf3651ae52f1c943e75d9750eb03f3f000b9647dbd3d5147deb5556c564abd5d7f6f2685042aedc4921096352557fdd83cb006573e7cb23bb30432a07e1cb42fb20f895a99fbc430fa42baa2d8bed3a49786db32d3c3f4454da086f7c9a5ad09a1a078694a2a3d4a37f0cf93482a390b8753027392364a3b6a8ad55c2b8975ce36498ea93cb4c369f5a0bc5330c86beebec467aab7fa3e5d3e7f0353efb168bb40892fc6c054a1766d44f928ee4dcb1038ee12aaf4208ddd4288dda51e6a04d0328742a7f8cfce566590a4cf69370d1bb22e487c1bf1c3512c8f407a76efeb7a2578fec5663e4a3a878be9c6051005829ed4a9b662159dc5ec89279fd603afa6b821855e21888442b740b5c9867c21e81e3ac2ec24dbfeff871fdc71a9bd61538570cad808a6405a7aaa093d9acf952764884741e3a46f07f2d1940489bf78312acc21ef1de5536470c353cd7ee1acdf83b8910df578c3856a0b58b3ea934975c6e070d10225ce2875ed8ce5790ab5c151c83be6b4bc5209e3428642e55953fe29acf09c83628bccd2e3d23a0cfb22fac97b16bbd24f31eb343c679577c59326a76b8fc5f2c88d2ecf34ca08e7c293b7f13187b5600af8c886f67276c5c1e988f3b3d54281c4a9a4a7ca3e5896cb478d39e55aeef42e138d618d9f49c3a925bfb8d35d2363472c6a5d1eb51cbe7c5fa3de7210cdfb48008282a57505571da6a84890504696aa060cdd535e8f37edaeeabb24147f9603bf38d1146bf881f363719c5f8abdef10d9fb3435161c7272a330d76b0ddee3715caed8b9ca2a64c8bd0b6932acb4e242e0d905b6031624a9392f59cb5e9d3986569a02b709b3bc0c186c15d567e3ffbebbabe2025c44b7de83492f2a5e2d0f546dacddca5ae22f36673530784e3f11a280e41a7977ab99e33190af30032f19359e3fd005845156c12ad50952d5b0b7967f2b2deede40544b6a2aac829d6288e60edbce562b93ae95cc3457699ad1e09d542fb95589baa0ffcc71dcf6276879cc00132e7d2769e10c997dd7c78e96a2b898082e1ee1cf122f98e3831f7d141da2a56ae96071a4ce26379f2d0e39d0229dbf6ec67bcd6353222ede975b3b456724874894baf87df93cbee171fecc0d4f645925c976e4d52f8e0e16a0e5dca6afb261068b75b08d0c5dedc8a9d630731c2eace339c180cf3b6a4a5ce012e80fca8007cc632d55da1ad450f151de297f25bdc80ddab8818f30def536a7d8c28bbffebd43cabf730501183109b9f90366d34faee857e708f5b2c55eccbd78b932e481a973b5ae7e006a12155c5dd12020146d990e0324d2023203a0ae8d9b60ca297b1be93786a2c9d39dc0300b1c53a088560f83c95b3ba59e64571dfd92504e8d32a737713f976f13f4fef61dcd92aaca0598d2f701b83364040763f9ee8360e5d3a3cc4495b45895a5553f4f12e570ddabd0759fb469596761dd28d0b4c499da1a66456438f293243cab21926c9dbc0911c82f12d2138f4941caf7c6ccecc03b62f2bbb268c0a87e554ec7e9fe083feedb1dbe2540926f096b01cc3bb9a32bbc1db02f88aec7d7ede11293ed30597eb9d08ce41fc2bd8cc7c9be0c15665dc082e5f69a2246b00283935091953296b19c98f9f278e1dce578a4480974c7d7e6d82ffd86a121126dbd70d0c7fe6a2d9c74c45baf29b9c5a2aaa3426e27bb6e59a76a079cc60cd88f0f4a70b683f47e5f89e426feeb94ca59a857e7f05b694963f4f603ec4e243d6bdc069988964bd261f10e17c1b1e9ea31524585ad2620fcabe0684469d87c520ff58fd911b5ce9f3af664ffd1bb23d608a3ffd001c1ed756d57ec879fcbcb4818ef339535916b86a4372f491f9aedf39292f0ae8718b9d516890925f7ad393cf49ce2bfa1bf55628f78d36a20d99338d2d71639d1e7671325e19346071f97e56095410a2fda748ac5c97b8b77ab56111afa1cbfa9ee2875c0a24118219f1840b7c985aa300ae174ac25dc0abf11071bdf9192aaf07672d84564fd9e8468296ee843656df2dfa43bf4158413374822f14ed708cdb0d9e779f71c7b91bfdd7e93df77fa95934c513b94177077e254479c086d0581178f46803d5d4727f0be5f99cc72da61a1e95ed01db2a2de5bd45719f0303ad25701507eb7e39a81cc7030ea554367a1e27f464110187a77488daa7e8512963d67ac1699c8b5124e37575eeca9a5642fdb1e158dfec4666f51fa0771e77c475193c8e2b913d6de66bb5e325c078790e6cb54aa63a01b21dc1cf8656da0f9a446b89043b548621ca0afb68eecce772c5588e4ccd7f1d1b209e6bb88f14cc17369dbe49e0e64df2fc1efaf9de93657a53e52168ce57fd26b702bf4b3a789f8937d71fcf7a2af0f1798bd28d1af9a34df5993ef7fb2c62181bcc4c5fa9878534532a8ab82d0f711c5b49ce60ff9df2fe99bbae1326532c7a860b1829a0b5ba83506abfaaa11bd790e0a9a280549209cbd96174925f71cd65739a0d19a441270bbe3d568c145a84db029807ce7c4d6610001d1c22eecf27c3e4aaa8635d394f985d5c99eeea0e87b20173e5566398ecf824dc15c2b7622addb103acb22b894018d548a44687981f4c853be7538724ded16cfe7de9a44ab21eda018a44963af4d0c3e0dec51564409608ab4984b74622fd2b5fc872f7dacad61ee5bd28c9690cd482e1775593a2fdd5851d4b204a0e07f57a8fb466a434694294e5bdda3307b26052c560beca36e89f7621d6430a8446cb8353dc65e861b837938715061a487b06eb041fb02a5945a6788db5baa5a2eb95e740c1d35489a739d3c5ff2f729f3fbef938ae256f30874e0ca00c9c251d4e15365118c6e57379a83cd1ca144e5dbb346ae0d89216a5b1a75dba2ca40838778ddadc27aa4b55a2d60e771a26e359bdf2eb1dbb83b25096e0dfe27291a154a8f8e19221ad982b858f2026c85f16ea7935199dc07dc69d469d5ccce9965ee2a6f622e3ee914852b24d32328168e28a287c06ed0385c522746a3ba10488f9fa616eeeebd532d616ebe81a8185f17d187f86d39621220f833bffb9845b9be363cf5fc234d2d0257fe954da94cdb23eb1d28d1ea70dd007d1924fbe4ad8e3aaab70c0dd081006f8cbe9066145b83d2d0a1e8b270c5807ca7e9382429ee003d2f1cb406f6950dd3f37646634e", 0x1000}, {&(0x7f0000003340)="f61ca1223a58ab2b9a28c9348cecfcdb2e80993a41aa16c7d6c574e50cbeb3714c49685ec562092f1e674f3241f6ee51de1aba0cda9e8c3ce88cddd639a19c62b8d7cdaa8659454b9cc720e1", 0x4c}], 0x6, &(0x7f0000003440)=[@iv={0x1018, 0x117, 0x2, 0x1000, "857be8920e1e6eedb2cfbf80c13475be7f963a13cd2c97fbc6638d2b71cf120b652a68e302fff9402ba3769e69de775fe5523897ff2fbdd3dc4e53a010da658aa3899130ff244fce66904e41461b24992cecb78dabf415dc8fd5bffe7f98a6a009452f968e8843a50fd0356468725337c9498768b5a6844cc6e90b1e844e70d833f7b9c90b22ab9f07c51389f7f2e9f7c34a1bbcd257b3951f1b1aada7f73500749daff7f4fe29544b267ffb7b96cdfc64e21e6bee4802d1cf98380048042d76734a1e81c2ee712e5118906a902c565585c5904c96b9365fbdd70371ee5bb5b8019d9c8bc0904ba2e087a4915892d88f886b4ed5a031d042f365b1954bf790713641b6a38e8ee50f645d40efc5aa9049541805cbe90127e2ce7ccf884212095611e5a8c6822563317f947f2e7056abc5511437f1046d5b13b5074540dfed66ef3d9315b23cb58aea33c3bff60e457644b85464496b252dbddc64b7775b5b66b328450fd2662eac6dcf914144f0ed4039f2a3223772f85dac7adc9fcfc9569cc39af888717d3bd2a81fea1122adadf0f899a1c8f1255e49f142c2d55c19969900e6b2086eea34c67216c8337ac4787f2d6eae00c118ec31e84fe46c39bab1d2c2f988304c6e4646981e78e41323342155475dbbfc824007962936c61fa43ae46363564791bb2378c6c6d1338643bffc9d6b72631d08677983c60976a4cf87ae8c967e005ba994a817a542aa14e141133294719962cf29b6af44f1493dcaf32a298495c31c93c0c79bc7da3a82f98f5c71b5d647b1f6a18cb264c08a6d804e7065d22cb2c42dedf938e9efa8e2a397c43399c3ec5bfdd87caacb309140935caafcbfa1e77368d912df8d9be579abd119e54a6259dcfefd2a72d05cbcb31402f8a5635a8624366c388850f07a08ad40b58215d29088a13a0eaef6738a21fd133794812ad1c815752cb08291031b783d2fc5ec9e3fb462ff115548d6c6b3136a1988739e448f4a5b9240b88548d4ac0ee99c0c81f0e6f2f2930d822a976962940c544c0026c61e2ddf0f5b3dc0bd118e32a7ad7e131ae86fb998e1e17eda7e78c0703b1a6a571b31bbc4a94605f13b9d84136fb5eaefa4ab6677afdd42f2190eb8877cb2f25c50405708c7d45bda692149b0ef15e25ad6c9208472ca4b28deaf475e0f5262084241436d3a0852e3ff58def8d1200253f5fe2fed9e9b84f3d93309fa7450667be9e3e7e1070b1f57ea23a6ff15c56dd1748fbce15c5c24288bb4282bcbf228dc01622faa06508b2d0abfc84ab99b4c8b91927fee8f963059f61330f2152b84cc3d2b254272b66a98677358f0e8e6743ded4333091539085f77def1570bfc70a6e20f6de0e68a1bb6a053a40b2c96d5b787a7080c1d5855112b48d1849594f36e22c59bb3f7934c4516528ca6f615f14c24671f22d13199da53aa8e195ab6edfd4eafe1d061155b4353fda62e1f3cdc82444d1a0ba81680bfa30d5f7e9b9f015836ea4484ef94f165263a63ffe437ae749c58d7813f8df400154d84ac0637a69e7d4f90e655a6518fe8da4db2d1726f6b70bbc50a77b0ac226aaee57577d27cabe89e15d42f48b06535ed669d6c0eb235a4a0922cd35149ea4b144c2a94d8e100913c2a83bb96df1eb7e826dd0212a41f7d8d14936b91bd0c7b7a259a766c5f7a788aca69de3878d3f1ba46cab6028682a4bad5f17304f6fdf5126f1892d059dc170023c0a4fab2b33190c43bb964d86fa30d813e3da33d2fb999f90766b3ba0c23bf3058fd97610252e1cbe656261c94a93073912682b549584ee60ed0c8dd07c25118a1b3d54d111783707bb79a6b4ffd600429a628c86ead6d861acc63cb27ded78ed391f1eb2ccd8daa6c008b86f44acaf8c6ae87fe53f9338fb0000bfecca27c6733be004b058f47f5322a1a518f0d37e772c7d480cf07a84b89cd3bca8a9d2c806f507ca1e8bfefc1542a61c220564e15c5b2713bc974ed74e2505e6a0376fca95a012f2bb20b94c53c407732b8cab1c19d4e07bfbdcdfe46352f641ae661c1fb4f9bbe74bd655a73f7bb78bf5578a8776804622c5207fab5bb1a1d7d70658c9cdcfd925ce0219b1184ddffa1ce6bd3e17f1cc9223e6859bb8f2ee240dad1d3b7888ec9d047ef81e3b3a2b23f4c9ea3aec0ee2ef1571682d4e112dbf25abfce73e648911a1dbdb03fcff54405ca4bf55a2ddbbb35c4f008db7b7828404e5f6b40ebb4c1de69c25178b2b0a21a52cfe6e3ab2be60216759e114001f4faa8b9e57df05afbcc14a686d985c5f2582334c29e396458da9fb01e604fe91718a03eef0748872217d4ccaed76ac6a9be0ed7b7372985d13b45f51e6e5cf42cb9f80b9ad2055aa3d76103d7ed591afed3065b4d7de8e7f52f40009040cc73e615b0075a9717439f96a7971bb117a79fd08aa226cb72ff48e0df6c4ad0eac93823a7f38d7ca7b1b4c861406e9821c9cd522111f8b86f2e467da7f56ec6a55dbf00320b96579d16fce7d9268f37bea1d301be68e666221a4cd54cc2141c5a1f022cb8d7690c8cf86701e3125c4c8ae3995d971495bfe6ea3e8e102f2dc8d19f4e201cca6eb5ff278e6f6654b44494e05097e45be0aa7e8ef1f19803bb59df666bae3e12ff3ee1438de854f7408567661e88a3d82d77a4720f4525638c95aa4da3fa1a754d64520fb16af222209a18e9546715004319ae705090c44152c8a4ce91d19de6668ac81a70fd08d2a08b6ee87a2003c30361818c58f7d1959288ed6519cb7683c3803ce933fabf88f6c26be6c47622e8efcc5eebc46f9e50e3a47f5371296db723951ceea1309fcf2d9ffb4b8c587af508532f18ec7d3d4fb551e88034d0c91dba52b99e5af9883cbbaa061d9077cae4cc33a5a4d6b9b4d86cc46723bcba637f633502e08f093ba7350cd7d3df57a5604fd211ef24ba09ddc71867a7600ac323b072bc79461fafac40b2a6d1411d8cf0aceed2c84accd8c010437277212b68b7136938485f39e019e76efc91a5b74ce1c0bf2d0f34e4fed6cb219742587848724c13bf358d2d03d5a25c8aee536e450fd07a3f0e44755afafe9c12402aa2c681412ecd6f4fba5216ba057946e9e4a083ca11b6af1d8672a7e3e08c62e323d9e940f4bb7d596c9d576f174ee0be3c003821fce594c4d2abdde946ab82fe65b512ef37548102983b4c274e6a2912800124ee4c1bed2ae626be3d8a942705856415c80dadd2ef4e80143d0f6be7533b2c179ba33aaecd9afa187d871ded32417f257be376453b7d51d089846c06f3475c894bd5344ac16f75857720d60ff7874a33ddf683c6b886fa7775e9e234fa821bbbdc20a002f6ee151d72e61065d1732822474905ceb023f367f8cfe54579df934f1d3583851eacfbf535418efebe5e8eb5ee4db8951117f65b23560531a0ef8ddd3232fefec49d5c309d73fcd90f7039b4c5cfa2ce7eabca0e3f927d63d80efda72bc0bdbf60e7bd0e70996be4f427f69fc2ab544397717eb32c4b46aaeb87fc0661e466cbc27ecf2aec1965f1dad8b14d9c740b96feb6f5cb770130ffe91466f82b9ea8a511c7da8e14cb1dfcfaaf6667afb7678bea32b9c749ac730f47094868764a9905cac0e3139c2b7484b2c9beef98d78d6da98d23f0dbe86ee26455296ef2dacf3bb4d9ce347409d8dd3060fe801f67c4d67b603ea325726b6268717d52860c0e6f43f5d5b0c85d6a1605c49fd60e96befafc7f2ad0c87903a0dd9b58f555eceedb8765fc602c60f2a1ffdc5ff7841f16128f595331010d146d5563bedd87003cdc4f1af5be748afd663b64133e4fefac451e74499de344443df69c60e5a39798ec9a566cdb51b10a9e8e41c5101064081cf84101a47c6c2a119b4109b75ff0ba892896484ad5c48e9f2333f9481a201af3f8c55371867608b9601fe882c7dc82500c58b1f3688a425aa2b096a727f90df85f64de94938e1206e09a323079666684125dda9da7d60f563221f2885c31c7f3726718532beb0b33c1b302e0eb7d6c5140546a0c37866a6d48196719a6475bd2d3f025f583df32ea5d3285edcd3a54eebca21e7c2eb99a70e7cc87456033dffebec40a12bf3445be5131db3b7a48458c95f697a858e66736e15cc0d3d9cc322959d83585e49866e5e95c65aaccb96ad88205dfcb51d71c0bf49f969cd30bc6f4624a926ba756bff8e85720f05eeff2a3343392bc84f3a915b01fbea72fa866490f8ebe64aa37f7837e2290e34693e926c9f33637e60a6be96f29f7f7041785cba01ef26ba0daf62f8fb0112b7b191fde9055f6f1e5824f182999d4ad526aaa00fcd767f086e5ed1b69a057c167e4b86ee01d724e2dfe72062dd73af5dccdaafef6911007e8ee80fadd2e28536dc2fd8a714191046c90dce50b73009f54f7146a083520e20e68865481ae1293b74eec6d99ae7e3ac1a0db2c99c49a35a534c63f2076696829a2c8e27a2f34fd90f938a9bea1d8a73d34b9f7881020731207b5ee19b8e67390c6c8cb8b0acbb3aea808e702270da98fbc759746e7dd8511908fe638c1a8043ebd3a847d71f21ca9e27a0ae938fa5bc9126cc4bc882e2e861ceaee225f045a35889487b1091414941d84eeae0beeeac49dd9f75fdd1915035da678801d243844fb78c04c2e077ff840f4d5e696dc67f59e403193a3ef601a275e3d53d9f3da352abf46b4897f7745ea56455769b3b8a290847c5c2eb167257001b0b0e1c2efbb58100d48378f99e59656d2953edbe6cb768da42ed776437488b6f54fc4b3187b75493c05f4f5c87bd74821c3b929896c51c229041755398cc5474cd2784211c8d3a6bcc6ccf5139b0cb8d99cfb13113e38f9fa036cb8902f57ecaa11d7f4039249677bab8af00cf07e59f64384c41efafb3311e5f32471fa097adcd7281d9189c1a7d3c9cbd5aabf667e4b88573dd7bed82e215004b7525089e038cff44bba900ed0bef697c3a877cba87fe4ba075d409dbe76e472dceee1c647ddc6e391d3832b82c254c588e6ce6d35297d5fe8761061076c60e2cbdb8abe35561f790184bdb4962989b4934d500dca9271e59678cedf4070657330ae20ac3366d316ce5ef09a14029eed12f8fb0f97caa4e619a8fa264180373f2f93b06a62f7f088aa7cc0c1a51d543f03f15c9467474b46b6999bcb8d72d6daa2473226d845f92aaab06e5a6c2cc95bd9bd1d4434276a45c770103adad49400c2d1e0450aae6bad02fbffbf33d7292cc025532ce15eeca2dc61936f2f73efab29450405e9612c6466d286804fb5bff886dbc0e777148a5562de3165ed419864007ade86a59fc1f1bf667986baa8508502474c88329fdaa79b89ee490658cf160bd6b02dbac237cb2d972309694a80af258a97e9ad4905d48d2190f8c3c8aa314b99765d536eea266427334ae584de53ff74bd05c81f8f1ad5ca962a7953b1b7e31a6a3afbedf1763fcb006266f1797a87c5cca49ae272c20093fbc99174e0b7021555a28717e7c91f5da372e78eaf3fbf27d4a440498dcdef9f1a01f339c044a01e19bad1ba203e21ecc35a1241fc5551e832896c2faeade34c41f2d6c95b7ac3ff2d1ff4e4092c3482c92048220b239aa7683617a0ed4693cd728d6462ae9f7035ad09223122a0bb57d6ddab3567e474a51c4c26ad1b55edd32449a954cd153213a10733498ccc662bb2d822b40e8d779b869760419bd502fe9f7281be140815319e39334476cfaa2ed256c5b1e2bf23fc550a23fe46fce92792571a4f3ea520209412c58472226516e237cc8d947fdb0bfff5a9dbc527fe22ff616b"}, @op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x1060, 0x800}, {0x0, 0x0, &(0x7f0000005a80)=[{&(0x7f00000044c0)="3f2fbeaadf48707a1a49e50afb60c28f52ac54b12b7cee5391f02be44d439fb7b6efcb03cb78b42d04729466ef40457c0bd3e755f574b76d72be0ec5e999cb22d42fa90ba180623ab74b12ca2e082897c3548f18abb9a2b191ccc914506e78d93956236350820f0a2ca7cbf4911fd7c5065c2d907573afa7d24f58d52f9e8e533d76658cacb6b5d05f57e19146cbef9dd002bed349aaebd52e695e809720e752313e9d02c9b45d0c0427013e6b4f62accf6fa8e20dda47c581e1070b264fdad401977cd07965f194faba91a5956bcd85", 0xd0}, {&(0x7f00000045c0)="ba09bcbb8bdcf2d7303c193faf64c3afdfbfb886f64b1087a0d5f2aad590f789d20959fa89e1ff523a5d87355225257c824736188502142ed6f9b52cdbf7727aa42fbd9b6fefd74eae298a7a975ae9d7ce04dd34d16efc2a26d23fb9df82b75132f545f23cf2d0162e486102460f079c79c9d52cba82c86196ddd162ea8078a2919950bf21618bf05214bbd61837dd5683526bfd42d0ab879bcf71ac99c5fdb135a54dd861f25f30", 0xa8}, {&(0x7f0000004680)="ccbb12474e035ad0ed73a6006e4cb938cac3d60697aeafb8da4f78c78ef9313312836b43902236f84a5b0adc7381b2bac0a2aa071c49373198d1b1217428ec86", 0x40}, {&(0x7f00000046c0)}, {&(0x7f0000004700)="36dbef79d822e83b55b31c40ffb36f9e8487f368308051f1e63040cf842eea2a781dc5d1bd7b2c0b74b3e8eadd361a7490a178a9f3a01aab9e1bee94fd234ea42147fe1ba9761118bfcfaa9b69075d490fdb", 0x52}, {&(0x7f0000004780)="010ad7b2bfdd2bfdf7d3e6dbb85242beed758c473d654ffd3350c03def52942b530fe50679388c5fec762a7d599c5ba57ee4988f0e6598cace86285f043dc98b06542c9c54a1a11a3f2381d90acbd96b4796ebb2d64a29c58c8f81ff40bf8e32fb90d5df6e28638891017dae5a7adcd386c6207869bcd88ff99c4477113d6031b4c658e6845b9ef28011382e12f3919a", 0x90}, {&(0x7f0000004840)="025acad5d7fa5b3bdbd8aadc27d4f0c3ef2a93faf8cd6b6dcb463bc5797d150648c44cabacad842ec5e682c2c930f717d9e40759b7653f1c55395752c0111297bdd6cd11d2420234d564f3f33b1bfbc42c5b0519297a38e428edad7cd0f4df86fa00c8be04a5065c7e690c7ffcb182386899a4ac32e5d7d6ae0070b0ae22a69f4280456ca3a6b1dca297442e34961eb2a586edc913ac120f78c4e69ea5b3f4e4d7b14fc983e8be808478e37d5bf8b84220c5608bbd4750cd5e77893fdeb9dd4ee2c92f991395e4523e7579bab1b9f6bf762d6ea5129c5a935f33112d8a5d226214984dab1bdac3f6c2a0966cade9b40e817bb0cbe02c726619a3cbc029934aa329486edc179411aa88ed34551d8adda678d87301b32e7dada7d81a7a87af70bf359bc459f8a90310baa3a72d25aab53946157f5ef2fbb0defeb35928c3387db050a3a7de5f4e13efd42f89cf1a4f0b44cacf5939546265382c1fbffed0ae9cae7eecfdaf2145c37015c1bf5e9e441dcb0da05048b1bcf83c376de2e5a2e5ecd7ec84d9a45fa2845c5da269a03000148dd0834fc99a8ed02afa686801aa61a292658e71ca002d21a3b0f06dd93fbf5e9200c5454cecd28ce0c882948df46d107711cb60c9931a905fa9146b1941e9918f0dbff42d90e67bbf0b91b738a826463dfddc7d6cd8635c9883b2c73d819a4228dc4d24ac97920541505ffc3ceb9282441de7137a996754d16a566d56c67dbfe6f7cbe9891b3a16ebb454c69f9cb376907dc302388d42af7dee66674d7517844f2e5eff4ceaf926b16b34807bb4ebca2da302ee0e578f3f28ef3c148bdc89906334ab429a5e71864101c8c0245aad0b0d9e95a53134af9e4010d7fbe7d2c0718bd812e7f67d8cb28fb6518738dcb44a658f594bfcf536eabd22b92fac1599fcc6bbf4dd90099fbed996b5f429b24397d1649e94220c9dc2a58eed5ca41da525ceee6ba89a45391149905e6d3ece1f465993c88449f1f22e0b49d502913e76a67810b67793af6bf13f6019c4193ce889d30f532c97d342c31e564fc0eccfc6d9ecc4eaa69019eb72d55c6a506cf1757e1ada2b16a895561289ba33dc5734a4d4a3097d73d0c1e935b349f4964c0fa3cba2b02764fc1eff8c55602e0e78599373edbdec6814d4e8d60eb1ff94f2aa977a99e77c091b27adf0e95202a12e6568fa4ca854cdce3bc9f658ccbbfd3d1e272cbaaba387592f6f1c0f2e351ddeae375484e61197585fb15d45192a5183974280a7279d6cdfa0819d6c335e7face291ee907a0fb73ef7a514e9717ce2f3e4934a4c6963d23dde1d8e93091f850f79bd8762a0bdd7e88471d5efc54eeb2c52ba53a4bbec1ac9df09a9270b50bd0b83ebeb53f9e4103606e92f66782cbaa5762b4d92fdea5ad73533c74fe1c9baf51a507659575f1cc626a36cbd86bf516a4d72593e7b35b5a6be3a8e23c5c943902c50087edf2077037a2237db0c4ec1d0c4451ce66f694706eb5249dec8b40ed835a033d961a454f5e39abf98e61867b79fa0d071ca3b58417731805ac0793d158cedc056e60c28a1ad2cef40484e3e8dc0e7ac1734bbcf67358f9b61af3a11c3bade0e2485952da393465bd163f5d4b99125c8d247e84a249b0f2f4bab8077c79a1b92af0527e956d9c73208a1b3da3397adbf9193681e0fce36ce04258507bf7c75f67ef8acfe30af655e905bc943e0bc85cb26f746ee0b9823b1e5c6c036beedc4452cb6a3e2975692986079928999bfcd517bad45e0066cf1a75220a8d8d03e73f10986db7a6477f40d5d04d6f36c38b121daf8eb822863e849fbabe3636e10734047aa23cffadfd0841f81330711af73a99c47646969f6a92d80b00fdf00476abe2c9ce7fcf771dc92aaf88cce4ac0be74432c8e3c2837a7b815e8a705377d788d955b70cb712cea06ddc411e62e8b0b079a81fdb5bef8bfb5a97425a67331948bb594a78c90516a43e455468621678680be4cea924ba3209bbc00726e2e4d051386beb0fd1e0d711ee04b3f73225f15b5792b0f421104c9b0850b43e13f9c91f967e6613759d9c48f9abf22c225e6a92fa22280062ea0cb748dc578a8f2171109b1378e9e4ebdf568cb101844cd016e6b6dc922838319f3ffccbff83e6c2aad5ecc8a6584d8ac80db19ce029bbc6488c05b6d581859810687167d8ae56c2abf14c298cfd3069939d80e4a970fb5286417fc34c4edaf0489f78f703f3f8afd9bc7a380589a7053250fa6ad6bb4562b95fdbb17f6bf322b392b7373b382e99a3718cba3485462cba4643fd4391153a9d6b708ca11168aacbb0dcca607a2127e938ae7baf9002fe02f9bc1f735f66ab84d7afa1fdcad78e39a490b99631ebcc29b5fe263a0df75e562b982d467290dce1e76ddc117f1754f8dcbdf598855000f1f6b9b8654b0ef3ef30af8d349d0a22749a82d23b5c86de974253ed4d1e67d03f5ceb43750239a74fb9cd8839a323a18e0e3519a81b3395ded41134c88dfdfe8931d7194b3795c4a4bfca07f992cd519e93ff234a874520f7a85019ed6c218315b07b8076b89c8bfe096e3e0c06aa2f2f5e50c0886db6c294b1e9fcf8055fc796e91ce9f175c43419de97022f9d8fe584e1674e9615e0662fb78304f853cf2c91c9e8396925b36263896304a6720ba9abb1210b72571b84b15a0102237a822c6ea1e612c990cf65a30db8fffae1952862830d14b2463f6d90eb04cd0d7353dd5767a16e11cd31f557544419868addf7a36df8b709fc8171c9e78a129da9fa6855bb3d24d8d891e5f566b90f040b6e00b17baed983b12a9aff39d7e1e79bd0136b2ff3dd4b04619d72c597a845bf24e0383b41a9fc99bc7bb0fb79c4af1c9803f2b66a20197a0c1ab7bcd8c53bfaa3ef49e0c4880d7c57d26fad108e461d8c967125126536c024d169e15442461fba8c260fd2a380e992a93336e5c5c88b382b4fba71d9ba7d4996292162fb7134d566ae5dc5bf1239a75374169a869606503acb71aa1da6d390b873d144632eb41a07b89780cdcafebdc3dae4f14ba30d44a7aaf7eaae08a2c0af12324eaa732edd186dee752261a49107f51c04bce3e3916ed4dcbb02ae695b61ce9b55db7852d61d2d232910da14eff5881e9b8f51a514716920283d4c40294bc81dd4cdb3b2d487d3d647de3641735d96d2212989352357495fe75e7996bf3d94ab594b314e4754fb0ad1e19822829b42138f3dea217b4ea626517bb7f3f812974918c0474ff979eb60927b9f30cf04f775a2715a8bfba5d5f39929d31c7037130f3a451b403ff120f4075db1bd9ebc23bdde9150bdeff9e9015357a5ca80e25300cf2f78fc2cb62974c419f4fe03286a3a662b796f336e98856710e6a7fe4c134e2e94295367eedecaa4f4a4ebf49850c3fb21cf40373fb834280786677aabdd3922fd525d2c64060bb8631bbf6565610c2f36afc2e674018ac8769825d8bad69c2e244a73d926503c2b51189ecf8b2941904e3f477f67d7156c92368d77537eeb1332015d5ec0328a3b9a8467d4daa5d910084835df4339b9f9117ef5a7165b5fc22c0b1e5d95da4674a994a8f44028a96866ce951baeccac78f3beda17e9ff963d15c8b8292ebcaeed5b684975c20a115bb66a41b85f3518856b442116c46ba074b68cc89cbd2184cd2ceb0da76f70eae111e0eb63ab2114d15262135b1181cb661450759e18352aab5fe1623631dddcd56e4c00f02f7c83a4ed940108cad5430f92262d4e7d4f6d1d748d3e8a5df923cc64b1a5f9e913e12fdbb4c9cd6e79b516314189dc6d4f9ad7b8e12900bde2b30eeb888a786c2e87e562d065459e86c3f7a07b853994c1c739eaa03f895cc17122c43aaaaea4a7fa59c224b947436c6da4cef2594f380f67d33780f45142487036c63f55f509b81d28344d5506f70ce4739327155e4d21aedc5ab60ffdac32500cb60fac8d227295591302f01ac2db7e84e0b994a248d1e5cd5308aecf9ff89b258ecaed39825ed4dc39ab81853ddfeeef0f694ed98c258ce6bbacc77ebda69cc9fdebb01fd60d08d336b39a4b4c1aca36226038406eb5f3067974f4be9d2501094045cbc4443e96965343e984dd7af6ad1cbe358adb800f0f341e6305f03087c45a2e11d32470d896e080fd759d5d2378e7a4e1a71aed1b4ee1895375f11c484666ef2173c56ea2e28d73720b63bea1e287d7b540a1e0f291ea60e38dafc8fcff710fbee3c22a38d810829e7bacaae0054c17a2897d6f4ceefebe2941a807579f740f3989076c276f599f0ba03e8b6b6d89236bca0b15708043e3b2ca78033c2b23661d895fc7fa2564809ecad43860845729e8d2ed6e9de661b1d27b34047bccb428390c895e4e7803e080024e8b1bcd26dc19bd6c1c8a7f6091806c3b06ffe72745388203361e9e65a153ddda1d68b8d51c3945fa2c81b277efb7ea63e58330f4b78bd70d0b2ee6c5439cdeae335216c2087eea70e32bf20e9cb9ab8efed6bd175e6684cff4057a436535377190a53e4122cacef4b94e0571fe386ce6784e4559d3188cc83fbe6da0f4e464f7cc826ca6ec8d39b8e009f2d3efb9a3e93084102e98d7d4cd2595d035eb69ae52f2d88f159e5e2c233f37ad655f0cfc74c06744b6f2118bad6e9f18a3b88b87cb5d2d88d10deb96c8a243d040729fb982f19a46f6039bd7e8830ae360a93941513c0adca6a89fb25b26f1d4c5a419fb8c456b24bf01d88d7ad7b8600b2af915d7a1b93abf0d77711be1317608f841c24abeb1e20c8cd123758944bebcb5a887691f8a931e4c9385a3b212795475aef0103a1a2ec871a96bb88f75a4b567fa7ac5e26a73fa9969c4a8f2c881ff64133cc74958d0e1bf31f13955bf55ad9021f78b7dddd6165627e2ba5ceac1271ae3f2de0e5aa319f132a0dc0d8c84b91c397487b0be60b582137732cb4627e295b3819a08c5c2b262a0c1784f866d36cd74872eefeda0ce5413a364cc24c9fe98f159deeab732bd3771829d0bc6282e62c49a59a8495ef9a8992c68c8ad70a1f73e8c9413a38467f281a0f56b84c153b27df37834d4122eab543dc8db24e5444426e91a4e3b7bec558c61dc940f1257642fb6966c5aa74c619b45ecc7c6a72e247c912d2f312d49f8868edd43408b050498705da62c4b057846dc48e61988a26f80108aa53aadf93bd5e34d9dd786f9e330833870be7148a15486ca5665e75687e33e7f31af2eac33a5e322e76adc627f7661b7e3168fad0b6cae1dc3c51ff72dfc5d0e8b65051b5ed83b28d8fb40727ae8ce0036b73fcf53373ccd6db0046460f69d5a1ae1b3283169207261b20b7b8f6461b4ec2f97cb215d21a4943194f9f0690386059cf50f34d8e3977a46783f23c062fa8418f85587f6663bdb01481656dfbb1297fda3220235515c17264e75966c364926704a70e52c3a910f6e68b10d665733fc54f2aaf68011635ebb5ad0adf289dbe2dd411a4a71bf911431646164509486fdb101995ded38b47be07a6fb9ac37ee4ab8022b258f5f212113910da4ce2b61e7fd125ea1402f6f43c97a21dba0d15c8581d15698ee311a3f62ad2b03debcd893a57d73112edf6e72c671125fadcad0286c5e2c23a4c1d4546d63c4a441b11079c5130c8e2ed237527271d59fb5657c891e7351bed47bfd4b424fb6117b08f82a657fb178beffbc4312757c6edbbc7fc48edc4c820602134ae3a17f9ebc3bab0dcd01470d22967763f9ef352bf7f47153dba34b37178340723b6d8323269e61553732f99828d273c85fca544fdb576bc108a3254589781ca24f18e", 0x1000}, {&(0x7f0000005840)="64f1ee932ad21b6a48a276ca5262594954711ad2356cea9e4ed9828a9e3c207d16483158a788bdd1ebb674c6fd7360eba3cc04cbaba327a55f151fc92719e36404b91df2004acd684cab5e277537ba8466045fa2bbda2ef190a84291dce58c4cb1f88017e26d30acac51951ca014aca7529234ae1df0e670b973529e4958ee", 0x7f}, {&(0x7f00000058c0)="155b656b2a2820514df62786d249f674cb4da9b435a67c840eb24e155b0301aa73717bf27922219d4c24c32f6a4b389b69bae11060f7946122a690d5f9d5aee2ee32b1ff27528f97e174610e5f0641eb19d7a0cb3ab305a3c73e11d2178f68fd668f7021362406c3bc2ade87be126d52885068620c4e63033ccc43b4aed35624d8430e49e65fbd9ceadba98488acce26ea6b4640a435b38cbbc56959f291a9ad", 0xa0}, {&(0x7f0000005980)="82fb2416f241057ddb42502658d8b7b027ef208f9ccaf52c6a6f111523a637ebcef93d67d27a06228ddd48f66cbdc400530e77784292e9374b9d2dc32b538a5124db44267b5df09cbb0d290adecd91bb8a892abef067dc32e61ef4162ea34e43fcc471b8787af99ae41b6df15a21380dbe601d3a318b5ed1746988677645f037beb72b9bb91cb0d0092271cc59c888da0ad68bc618c71fd5011a37d472f341ecf3fd56dfc0c933cc8ab1a6d835a8d1f4eb4b4498d56e1ebfa52a710ede3d499f83b85d292d", 0xc5}], 0xa, &(0x7f0000005b40)=[@assoc={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0xfffff371}, @assoc={0x18, 0x117, 0x4, 0x8000}, @op={0x18, 0x117, 0x3, 0x1}], 0x90, 0x1000}, {0x0, 0x0, &(0x7f0000005e80)=[{&(0x7f0000005c00)="1a37af44296579cb075033b4175d1599703a2920e5ce26add98b43657b078bc40848b30d4139e500e8961cbd5619ef0ce44c9095f19fdefe89f63cc32a1ea806fc2cbd3924713c37751a785c75e032b7644f93d2c2c01bf94ff16ba12387d741a1127e4920260e4c2183db26adc9995800958bf8cf8dc71801cb65af47d3dd4af8965c55d46a4d70abf60ab683dc5b34683481a86dca09201032d364b7c9325f128cba976047ed90", 0xa8}, {&(0x7f0000005cc0)="146b96e6cc96a591ef20e5da2be6fed52a34e237df19fbf4102a19cc6b608e", 0x1f}, {&(0x7f0000005d00)="9345dface7f64070e9fece8c93c7ece669353bbb688c061e58bed1c49c3381399f76e13910349b892e768298ca16cc6eaf73313b812fb840380d76d897535b01f2e86486a1f6c2b27cedc9346a5d81181a99e1dc24e8fc760aa669bb2271a32318f2676d8dd060dc68245146283b5171e2d5b4763d3f213e9fe048c30bf160d91c5fae84d76f0d5f7c4a", 0x8a}, {&(0x7f0000005dc0)="0a99eb11ab28e3cfbfa5e7e56653e51deaa908f601dd642ff0c6408de4d34d7492539fef5b83904c33b8bcfbe1516a25a7aad5c331cee6b4a4855fb237de2c36803475734337674e5275bf9b6e57640df6441d2f442bf9f7a82889ba68269ecb9d3c4f9d22449d0a0f1a56962acb62a4b500c5edfee8af221d65dd84e255466a65af47a35a64b4ad012e15e3dc40ba7f911ecba7326807461a32de54", 0x9c}], 0x4, &(0x7f0000005ec0)=[@iv={0x90, 0x117, 0x2, 0x78, "190e0e95a0de3ba5aa686bc0221c8374f69c7a59ca47aa9e103a1da92036004953bcdba0f17cda4356c526713128bc6594ae452d740d945ecc161d4475eacc793890eff43c02d613bd875f232d5f9247fd640d84cc9e167ac825075565fa07208c13c479e6331c9872d94851441b5121f601ab1b620defa4"}, @op={0x18}], 0xa8, 0x8000}, {0x0, 0x0, &(0x7f0000007500)=[{&(0x7f0000005f80)="6a6931e86d8efb3fcf20e125589af96a47a6e9d1c87ec92efaa3edc8f79beaacf9a592f515a72aa887fa201535db95bd48d0ae1acbf571e53e7740c84f98068aaa7af24a05e8f622da2903dea71daf2c96c853fdd4a338f77e0b78f1cf2af48e4c5121e88ba2d8c29835566ff91e03ed728ee449e8fe0745f5c2de7a7acce40dcce5c4540fffdba43b32cd5b8a849351bef746b7562d7b9454be58d5b7dca67e3845b78bdc989b8787e8bc4a2d5493b205f814a3cec9ea01960014b2b68be8e1e0a96b0519af712805709e5f41", 0xcd}, {&(0x7f0000006080)="ee432b01f671954806fc5757b2d69cdfecb955091374774b1bdcf6ce1560a37cbba19d6a3c90e2873f4a0a66af1a764e6250cda77da3fb2798f77819992477d4f5a5bba2cb4243717d0f4220c438e3bd763906c2ed282d4e0669b14d45418fd249033f7e07c0d00e77469f08fa9c2e7ada3379b710cdd3d5152e3e8156336b53fe3ccd913a606b876f0de2c0da886f19523d7329c006711fab2291d7a4070921c4cc86965ccfda4011ebab160a677568fa69d201792c29013d9deb6735e3f382d9692213f2314379af4a4c24f2b550f6f574f80ba554152bb6722335599a31ece89ef4fe2e37fc50358916d12d09944e329617e04b0132f2", 0xf8}, {&(0x7f0000006180)="f206b71aae91c921851427441207401548c8acf32c1471b7219d71ca5f90b19a6791cf80bd16ed03a9c6ee1468c7f5204c943b", 0x33}, {&(0x7f00000061c0)="7707311881bd5795d4a9d77ccc5eec392eca05376d98372a6e0a35a1f948a53388ecb906d8c7101093890b46cc8e48b87d5a93d5b2a21481230223278d92d4ee9b25367fb2dc321c66eb13168ddc0da45e982a4bcad8f9ed525f3fa7e300d5bd30253a2035a03ba851333a5bd4f3b7c03b0e3ba88a346bc299eb88738eb402c757c19b3e8678613b3201e0f1a024be38a9849ef7ea1267797e663aff3b6d9dfccbb428fce9531da2b329f442a1e1e6be4971ccafdd4c94372f64f35f4e287e3e0a8680a107fa95858cf810f031f607dc16dfffde524727b4252badbfebc4e694561d3084f0cb7f45d59c9fcd5bfdb2245a290e4f18051f1ee8865244374db902ce78e04162759c5084404da127edd6cdb81bd6fb02825357a987606264ae3f95a434e3b5a8959ea7c8ce4c69abf136e95f89e22a9c20ce0c68ea3be2e2ab7a010e876d074cfdbdf077f11783ca094e758b0561c6623a1c7d26cc9a2e8ddc3e5d710516ce47f270f0656bf9631fb7f67a78d3f07d64a71d4bea71f8723e9169f0c7fdfb64d6d83bd573e730c90361fd0606d5c85c0e95efa8db3afc7d201afff1b160946ccac02796b7ffbc6e6b8f6bd9ca5dee896770c32b8473037db1bb3423317232d320fcf7b6c80608fa696fed4ac4a1e2507b470b8130a20377659af171af18592c075384c5a08d6091b26e9d50b7691061c8697bca91f98f551d52f3261c66ce636544bc91411edfed76243657f7cca7173eb2ab2567566e573676206de59866d72ef4ca048b9c8e177c134008b629480af9bb9ddfbd1196f85dd806a8a1802653f5fcb17fa7cf7c0b629fc26805b74d5b1cb5c5b311c48653559faec57dbd1ee284b9cff027fd48668d79156c27773c83667e1ddffb9b0cf2acc5eb7f6731d9c84474b8b1d4f6b7c400874ae74a5ad3ae06ea5a5ed8970ebe5cd74f992b3c557b3941b15693ef5089592dbf5e8adcac5f44c3ae79f6f6a7a06f404c9cfe047d2429a318145fbecfd770697b6f326d1bbc078cbf91a2517a97ae6b37440b60df69c8dd823d831194a39c23d29af54d0f433e6fcc022bda8d9bfe4f6b6904df65f9b5e50b2ef3863c313703113c97e916acaff97bebf5347e2d15f46241dd786eae11d437371e7746a04d3d53364de476b81e56a9ef2f395b79dc63a79626e7ae39d67900727c5ddff2f60ffc60d1afd03f59151a9905f914b4591ba290e0e5f9afd1b90649f45f65ae402b6d67e153b92165d8117978875fad15cd0fbaa00b2ce5190526e6ad4704b8e4e3ae4a084a5c76e91281209b10d89a707b88586eb86220abc4dad250f01bd8c7aa4dda9e8c03b7b555bed8232d1ddd66978b3063a1aaf352b5b414e5ef5ac65866bbc56fef81e2cc47ee038557310d69d95a436d2ed1f19542623378d21a7ef8ac723d1ad4bdeeffb8855d787f8eb4be9c1584fa8abad90466058401e749f82b6a2935c6f368cd6a781190a2f603eeec6b2742afc9bc36a9a7b044f2fe2fe79d023e27e2c0c8e9f51d5668da22efac3a3eaf024fa6117e0ca31b497d8fca0de87ab45eff374876a25243926c0bb2fc44ea3519c79f12358315a65bb8e5e78bd89073995d88fc38617ddf6da062b69b2460995200472ae8162fdc9c15069edcc055d6c6e4e91526a1b6e4e3f743406190ea8b4fcb2e9e51729a9229f0181c3b3932e38e0fbc147fd57177ec97d64370787670ca98bd6f87718546e5d56c94ab577c03b2a7a02511717094afaff1e2078b43e522f648b8c65685f8c3fa3d1b3295b3c0a59d40dcd8dbf0a13acb8690775548459d7a6f50f62fb00f184cc909e7e17dfa9f60a6eafe9db3e0fb7aa887b8387806283944179271838c704f72ce735768db59b0cb86c4c3693852956c96de52d5474a87c12a91c6775bd9796ec68bd00cd9a4505fea50edd8a546240a2bc85d53e3b93e6530fe5cae813618a83ce9005527cd02dd4cc22fff009c903613fc7f3bd15112cb360e0c99b4fde5e60204d97797e63777ff493ebf1e0cd670807b4068ebfdad9322ec9fa1286040d63637718d4b5cfe9b6ef7668c34972305cc7556dbc3c473096ce538dbbb6b4bfc84849be5dd511d51ded45f83febe6d3519a9796637a4bed4853e16985641f6b4aac6ea3a8ded6c53bfa1d9d8a594d4d2d78cad1e0c2f5d0060889cb6c3f12be65f5822a223e42a7d27054bed8832466aa66f7f6cae5e400b993db451c7c5ebd56fdf1ef43d7517bb26e3d9608711c78180384db1ab488782bc1c07259cb025afea8f8ac513611f44af294a4cd5d35808228428e591d32f0a39efb6f35ca62e6d0257328688aaaca6339b766d3e232d1b9629552898d697bf14f669e043f29bc01db1ffbe62b311dbb52c2c63018e20d4923c43897ae78c48f50bec5a099c9ca07e68f5f4c7eb34f609c53ee334946cf3d37a21a6a713fc11d1f10c0de8ed7d0a90a506ca75214c7041ce6317495bce0198a9e53437dd984839f4033c2014c40c12daff502c1c8dd3fa26f5fb7c4d8537163bb07689591c0aa5313c6b0196acf00d10be91ac1ceb717f35f914a25ac76e56d7ce936dbba19905988b91d35e9fda16feec821f56fe661c0bad480177b7cddcfb22041734becf817d68d124814ee3b315ec0d574988645a970da8606737b62740d7d0628dd06f3adeda5964219c61f004022385f27a1909d6a297efd74fb5253bcf39afc1eec339a41e02de8d96fc8fee92308249a11e83d75fa132d85f319e70864609ea753c6c7ca4873d7bfce66062491c2dca467798e3e491a12da6c868dbbbd9ad055165f46673bf1a4c3da8ddd4cf4873aaf049d400f00caa7923900610e0d71b88ec837f4e6717152e42d00672217d1b6e54989278b42249f68544875242ea4dd9afb0c09ac81d5cbc24bb6e87c8fcd288f48a020cbe7103249c786664ec82551f255857b711b57fee574cf3f1bcace48a0d806d651b8a4f4093b8848f642327dd2a84a433a4038af82c6193c735b0f284877d715a550e65f854256f6133f83db449e8ecf74ed0998b4e960e49e3fab48c0bf77586cc628baa8c43d16f71b181c6fd1457bd286a5cdaadbf95442f0daec67c15a71204a514a60e1634dca03e780acb5e3a8bfcfc5258884ac1293599a8282f2465b6c8795a95831f6b8848daf05dd580664fd74138cf9ba81f9b6243835aac84006bd4b1e34868d3d232fc681f0a69053f3de033ff4539404106ce438b2d63a2afabb169a63503d50d49fb9b64a7b64aa47ed3bebee59603ac7c4709d581d0b975ff7efcb2c8b0f8368f2d700fcf9ac67c0e19a75e802e2c1e6c2e62a3a28f6626bacf5b104ef0eff6d826f3897dd3477570a23b9e144ca69384df903fb4b125ab992f20510f2f429c443dbe090e8f2cafaec657a512e961362ef2df142826c81ee50bf12a61f9a46edddd50b65625119000189fc12b85a241bef190077f2c1a20040629e213a789bab84947426d96fe920fe429266389c22b21eaf787016e26f647335c648a0eaf8b98f9982778976a033f0f2d9bf7f774236eabcdcc6a77de5608e6c6198885c1e3efd41105721de5291e6eb23f7944f7c164637fb1c129eddc9edf130b5f77d8b0c84cd72e0069cf1e5332eee5a31c633856652966ab1f4e2e881074eb64adffde6856f50e27e6c41fe8bf9849f0718dcc05d7a11aff196ec66c1bc3208110353cff444aea90250fb58ed2e589531ff66217564162de1665c02993eb322358d3f8d56e2d6aef6572c073b78bdd76cb9dc965401047fe9891386d1fc97b418a50c623b048fe3a807e80309a8bdf81aded952a89c2dbc4d79376ac8b68e054e30a32a5e1186e3204d04ec40890220e753a51f0683bcbcaeb0859e81e49217a89f9235e1927acd0ea5a1d4417cde8b2211df96e93ae2532700df0d0a29bd7273ac9e3951f2c93ca7fce9c7f7342a0c6471a0513fd83d78287c4f72ec383584e9079d462a2db897c1f6379d99b326b94a93801e661f5005d25cf86e7cc8d8469c387eb803155863b2b859e05ca4943870dcd9a40abd94fbbabe630f39aa3e0b2c343c0c96df7ac840558aca7a01a095ac2523b0b42cf774d32d4ba66f8791b8c282c3f5eb3bae91928bae493e751d0c827055040df44af3aa8db713e706a538d6e012cf6d54fe0e1c4159f52157e49aa6ea8bdf58554eb8ea0a739508babd9cf71a3c6bc1e1340ae0b4c0318e72a7c2cfb778e113621cd2058af6a7de459a05150117e8eaf72495af79ab61f3fc45c0bdcc027163d2e4fd29909402935422ee1568ffad6be4a054a43010e097063c65dca7b87d52526acbfe49fd3a3a95556475002d34f5a3ff16e801ad4db57eae6e210bb9abe5929ddf8a315abac36ffbc7a4334d1fa7e896d98c7280f961468847cdde7f5964efec0fe1a828e84cbe3d1c948f1bd6f51b14c6da0d4059ea6d91c25a985a723481fb8d571e1f78bbbac7a8132721b88e371d0e11d5128ed55dd1c37ef6183a587196608675743f507d3b67ec7056da636ee6b95ffc8c330d7ba5ac41b3b070498f04ff9508b81ba1636ff5adfaaa8013f70e4109d55350b3515fff8c6d3bb1cfe81f25614cc769604194ed500f34cfd3fa011339218232208c2cf6cee1977bf9ff670e2eb2f08d5e9bb05e65ba2e3d85f3c68d0511a39dbb415c3dccfecba84989a0edcdebaad997150b8aa68fc2169ee9459b0903363db33cb63cb82a1f23b8a2509dc76da03f325796570db341ab3e505fac752c159c37a1eb2dd973da364a8a3bbdea5b8f9b131ec8fbe45c07c14c3e1c83fccb60201c66ba919e44e05baf32933d4329803c921ff28ac9e7ee749ffd29cd739eaba92bd274023b933597d7de3cff5b0a339f57ada47e0bedbe2b5fa0e54928e065c0d3e4b5ac34c6246198086a9177c2fbb5ed3b86c1e07db0475fc44745451fc3322d52090c1ad1ab6ead1b6bd17e558bc2e8551a2272505326ed7e89a1b11f85f5ee8d5e275db50342c41eedbb90e0457938c5c4f3e6d1b104c0e7fd735f78a821d533365738f1998692c4acb09788a6ac5878de5348095a9d998d8481a29e1d395c4ee7cb321f70e588bbbb5b160fab04834d41db4dd0130a1aed38001772cf942b781844230034b58e235d894d093ea8f05a900086d921461afaeeeffdfb3c26915f84a593acd95a23b70a1adde9f59ab571cb3f91bb79d5ffae597b4ef07745ab308e23968383c4173dcca3fede597f19279a184588b2ed706eb7c961ebf394d5dfe5724c7b47230b3ba0d6e141c8a27f11015a3b40ad297cbcdf34aec82ce6238f0dd16a4afff4d94b419e6364987eece4fa1c334c8a2995ca198db690d45120ba2889289a9aab9873df1027255ed66319e53aa7b48f76a1aad84da81d2352e4ee7216b797520a83d5e7927c079459954538d441e381bd7d9115b695fad96a0db8686ab083bb1a75a8a2f5de69f78d7af12c37ca76ef44df99cef47ca831cb90a04400bce54c0d0971fb66b307f02e3febd68e0e514dcaa944a0629ae0a6e9ea5c986cff52716acfcbd8accb98d4d33b9cea3b2565b368336952131e0427b8d77bae8359a0df3278504c10e8ff2fa9ad31978bd6d82ec22476da31c0147a8120f445739c1fbf0d77bc1c9214f17716b39edbc9ce543c935127bf9da25161e50939a29f9f1b9c5c6c1ffa126e3ef4bef61609d7b948cf8fe1f308c53d1f1dc44160f735bf78d451f7d2b97487ea202bfed5382476d6b5ea5c8dccf7f08ce622bb28c61a00cc16278f1c3c5010a3d3009e6ba0529477eea1cedb1b2cb", 0x1000}, {&(0x7f00000071c0)="1bb9e4153b5fd422ec8e962940c21bdb1bf17daeacb13aaa888ff4a5405545fd60ac91889fcddc9a363bd455fd4b2117a9165a43ae26dea0cf4f6f54aef6b39d56166330f8f97d7d09f560537eb419d0f62c8afe06649e01ae8545d8b3ae8c2211223681c5aa64b4c13feb46812c908bb062946fc536cbaea1fb0505393b8935b21c585ba9c1b9dace58200274b0ebd6aebc0f4dc4cbd65d9f8569", 0x9b}, {&(0x7f0000007280)="118087648347f66a7be504a5b328d87a7fc2756d469344b08e19bfab59b3912e574afff7439906b3d1cd6bdbe970793869e26ebeb893cce625654b0af9c2b508b8f05fbd447849fbdf9b1260d54ae49c92f6533cc72f16aadf592d45e50eb183d8a068fac3d0a9d846cb7fd00798e814abe36a6b5aa84a04026e7f8e2672934d072ee7bd791037555cf432c680f6179543ac2eff003b03e7c547b4e4bfafd7d0814f659037c6bc244687de2dc99715273b4cf1a9a3a84f301554561b50cab22c4ab9ab7cb336064215455b39b4a2be522764d124e6", 0xd5}, {&(0x7f0000007380)="9eb1ad5d2f331105484a95b4a3a03d19f69b45c0b17136b93d6c336f853941bd9d646f195e49b07f1f8a7c7842de42ece182595d", 0x34}, {&(0x7f00000073c0)="3722453a5507369d52a1ff1c99c7e4091af50d3a30557c2e51a3b69fc46d67438329f21e1970010788a0f314d97f0671c1e17bf1b316f155c8d7fde00dd41a11cc7923294c7ae15d8cc515ad8d59af6ffbbae389ee65c020cf6fa61a2ce70bf1a1cec801c9973e6535d045ebb05d5a69d9f1f0f979dfb6a0d84a", 0x7a}, {&(0x7f0000007440)="256ff0364fc71b3a3fc17da2b401bd0e9500fee6f86f5fbb60a148c54a3d3878a9c0ba15008a351f95610d3b0f637490df94bb0ac35705d6bfdf08235302e3ed45918cce0765aa292a5fe741ed9ed54fdef5f80450881163ad858005cfd5ed82b32d7f321cf260f0f752c71cbac5ebb5156067ea56938297a07d33be3aa659d06cdcfdca4f15b706764942e1ed90089f35c3e40759346770d7cde00106623f08e0481199a5a56fcf9f1b", 0xaa}], 0x9, &(0x7f00000075c0)=[@assoc={0x18, 0x117, 0x4, 0xffff}, @assoc={0x18, 0x117, 0x4, 0x9}, @assoc={0x18}, @assoc={0x18, 0x117, 0x4, 0x4}, @assoc={0x18, 0x117, 0x4, 0xd2}], 0x78}], 0xa, 0x800) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000000000)) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1386.435522] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:42:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x80000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x200000, 0x0) r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0xfffffffffffffffb, 0x440000) accept4$inet(r2, 0x0, &(0x7f0000000180), 0x40800) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f00000000c0)=0x4) r3 = getpid() sched_setscheduler(r3, 0x0, &(0x7f0000000380)) sched_setattr(r3, &(0x7f0000000080)={0x30, 0x3, 0x0, 0x1, 0x80006, 0x0, 0xf2e, 0x9}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1386.490887] Bluetooth: hci0 command 0x1003 tx timeout [ 1386.497337] Bluetooth: hci0 sending frame failed (-49) 11:42:05 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000000)={{{@in, @in=@local}}, {{}, 0x0, @in=@dev}}, &(0x7f0000000140)=0xe8) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) connect(r0, &(0x7f0000000380)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x1, 0x4, 0x2, 0x0, {0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8}}}, 0x80) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000700)={0x9, {{0xa, 0x4e23, 0x80000001, @dev={0xfe, 0x80, [], 0x24}}}, 0x0, 0x3, [{{0xa, 0x4e24, 0x4, @rand_addr="00017fb3b3c06e3bf24d5ae43b5a126f", 0x1}}, {{0xa, 0x4e20, 0x10000, @remote, 0x6}}, {{0xa, 0x4e23, 0x33f, @rand_addr="b5136987568fe331c3ecd88e638245bf", 0x81}}]}, 0x210) 11:42:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000000)=0xf40) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x2, 0x0) execveat(r1, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)=[&(0x7f0000000140)='/dev/ptmx\x00', &(0x7f0000000180)='/dev/ptmx\x00'], &(0x7f0000000300)=[&(0x7f0000000200)=']wlan1\xf9\x00', &(0x7f0000000240)='mime_type\'.security:ppp1wlan1\x00', &(0x7f0000000280)='/dev/ptmx\x00', &(0x7f00000002c0)='userkeyringGPL\x00'], 0x1000) [ 1386.609299] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1386.658134] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1387.200192] net_ratelimit: 22 callbacks suppressed [ 1387.200198] protocol 88fb is buggy, dev hsr_slave_0 [ 1387.210360] protocol 88fb is buggy, dev hsr_slave_1 [ 1387.215458] protocol 88fb is buggy, dev hsr_slave_0 [ 1387.220538] protocol 88fb is buggy, dev hsr_slave_1 [ 1388.080155] protocol 88fb is buggy, dev hsr_slave_0 [ 1388.085258] protocol 88fb is buggy, dev hsr_slave_1 [ 1388.090388] protocol 88fb is buggy, dev hsr_slave_0 [ 1388.095548] protocol 88fb is buggy, dev hsr_slave_1 [ 1388.480105] Bluetooth: hci1 command 0x1003 tx timeout [ 1388.480180] protocol 88fb is buggy, dev hsr_slave_0 [ 1388.485402] Bluetooth: hci1 sending frame failed (-49) [ 1388.490426] protocol 88fb is buggy, dev hsr_slave_1 [ 1388.560167] Bluetooth: hci0 command 0x1001 tx timeout [ 1388.565503] Bluetooth: hci0 sending frame failed (-49) [ 1390.560194] Bluetooth: hci1 command 0x1001 tx timeout [ 1390.565497] Bluetooth: hci1 sending frame failed (-49) [ 1390.640160] Bluetooth: hci0 command 0x1009 tx timeout [ 1392.240208] net_ratelimit: 18 callbacks suppressed [ 1392.245257] protocol 88fb is buggy, dev hsr_slave_0 [ 1392.250315] protocol 88fb is buggy, dev hsr_slave_1 [ 1392.255370] protocol 88fb is buggy, dev hsr_slave_0 [ 1392.260416] protocol 88fb is buggy, dev hsr_slave_1 [ 1392.640141] Bluetooth: hci1 command 0x1009 tx timeout [ 1392.640174] protocol 88fb is buggy, dev hsr_slave_0 [ 1392.650456] protocol 88fb is buggy, dev hsr_slave_1 [ 1392.880148] protocol 88fb is buggy, dev hsr_slave_0 [ 1392.885273] protocol 88fb is buggy, dev hsr_slave_1 [ 1393.440191] protocol 88fb is buggy, dev hsr_slave_0 [ 1393.445316] protocol 88fb is buggy, dev hsr_slave_1 11:42:13 executing program 2 (fault-call:2 fault-nth:48): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1395.074112] FAULT_INJECTION: forcing a failure. [ 1395.074112] name failslab, interval 1, probability 0, space 0, times 0 [ 1395.085612] CPU: 1 PID: 6310 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1395.092592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.101941] Call Trace: [ 1395.104549] dump_stack+0x138/0x197 [ 1395.108277] should_fail.cold+0x10f/0x159 [ 1395.112417] should_failslab+0xdb/0x130 [ 1395.116376] __kmalloc_track_caller+0x2ec/0x790 [ 1395.121064] ? pointer+0xb10/0xb10 [ 1395.124589] ? lock_acquire+0x16f/0x430 [ 1395.128546] ? rfkill_register+0x3a/0xb20 [ 1395.132682] ? kvasprintf_const+0x5a/0x170 [ 1395.136899] kvasprintf+0xa7/0x110 [ 1395.140419] ? bust_spinlocks+0xc0/0xc0 [ 1395.144376] ? __mutex_lock+0x36a/0x1470 [ 1395.148423] ? rfkill_register+0x3a/0xb20 [ 1395.152628] kvasprintf_const+0x5a/0x170 [ 1395.156681] kobject_set_name_vargs+0x5b/0x150 [ 1395.161254] dev_set_name+0xa4/0xc0 [ 1395.164864] ? device_initialize+0x430/0x430 [ 1395.169257] ? __init_waitqueue_head+0x36/0x90 [ 1395.173827] rfkill_register+0xe5/0xb20 [ 1395.177785] hci_register_dev+0x34b/0x810 [ 1395.181937] ? __raw_spin_lock_init+0x2d/0x100 [ 1395.186506] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1395.190813] tty_ioctl+0x8f7/0x1320 [ 1395.194421] ? hci_uart_tty_poll+0x10/0x10 [ 1395.198643] ? tty_vhangup+0x30/0x30 [ 1395.202405] ? __might_sleep+0x93/0xb0 [ 1395.206278] ? __fget+0x210/0x370 [ 1395.209738] ? tty_vhangup+0x30/0x30 [ 1395.213452] do_vfs_ioctl+0x7ae/0x1060 [ 1395.217327] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1395.222073] ? lock_downgrade+0x740/0x740 [ 1395.226202] ? ioctl_preallocate+0x1c0/0x1c0 [ 1395.230593] ? __fget+0x237/0x370 [ 1395.234035] ? security_file_ioctl+0x89/0xb0 [ 1395.238429] SyS_ioctl+0x8f/0xc0 [ 1395.241775] ? do_vfs_ioctl+0x1060/0x1060 [ 1395.245908] do_syscall_64+0x1e8/0x640 [ 1395.249794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1395.254622] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1395.259792] RIP: 0033:0x459f49 [ 1395.262965] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1395.270655] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1395.277906] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1395.285159] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1395.292413] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1395.299665] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1395.307575] Bluetooth: Unknown HCI packet type 5e [ 1395.317449] Bluetooth: Unknown HCI packet type 43 [ 1395.322410] Bluetooth: Unknown HCI packet type 5e [ 1395.327250] Bluetooth: Unknown HCI packet type 50 [ 1395.332564] Bluetooth: Unknown HCI packet type 5e [ 1395.337405] Bluetooth: Unknown HCI packet type 40 11:42:15 executing program 0 (fault-call:2 fault-nth:42): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:42:15 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:42:15 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSBRK(r2, 0x5409, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:15 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x4000000200000002, &(0x7f0000000200)=0x3, 0x4) setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000140)=0x3, 0x4) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0xfffffefffffbf3bc, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 11:42:15 executing program 5: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0) 11:42:15 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000000)=ANY=[@ANYBLOB="020d0000140000000000000000000000080012000000030000000000000000000600000000000000000000000000000000000000000000000000000000000000ff02000000000000000000000000000105000500008000000a0000000016d430ca000000000000000000ffffac141400000000000000000005000600000000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0xa0}}, 0x0) 11:42:15 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) getsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x4) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0x7, @rand_addr="cf1ee5f047934fdd4b001edae600c822", 0x8}], 0x1c) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x20000, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000400)={{0x5000, 0x4000, 0xe, 0x2d, 0x0, 0x3, 0xff, 0xe9, 0x3, 0x1, 0x3, 0x5}, {0x4000, 0x0, 0x10, 0x0, 0x20, 0x7, 0x9, 0x3f, 0x98, 0x4b, 0xff, 0x80}, {0x100000, 0x10000, 0xe, 0x5, 0x7, 0x14, 0x92, 0x80, 0x4, 0x0, 0x5, 0x6}, {0x2000, 0x4000, 0x1b, 0x5, 0x81, 0x3, 0x0, 0x81, 0x1, 0x7, 0x6, 0x5}, {0x10000, 0x6000, 0x0, 0x1f, 0x3, 0x9, 0x6, 0x0, 0x1, 0x7f, 0x3f, 0x8}, {0x2000, 0x6000, 0xa, 0x7, 0x2, 0x6, 0x39, 0x0, 0x0, 0x4, 0x3}, {0x6e6e53ed90b39373, 0x4, 0x8, 0xff, 0x9, 0xfc, 0xff, 0xff, 0x3, 0x7f, 0x81, 0x3}, {0x7000, 0x2002, 0x9, 0x4, 0x54, 0x3f, 0x2, 0x9, 0x8, 0x80, 0x7, 0x66}, {0xf000, 0x1}, {0x104001, 0x4000}, 0x0, 0x0, 0x2, 0x0, 0x1, 0x4001, 0x5000, [0xff, 0x1dc8, 0x4]}) socket$inet6(0xa, 0x2, 0x90) 11:42:15 executing program 5: r0 = socket(0x10, 0x2, 0x0) sendto(r0, &(0x7f0000000200)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x5, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x4e4}, {&(0x7f00000024c0)=""/4096, 0x1048}, {&(0x7f0000000400)=""/120, 0x1aa}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0xce}], 0x8, &(0x7f0000002400)=""/191, 0x1f9}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 11:42:15 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$int_out(r0, 0x5385, &(0x7f0000fd3ffc)) 11:42:15 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x3, 0x800, 0xd) bind$rds(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x1f, 0x4) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$SIOCRSACCEPT(r1, 0x89e3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = fcntl$getown(r3, 0x9) r5 = getpid() sched_setscheduler(r5, 0x0, &(0x7f0000000380)) r6 = getpgrp(r5) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) kcmp(r4, r6, 0x4, r7, r8) [ 1397.100779] FAULT_INJECTION: forcing a failure. [ 1397.100779] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.164182] CPU: 0 PID: 6325 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1397.171151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.178724] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1397.180507] Call Trace: [ 1397.180527] dump_stack+0x138/0x197 [ 1397.180552] should_fail.cold+0x10f/0x159 [ 1397.180568] should_failslab+0xdb/0x130 [ 1397.180587] kmem_cache_alloc_node+0x287/0x780 [ 1397.180607] __alloc_skb+0x9c/0x500 11:42:15 executing program 5: socket$inet6(0xa, 0x5, 0x83) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000002000)) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x1}) fcntl$lock(r0, 0x26, &(0x7f0000000080)) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x40001}) r1 = dup(r0) connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}, 0x1c) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000180)=ANY=[], 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f0000000740)=ANY=[@ANYBLOB="1fff07a46dfd1f7c839add5b64f5e900004a6fae4b85da632fd297bf7290652b3b7fcae47f82c59d8ac75a68f8ecbdb3f6f6cf82d668fc4c99f9418e8ebc35b9dda9979612c8242d9092b7ed8237c804b32e3c7aa634dde9e869c73d0aad9299a4bd85cf445894d8c28c17ff2ec823776a617694710a0a1d35673693b507bb152fc59be59515d5d64bd2add762b44dde9232342ebea40d820bd73cf80e28203e82367e99ed92e48637bfb951100cff2b5719e4f5926c276284069bb258db00ef510f19a9ce9f14cc13d6f8ca41ab04cbf3f795a40f44f3fb382d857f1333c58ff58022efbf"], 0x1) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast2, 0x8}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) accept4$inet6(r3, &(0x7f0000000540)={0xa, 0x0, 0x0, @empty}, 0x0, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x100, 0x2) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') sched_setattr(0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x1671}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x2) r9 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7) r10 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r11, 0x7, &(0x7f0000002000)) fcntl$lock(r11, 0x26, 0x0) fcntl$lock(r11, 0x26, &(0x7f0000000080)) fcntl$lock(r11, 0x7, &(0x7f0000000180)={0x40001}) epoll_create(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000002000)) fcntl$lock(r12, 0x26, &(0x7f0000000040)={0x1}) fcntl$lock(r12, 0x26, &(0x7f0000000080)) fcntl$lock(r12, 0x7, &(0x7f0000000180)={0x40001}) r13 = dup(r12) write$cgroup_int(r13, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001880)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000001700)=0xe8) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0) ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x20000}) fcntl$F_GET_RW_HINT(r8, 0x40b, &(0x7f0000000300)) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000002c0)={@remote, 0x7b}) getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87) setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in=@empty}}, {{@in=@remote}, 0x0, @in=@local}}, &(0x7f0000000500)=0xfffffffffffffef6) syslog(0x0, &(0x7f0000000300)=""/120, 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) [ 1397.195366] ? skb_scrub_packet+0x4b0/0x4b0 [ 1397.195383] ? netlink_has_listeners+0x20a/0x330 [ 1397.195398] kobject_uevent_env+0x781/0xc23 [ 1397.195415] kobject_uevent+0x20/0x26 [ 1397.211733] device_add+0xa3e/0x1490 [ 1397.211752] ? device_private_init+0x190/0x190 [ 1397.211770] hci_register_dev+0x2d9/0x810 [ 1397.211786] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1397.220843] tty_ioctl+0x8f7/0x1320 [ 1397.250657] ? hci_uart_tty_poll+0x10/0x10 [ 1397.255010] ? tty_vhangup+0x30/0x30 [ 1397.258733] ? __might_sleep+0x93/0xb0 [ 1397.262606] ? __fget+0x210/0x370 [ 1397.266048] ? tty_vhangup+0x30/0x30 [ 1397.269743] do_vfs_ioctl+0x7ae/0x1060 [ 1397.273616] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1397.278371] ? lock_downgrade+0x740/0x740 [ 1397.282501] ? ioctl_preallocate+0x1c0/0x1c0 [ 1397.286895] ? __fget+0x237/0x370 [ 1397.290337] ? security_file_ioctl+0x89/0xb0 [ 1397.294727] SyS_ioctl+0x8f/0xc0 [ 1397.298079] ? do_vfs_ioctl+0x1060/0x1060 [ 1397.302221] do_syscall_64+0x1e8/0x640 [ 1397.306094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1397.310930] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1397.316109] RIP: 0033:0x459f49 [ 1397.319279] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1397.326966] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1397.334326] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1397.341587] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1397.348840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1397.356096] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1397.360084] Bluetooth: hci0 command 0x1003 tx timeout [ 1397.384959] Bluetooth: hci0 sending frame failed (-49) [ 1397.418848] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1397.610126] net_ratelimit: 22 callbacks suppressed [ 1397.610132] protocol 88fb is buggy, dev hsr_slave_0 [ 1397.620175] protocol 88fb is buggy, dev hsr_slave_1 [ 1397.625279] protocol 88fb is buggy, dev hsr_slave_0 [ 1397.630381] protocol 88fb is buggy, dev hsr_slave_1 [ 1398.480193] protocol 88fb is buggy, dev hsr_slave_0 [ 1398.485268] protocol 88fb is buggy, dev hsr_slave_1 [ 1398.490390] protocol 88fb is buggy, dev hsr_slave_0 [ 1398.495545] protocol 88fb is buggy, dev hsr_slave_1 [ 1398.880154] protocol 88fb is buggy, dev hsr_slave_0 [ 1398.885235] protocol 88fb is buggy, dev hsr_slave_1 [ 1399.440193] Bluetooth: hci0 command 0x1001 tx timeout [ 1399.445442] Bluetooth: hci1 command 0x1003 tx timeout [ 1399.445503] Bluetooth: hci0 sending frame failed (-49) [ 1399.451138] Bluetooth: hci1 sending frame failed (-49) [ 1401.520140] Bluetooth: hci1 command 0x1001 tx timeout [ 1401.520144] Bluetooth: hci0 command 0x1009 tx timeout [ 1401.530683] Bluetooth: hci1 sending frame failed (-49) [ 1402.640185] net_ratelimit: 18 callbacks suppressed [ 1402.645181] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.650267] protocol 88fb is buggy, dev hsr_slave_1 [ 1402.655335] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.660357] protocol 88fb is buggy, dev hsr_slave_1 [ 1403.040245] protocol 88fb is buggy, dev hsr_slave_0 [ 1403.045354] protocol 88fb is buggy, dev hsr_slave_1 [ 1403.280161] protocol 88fb is buggy, dev hsr_slave_0 [ 1403.285253] protocol 88fb is buggy, dev hsr_slave_1 [ 1403.600126] Bluetooth: hci1 command 0x1009 tx timeout [ 1403.840176] protocol 88fb is buggy, dev hsr_slave_0 [ 1403.845269] protocol 88fb is buggy, dev hsr_slave_1 11:42:24 executing program 2 (fault-call:2 fault-nth:49): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1405.954953] FAULT_INJECTION: forcing a failure. [ 1405.954953] name failslab, interval 1, probability 0, space 0, times 0 [ 1405.966407] CPU: 1 PID: 6367 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1405.973339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.982680] Call Trace: [ 1405.985258] dump_stack+0x138/0x197 [ 1405.988883] should_fail.cold+0x10f/0x159 [ 1405.993019] should_failslab+0xdb/0x130 [ 1405.996988] __kmalloc+0x2f0/0x7a0 [ 1406.000516] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1406.005604] ? devres_add+0x40/0x50 [ 1406.009210] ? rfkill_alloc+0x9c/0x2a0 [ 1406.013087] rfkill_alloc+0x9c/0x2a0 [ 1406.016795] hci_register_dev+0x308/0x810 [ 1406.020981] ? __raw_spin_lock_init+0x2d/0x100 [ 1406.025552] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1406.029903] tty_ioctl+0x8f7/0x1320 [ 1406.033510] ? hci_uart_tty_poll+0x10/0x10 [ 1406.037731] ? tty_vhangup+0x30/0x30 [ 1406.041436] ? __might_sleep+0x93/0xb0 [ 1406.045304] ? __fget+0x210/0x370 [ 1406.048745] ? tty_vhangup+0x30/0x30 [ 1406.052446] do_vfs_ioctl+0x7ae/0x1060 [ 1406.056316] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1406.061053] ? lock_downgrade+0x740/0x740 [ 1406.065199] ? ioctl_preallocate+0x1c0/0x1c0 [ 1406.069590] ? __fget+0x237/0x370 [ 1406.073028] ? security_file_ioctl+0x89/0xb0 [ 1406.077424] SyS_ioctl+0x8f/0xc0 [ 1406.080782] ? do_vfs_ioctl+0x1060/0x1060 [ 1406.084915] do_syscall_64+0x1e8/0x640 [ 1406.088782] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1406.093611] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1406.098783] RIP: 0033:0x459f49 [ 1406.101953] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.109642] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1406.116892] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1406.124144] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1406.131406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1406.138656] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1406.147319] Bluetooth: Unknown HCI packet type 5e [ 1406.154138] Bluetooth: Unknown HCI packet type 43 [ 1406.159181] Bluetooth: Unknown HCI packet type 5e [ 1406.164173] Bluetooth: Unknown HCI packet type 50 [ 1406.169051] Bluetooth: Unknown HCI packet type 5e [ 1406.174006] Bluetooth: Unknown HCI packet type 40 11:42:26 executing program 0 (fault-call:2 fault-nth:43): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:42:26 executing program 1: 11:42:26 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KDADDIO(r4, 0x4b34, 0xffffffff) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:42:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = accept$netrom(r1, 0x0, &(0x7f0000000000)) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480004001000065e90bc3e46e46c8d17906ecadddf54050700"/36, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) tee(r2, r3, 0x9, 0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:26 executing program 5: socket$inet6(0xa, 0x5, 0x83) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000002000)) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x1}) fcntl$lock(r0, 0x26, &(0x7f0000000080)) fcntl$lock(r0, 0x7, &(0x7f0000000180)={0x40001}) r1 = dup(r0) connect$inet6(r1, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}, 0x1c) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000180)=ANY=[], 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f0000000740)=ANY=[@ANYBLOB="1fff07a46dfd1f7c839add5b64f5e900004a6fae4b85da632fd297bf7290652b3b7fcae47f82c59d8ac75a68f8ecbdb3f6f6cf82d668fc4c99f9418e8ebc35b9dda9979612c8242d9092b7ed8237c804b32e3c7aa634dde9e869c73d0aad9299a4bd85cf445894d8c28c17ff2ec823776a617694710a0a1d35673693b507bb152fc59be59515d5d64bd2add762b44dde9232342ebea40d820bd73cf80e28203e82367e99ed92e48637bfb951100cff2b5719e4f5926c276284069bb258db00ef510f19a9ce9f14cc13d6f8ca41ab04cbf3f795a40f44f3fb382d857f1333c58ff58022efbf"], 0x1) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @mcast2, 0x8}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) accept4$inet6(r3, &(0x7f0000000540)={0xa, 0x0, 0x0, @empty}, 0x0, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x100, 0x2) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') sched_setattr(0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x1671}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x2) r9 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r9, 0x0, 0x480, &(0x7f0000000380), &(0x7f0000000340)=0xffa7) r10 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r11, 0x7, &(0x7f0000002000)) fcntl$lock(r11, 0x26, 0x0) fcntl$lock(r11, 0x26, &(0x7f0000000080)) fcntl$lock(r11, 0x7, &(0x7f0000000180)={0x40001}) epoll_create(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000002000)) fcntl$lock(r12, 0x26, &(0x7f0000000040)={0x1}) fcntl$lock(r12, 0x26, &(0x7f0000000080)) fcntl$lock(r12, 0x7, &(0x7f0000000180)={0x40001}) r13 = dup(r12) write$cgroup_int(r13, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001880)={{{@in=@remote, @in=@empty}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000001700)=0xe8) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0) ioctl$sock_inet6_SIOCADDRT(r10, 0x890b, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @remote, @mcast2, 0x0, 0x0, 0x0, 0x400, 0x0, 0x20000}) fcntl$F_GET_RW_HINT(r8, 0x40b, &(0x7f0000000300)) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000002c0)={@remote, 0x7b}) getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f00000014c0)=""/205, &(0x7f0000000100)=0xfffffffffffffc87) setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000480)='reno\x00', 0x5) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in=@empty}}, {{@in=@remote}, 0x0, @in=@local}}, &(0x7f0000000500)=0xfffffffffffffef6) syslog(0x0, &(0x7f0000000300)=""/120, 0x78) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 11:42:26 executing program 1: 11:42:26 executing program 1: 11:42:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/self/attr/c\x00', 0x2, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:26 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8000, 0x0) ioctl$KDMKTONE(r3, 0x4b30, 0xab27) [ 1407.947595] FAULT_INJECTION: forcing a failure. [ 1407.947595] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.961154] CPU: 0 PID: 6382 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1407.968100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.977442] Call Trace: [ 1407.980024] dump_stack+0x138/0x197 [ 1407.983668] should_fail.cold+0x10f/0x159 [ 1407.987816] should_failslab+0xdb/0x130 [ 1407.991779] kmem_cache_alloc_node+0x287/0x780 [ 1407.996351] __alloc_skb+0x9c/0x500 [ 1408.000073] ? skb_scrub_packet+0x4b0/0x4b0 [ 1408.004398] ? netlink_has_listeners+0x20a/0x330 [ 1408.009148] kobject_uevent_env+0x781/0xc23 [ 1408.013459] kobject_uevent+0x20/0x26 [ 1408.017241] device_add+0xa3e/0x1490 [ 1408.020961] ? device_private_init+0x190/0x190 [ 1408.025545] hci_register_dev+0x2d9/0x810 [ 1408.029683] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1408.034002] tty_ioctl+0x8f7/0x1320 [ 1408.037625] ? hci_uart_tty_poll+0x10/0x10 [ 1408.041850] ? tty_vhangup+0x30/0x30 [ 1408.045561] ? __might_sleep+0x93/0xb0 [ 1408.049429] ? __fget+0x210/0x370 [ 1408.052870] ? tty_vhangup+0x30/0x30 [ 1408.056571] do_vfs_ioctl+0x7ae/0x1060 [ 1408.060451] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1408.065271] ? lock_downgrade+0x740/0x740 [ 1408.069406] ? ioctl_preallocate+0x1c0/0x1c0 [ 1408.073799] ? __fget+0x237/0x370 [ 1408.077240] ? security_file_ioctl+0x89/0xb0 [ 1408.081643] SyS_ioctl+0x8f/0xc0 [ 1408.085011] ? do_vfs_ioctl+0x1060/0x1060 [ 1408.089152] do_syscall_64+0x1e8/0x640 [ 1408.093045] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1408.097891] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1408.103077] RIP: 0033:0x459f49 [ 1408.106255] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.113961] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1408.121238] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1408.128497] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1408.135770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 11:42:26 executing program 1: [ 1408.143026] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1408.150693] net_ratelimit: 22 callbacks suppressed [ 1408.150697] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.160192] Bluetooth: hci0 command 0x1003 tx timeout [ 1408.161039] protocol 88fb is buggy, dev hsr_slave_1 [ 1408.166070] Bluetooth: hci0 sending frame failed (-49) [ 1408.171132] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.181479] protocol 88fb is buggy, dev hsr_slave_1 11:42:26 executing program 1: [ 1408.880136] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.885253] protocol 88fb is buggy, dev hsr_slave_1 [ 1408.892038] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.897194] protocol 88fb is buggy, dev hsr_slave_1 [ 1409.280173] protocol 88fb is buggy, dev hsr_slave_0 [ 1409.285270] protocol 88fb is buggy, dev hsr_slave_1 [ 1410.240186] Bluetooth: hci1 command 0x1003 tx timeout [ 1410.245431] Bluetooth: hci0 command 0x1001 tx timeout [ 1410.245476] Bluetooth: hci1 sending frame failed (-49) [ 1410.251126] Bluetooth: hci0 sending frame failed (-49) [ 1412.320183] Bluetooth: hci0 command 0x1009 tx timeout [ 1412.320534] Bluetooth: hci1 command 0x1001 tx timeout [ 1412.331045] Bluetooth: hci1 sending frame failed (-49) [ 1413.440151] net_ratelimit: 22 callbacks suppressed [ 1413.440156] protocol 88fb is buggy, dev hsr_slave_0 [ 1413.450156] protocol 88fb is buggy, dev hsr_slave_1 [ 1413.680156] protocol 88fb is buggy, dev hsr_slave_0 [ 1413.685269] protocol 88fb is buggy, dev hsr_slave_1 [ 1414.400110] Bluetooth: hci1 command 0x1009 tx timeout [ 1414.400157] protocol 88fb is buggy, dev hsr_slave_0 [ 1414.410456] protocol 88fb is buggy, dev hsr_slave_1 [ 1414.415598] protocol 88fb is buggy, dev hsr_slave_0 [ 1414.420775] protocol 88fb is buggy, dev hsr_slave_1 [ 1415.120176] protocol 88fb is buggy, dev hsr_slave_0 [ 1415.125292] protocol 88fb is buggy, dev hsr_slave_1 11:42:34 executing program 2 (fault-call:2 fault-nth:50): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1416.194521] FAULT_INJECTION: forcing a failure. [ 1416.194521] name failslab, interval 1, probability 0, space 0, times 0 [ 1416.206171] CPU: 0 PID: 6406 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1416.213107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1416.222459] Call Trace: [ 1416.225039] dump_stack+0x138/0x197 [ 1416.228665] should_fail.cold+0x10f/0x159 [ 1416.232828] should_failslab+0xdb/0x130 [ 1416.236800] __kmalloc_track_caller+0x2ec/0x790 [ 1416.241506] ? __down_trylock_console_sem+0x71/0x200 [ 1416.246645] ? kstrdup_const+0x48/0x60 [ 1416.250529] kstrdup+0x3a/0x70 [ 1416.253723] kstrdup_const+0x48/0x60 [ 1416.257504] __kernfs_new_node+0x2f/0x420 [ 1416.261634] ? vprintk_func+0x65/0x159 [ 1416.265520] kernfs_new_node+0x80/0xf0 [ 1416.269407] kernfs_create_dir_ns+0x41/0x140 [ 1416.273810] sysfs_create_dir_ns+0xbe/0x1d0 [ 1416.278129] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1416.283665] kobject_add+0x11f/0x180 [ 1416.287359] ? kset_create_and_add+0x180/0x180 [ 1416.291933] ? __raw_spin_lock_init+0x2d/0x100 [ 1416.296507] ? refcount_inc_not_zero+0x88/0xe0 [ 1416.301068] ? klist_init+0x71/0xe0 [ 1416.304692] device_add+0x383/0x1490 [ 1416.308388] ? device_initialize+0x430/0x430 [ 1416.312791] ? device_private_init+0x190/0x190 [ 1416.317378] rfkill_register+0x19c/0xb20 [ 1416.321440] hci_register_dev+0x34b/0x810 [ 1416.325599] ? __raw_spin_lock_init+0x2d/0x100 [ 1416.330180] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1416.334504] tty_ioctl+0x8f7/0x1320 [ 1416.338124] ? hci_uart_tty_poll+0x10/0x10 [ 1416.342348] ? tty_vhangup+0x30/0x30 [ 1416.346077] ? __might_sleep+0x93/0xb0 [ 1416.349947] ? __fget+0x210/0x370 [ 1416.353401] ? tty_vhangup+0x30/0x30 [ 1416.357105] do_vfs_ioctl+0x7ae/0x1060 [ 1416.360980] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1416.365728] ? lock_downgrade+0x740/0x740 [ 1416.369880] ? ioctl_preallocate+0x1c0/0x1c0 [ 1416.374290] ? __fget+0x237/0x370 [ 1416.377738] ? security_file_ioctl+0x89/0xb0 [ 1416.382131] SyS_ioctl+0x8f/0xc0 [ 1416.385480] ? do_vfs_ioctl+0x1060/0x1060 [ 1416.389627] do_syscall_64+0x1e8/0x640 [ 1416.393502] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1416.398341] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1416.403510] RIP: 0033:0x459f49 [ 1416.406680] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1416.414808] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1416.422063] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1416.429315] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1416.436575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1416.443830] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1416.452082] kobject_add_internal failed for rfkill151 (error: -12 parent: hci0) [ 1416.461870] Bluetooth: Unknown HCI packet type 5e [ 1418.480122] Bluetooth: hci0 command 0x1003 tx timeout [ 1418.485439] Bluetooth: hci0 sending frame failed (-49) [ 1418.560146] net_ratelimit: 18 callbacks suppressed [ 1418.560152] protocol 88fb is buggy, dev hsr_slave_0 [ 1418.570240] protocol 88fb is buggy, dev hsr_slave_1 [ 1418.575308] protocol 88fb is buggy, dev hsr_slave_0 [ 1418.580394] protocol 88fb is buggy, dev hsr_slave_1 11:42:37 executing program 0 (fault-call:2 fault-nth:44): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:42:37 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYBLOB="00000000000800000000000000000000461a4e03e116f5c58f6ccd92f911b4e0157c9a956f216cb2f5ea382db4c1da49246f2ac5df79ec29a9b062012bad5f4899a6585e33a5ad1f2212f7ed4853961671759c95a6fc3e85339d2e0edc924549dfb33cb2ff9c1dca3958e399252f65166cf36fe129e6bcc3d788c7ac555861760e322285", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000000)={0xf}, 0x1) 11:42:37 executing program 1: 11:42:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:37 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x247, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="230000005a00817491bc655067d7aee4050c00000f00020001000000ac", 0x1d}], 0x1}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90c8c48258f8dbe8a85baf83abec1ffab8edab2e16cf0000000000000000000000000000000000000000000004000000794b00fd45d52b5eb271218d26ae32f1807dd6707432ff48bc085763314166443ce72c74f3db890e1ff15a10d91f67e9a232fe2238fff867ba8fd41b29caad2a44648dc5385a5ca0e284986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd313660489c4c971a548e85480dae93c7e33bdef00000000d8fd8c6e62d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db2699f1210fab7071cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607f7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f9197e7a5513c13e79d46bb4b84c16fd5c96ee450e411d75ab7613b644ba7580b2a0942394ed1737517"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x1800000000000060, 0xe80, 0x0, &(0x7f0000000100)="0000003f0000007e5bc5795ecaa29a16f291d36a48e93100ffff81", 0x0, 0x100, 0xf2ffffff}, 0x28) 11:42:37 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="390000000906090368fe0763558e22f674d336ab002b00000001000a0014000205450001070300000300"/57, 0x39}], 0x1) 11:42:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1418.803713] FAULT_INJECTION: forcing a failure. [ 1418.803713] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.837854] CPU: 1 PID: 6416 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1418.844829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1418.854185] Call Trace: [ 1418.856772] dump_stack+0x138/0x197 [ 1418.860398] should_fail.cold+0x10f/0x159 [ 1418.864542] should_failslab+0xdb/0x130 [ 1418.868507] kmem_cache_alloc_node_trace+0x280/0x770 [ 1418.873598] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1418.879125] __kmalloc_node_track_caller+0x3d/0x80 [ 1418.884039] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1418.888695] __alloc_skb+0xcf/0x500 [ 1418.892304] ? skb_scrub_packet+0x4b0/0x4b0 [ 1418.896613] ? netlink_has_listeners+0x20a/0x330 [ 1418.901357] kobject_uevent_env+0x781/0xc23 [ 1418.905668] kobject_uevent+0x20/0x26 [ 1418.909453] device_add+0xa3e/0x1490 [ 1418.913154] ? device_private_init+0x190/0x190 [ 1418.917726] hci_register_dev+0x2d9/0x810 [ 1418.921885] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1418.926198] tty_ioctl+0x8f7/0x1320 [ 1418.929808] ? hci_uart_tty_poll+0x10/0x10 [ 1418.934026] ? tty_vhangup+0x30/0x30 [ 1418.937731] ? __might_sleep+0x93/0xb0 [ 1418.941601] ? __fget+0x210/0x370 [ 1418.945060] ? tty_vhangup+0x30/0x30 [ 1418.948759] do_vfs_ioctl+0x7ae/0x1060 [ 1418.952629] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1418.957368] ? lock_downgrade+0x740/0x740 [ 1418.961501] ? ioctl_preallocate+0x1c0/0x1c0 [ 1418.965894] ? __fget+0x237/0x370 [ 1418.969336] ? security_file_ioctl+0x89/0xb0 [ 1418.973734] SyS_ioctl+0x8f/0xc0 [ 1418.977083] ? do_vfs_ioctl+0x1060/0x1060 [ 1418.981216] do_syscall_64+0x1e8/0x640 [ 1418.985086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1418.989916] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1418.995098] RIP: 0033:0x459f49 [ 1418.998271] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1419.005961] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1419.013216] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1419.020486] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1419.027738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1419.034992] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:42:37 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000000c0)={r6, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000040)={r6, @in6={{0xa, 0x4e21, 0x9, @empty, 0x400}}, 0x75f, 0x80000001, 0x9, 0x8, 0x1000}, &(0x7f0000000140)=0x98) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000240)={r7, 0x400}, &(0x7f0000000280)=0x8) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = dup2(r9, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) write$capi20_data(r10, &(0x7f0000000000)=ANY=[@ANYBLOB="10000900ff83086da500000100008000000001"], 0x13) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r8}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1419.063816] netlink: 37 bytes leftover after parsing attributes in process `syz-executor.1'. 11:42:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x80, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 11:42:37 executing program 1: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) r0 = creat(&(0x7f0000000080)='./bus/file0\x00', 0x0) write$binfmt_elf32(r0, 0x0, 0x0) [ 1419.130191] netlink: 37 bytes leftover after parsing attributes in process `syz-executor.1'. 11:42:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x20000, 0x0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f00000000c0)=0x6, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1419.263421] batman_adv: batadv0: adding TT local entry 48:e9:31:00:ff:ff to non-existent VLAN 3072 [ 1419.271291] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1419.280136] protocol 88fb is buggy, dev hsr_slave_0 [ 1419.289605] protocol 88fb is buggy, dev hsr_slave_1 [ 1419.294845] protocol 88fb is buggy, dev hsr_slave_0 [ 1419.299975] protocol 88fb is buggy, dev hsr_slave_1 [ 1419.307885] batman_adv: batadv0: adding TT local entry 48:e9:31:00:ff:ff to non-existent VLAN 3072 [ 1420.560113] Bluetooth: hci0 command 0x1001 tx timeout [ 1420.565431] Bluetooth: hci0 sending frame failed (-49) [ 1421.120144] Bluetooth: hci1 command 0x1003 tx timeout [ 1421.125456] Bluetooth: hci1 sending frame failed (-49) [ 1422.640121] Bluetooth: hci0 command 0x1009 tx timeout [ 1423.200125] Bluetooth: hci1 command 0x1001 tx timeout [ 1423.205568] Bluetooth: hci1 sending frame failed (-49) [ 1423.840151] net_ratelimit: 278 callbacks suppressed [ 1423.845206] protocol 88fb is buggy, dev hsr_slave_0 [ 1423.850513] protocol 88fb is buggy, dev hsr_slave_1 [ 1424.080253] protocol 88fb is buggy, dev hsr_slave_0 [ 1424.085330] protocol 88fb is buggy, dev hsr_slave_1 [ 1424.800147] protocol 88fb is buggy, dev hsr_slave_0 [ 1424.805271] protocol 88fb is buggy, dev hsr_slave_1 [ 1424.810383] protocol 88fb is buggy, dev hsr_slave_0 [ 1424.815510] protocol 88fb is buggy, dev hsr_slave_1 [ 1425.280139] Bluetooth: hci1 command 0x1009 tx timeout [ 1425.520152] protocol 88fb is buggy, dev hsr_slave_0 [ 1425.525252] protocol 88fb is buggy, dev hsr_slave_1 11:42:45 executing program 2 (fault-call:2 fault-nth:51): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1427.071716] FAULT_INJECTION: forcing a failure. [ 1427.071716] name failslab, interval 1, probability 0, space 0, times 0 [ 1427.083198] CPU: 1 PID: 6448 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1427.090155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1427.099509] Call Trace: [ 1427.102088] dump_stack+0x138/0x197 [ 1427.105705] should_fail.cold+0x10f/0x159 [ 1427.109886] should_failslab+0xdb/0x130 [ 1427.113847] __kmalloc_track_caller+0x2ec/0x790 [ 1427.118552] ? __down_trylock_console_sem+0x71/0x200 [ 1427.123640] ? kstrdup_const+0x48/0x60 [ 1427.127511] kstrdup+0x3a/0x70 [ 1427.130690] kstrdup_const+0x48/0x60 [ 1427.134388] __kernfs_new_node+0x2f/0x420 [ 1427.138519] ? vprintk_func+0x65/0x159 [ 1427.142391] kernfs_new_node+0x80/0xf0 [ 1427.146271] kernfs_create_dir_ns+0x41/0x140 [ 1427.150662] sysfs_create_dir_ns+0xbe/0x1d0 [ 1427.154969] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1427.160491] kobject_add+0x11f/0x180 [ 1427.164189] ? kset_create_and_add+0x180/0x180 [ 1427.168764] ? __raw_spin_lock_init+0x2d/0x100 [ 1427.173328] ? refcount_inc_not_zero+0x88/0xe0 [ 1427.177890] ? klist_init+0x71/0xe0 [ 1427.181501] device_add+0x383/0x1490 [ 1427.185208] ? device_initialize+0x430/0x430 [ 1427.189614] ? device_private_init+0x190/0x190 [ 1427.194183] rfkill_register+0x19c/0xb20 [ 1427.198236] hci_register_dev+0x34b/0x810 [ 1427.202365] ? __raw_spin_lock_init+0x2d/0x100 [ 1427.206935] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1427.211253] tty_ioctl+0x8f7/0x1320 [ 1427.214874] ? hci_uart_tty_poll+0x10/0x10 [ 1427.219107] ? tty_vhangup+0x30/0x30 [ 1427.222815] ? __might_sleep+0x93/0xb0 [ 1427.226683] ? __fget+0x210/0x370 [ 1427.230145] ? tty_vhangup+0x30/0x30 [ 1427.233844] do_vfs_ioctl+0x7ae/0x1060 [ 1427.237713] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1427.242450] ? lock_downgrade+0x740/0x740 [ 1427.246582] ? ioctl_preallocate+0x1c0/0x1c0 [ 1427.250982] ? __fget+0x237/0x370 [ 1427.254427] ? security_file_ioctl+0x89/0xb0 [ 1427.258840] SyS_ioctl+0x8f/0xc0 [ 1427.262199] ? do_vfs_ioctl+0x1060/0x1060 [ 1427.266333] do_syscall_64+0x1e8/0x640 [ 1427.270202] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1427.275055] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1427.280227] RIP: 0033:0x459f49 [ 1427.283397] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1427.291087] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1427.298361] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1427.305620] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1427.312882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1427.320137] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1427.328317] kobject_add_internal failed for rfkill153 (error: -12 parent: hci0) [ 1427.336325] Bluetooth: Unknown HCI packet type 5e [ 1427.341514] Bluetooth: Unknown HCI packet type 43 [ 1427.346356] Bluetooth: Unknown HCI packet type 5e [ 1427.351369] Bluetooth: Unknown HCI packet type 50 [ 1427.356213] Bluetooth: Unknown HCI packet type 5e [ 1427.361258] Bluetooth: Unknown HCI packet type 40 [ 1428.960140] net_ratelimit: 18 callbacks suppressed [ 1428.960145] protocol 88fb is buggy, dev hsr_slave_0 [ 1428.970192] protocol 88fb is buggy, dev hsr_slave_1 [ 1428.975273] protocol 88fb is buggy, dev hsr_slave_0 [ 1428.980343] protocol 88fb is buggy, dev hsr_slave_1 [ 1429.360141] Bluetooth: hci0 command 0x1003 tx timeout [ 1429.365424] Bluetooth: hci0 sending frame failed (-49) 11:42:48 executing program 0 (fault-call:2 fault-nth:45): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:42:48 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r3, &(0x7f0000000380)=@hci, 0x80) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f0000000000)=""/232, &(0x7f0000000140)=0xe8) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:42:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x80, 0xf61f231fb263a020) ioctl$TIOCEXCL(r1, 0x540c) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$int_out(r0, 0x1267, &(0x7f0000fd3ffc)) 11:42:48 executing program 5: mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0xae}, 0x0, 0xa, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000040)) fstat(r0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x88000200, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) pause() sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) [ 1429.636420] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 11:42:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$FS_IOC_GETVERSION(r1, 0x80087601, &(0x7f00000000c0)) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xffffffffffffffff, r2, 0xfffffffffffffffe, &(0x7f00000000c0)) [ 1429.680106] protocol 88fb is buggy, dev hsr_slave_0 [ 1429.685334] protocol 88fb is buggy, dev hsr_slave_1 [ 1429.690475] protocol 88fb is buggy, dev hsr_slave_0 [ 1429.695543] protocol 88fb is buggy, dev hsr_slave_1 [ 1429.717090] FAULT_INJECTION: forcing a failure. [ 1429.717090] name failslab, interval 1, probability 0, space 0, times 0 11:42:48 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$int_out(r0, 0x1267, &(0x7f0000fd3ffc)) [ 1429.721792] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1429.746099] CPU: 1 PID: 6464 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1429.753060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1429.762421] Call Trace: [ 1429.765030] dump_stack+0x138/0x197 [ 1429.768677] should_fail.cold+0x10f/0x159 [ 1429.772847] should_failslab+0xdb/0x130 11:42:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35308ff338832ca84b13a719c053724c5666747ea779d15dcb44508ed4fcff4d7e852ee9b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=r3, @ANYBLOB="050000000000000008000a00100000008904fcbf0ef8c077474bb15a35dc43b11c2e3ea3fc0d350628b6725a3b68fbefca5c36e88010f965d1816d0c7b6b17c3bffb20ab813eade97d2160f22ec82e14e409f06640e2ea5b58be50d03f83270dc50d4ba985ba62d812bc79cc599e31cd4e4c3def0fe6af1952603c13796dc90cae88646560f2250c08"], 0x28}}, 0x0) [ 1429.776835] kmem_cache_alloc_node_trace+0x280/0x770 [ 1429.781942] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1429.787404] __kmalloc_node_track_caller+0x3d/0x80 [ 1429.792344] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1429.797026] __alloc_skb+0xcf/0x500 [ 1429.800646] ? skb_scrub_packet+0x4b0/0x4b0 [ 1429.804966] ? netlink_has_listeners+0x20a/0x330 [ 1429.809735] kobject_uevent_env+0x781/0xc23 [ 1429.814067] kobject_uevent+0x20/0x26 [ 1429.817930] device_add+0xa3e/0x1490 [ 1429.821645] ? device_private_init+0x190/0x190 [ 1429.826231] hci_register_dev+0x2d9/0x810 [ 1429.830381] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1429.834718] tty_ioctl+0x8f7/0x1320 [ 1429.838338] ? hci_uart_tty_poll+0x10/0x10 [ 1429.842566] ? tty_vhangup+0x30/0x30 [ 1429.846278] ? __might_sleep+0x93/0xb0 [ 1429.850152] ? __fget+0x210/0x370 [ 1429.853597] ? tty_vhangup+0x30/0x30 [ 1429.857306] do_vfs_ioctl+0x7ae/0x1060 [ 1429.861194] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1429.865940] ? lock_downgrade+0x740/0x740 [ 1429.870078] ? ioctl_preallocate+0x1c0/0x1c0 [ 1429.874524] ? __fget+0x237/0x370 [ 1429.877978] ? security_file_ioctl+0x89/0xb0 [ 1429.882489] SyS_ioctl+0x8f/0xc0 [ 1429.885850] ? do_vfs_ioctl+0x1060/0x1060 [ 1429.889992] do_syscall_64+0x1e8/0x640 [ 1429.893869] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1429.898758] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1429.903938] RIP: 0033:0x459f49 [ 1429.907113] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1429.914808] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1429.922102] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 11:42:48 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x40, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1429.929355] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1429.936608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1429.943864] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:42:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000140)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/video2\x00', 0x2, 0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000540)={0x1, 0x0, [{0x560}]}) dup2(r4, r2) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 11:42:48 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd111b58c81684a168e08"], 0x80}}, 0x0) [ 1429.971539] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1430.063698] IPv6: ADDRCONF(NETDEV_UP): veth217: link is not ready [ 1430.072063] team0: Device veth217 is up. Set it down before adding it as a team port [ 1430.085201] team0: Device veth217 is up. Set it down before adding it as a team port [ 1430.093351] protocol 88fb is buggy, dev hsr_slave_0 [ 1430.093404] protocol 88fb is buggy, dev hsr_slave_1 [ 1431.440081] Bluetooth: hci0 command 0x1001 tx timeout [ 1431.445387] Bluetooth: hci0 sending frame failed (-49) [ 1432.000087] Bluetooth: hci1 command 0x1003 tx timeout [ 1432.005391] Bluetooth: hci1 sending frame failed (-49) [ 1433.520177] Bluetooth: hci0 command 0x1009 tx timeout [ 1434.083507] Bluetooth: hci1 command 0x1001 tx timeout [ 1434.088803] Bluetooth: hci1 sending frame failed (-49) [ 1434.240164] net_ratelimit: 22 callbacks suppressed [ 1434.245139] protocol 88fb is buggy, dev hsr_slave_0 [ 1434.250194] protocol 88fb is buggy, dev hsr_slave_1 [ 1434.480154] protocol 88fb is buggy, dev hsr_slave_0 [ 1434.485238] protocol 88fb is buggy, dev hsr_slave_1 [ 1435.200234] protocol 88fb is buggy, dev hsr_slave_0 [ 1435.205355] protocol 88fb is buggy, dev hsr_slave_1 [ 1435.210496] protocol 88fb is buggy, dev hsr_slave_0 [ 1435.215535] protocol 88fb is buggy, dev hsr_slave_1 [ 1435.920138] protocol 88fb is buggy, dev hsr_slave_0 [ 1435.925207] protocol 88fb is buggy, dev hsr_slave_1 [ 1436.160148] Bluetooth: hci1 command 0x1009 tx timeout 11:42:56 executing program 2 (fault-call:2 fault-nth:52): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1437.954789] FAULT_INJECTION: forcing a failure. [ 1437.954789] name failslab, interval 1, probability 0, space 0, times 0 [ 1437.966461] CPU: 0 PID: 6499 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1437.973398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.982747] Call Trace: [ 1437.985324] dump_stack+0x138/0x197 [ 1437.988942] should_fail.cold+0x10f/0x159 [ 1437.993091] should_failslab+0xdb/0x130 [ 1437.997083] kmem_cache_alloc+0x2d7/0x780 [ 1438.001225] ? save_trace+0x290/0x290 [ 1438.005008] __kernfs_new_node+0x70/0x420 [ 1438.009141] kernfs_new_node+0x80/0xf0 [ 1438.013028] __kernfs_create_file+0x46/0x323 [ 1438.017433] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1438.022102] sysfs_create_file_ns+0x8e/0xb0 [ 1438.026409] device_create_file+0xd7/0x110 [ 1438.030631] ? acpi_bind_one+0x770/0x770 [ 1438.034687] device_add+0x3be/0x1490 [ 1438.038385] ? device_initialize+0x430/0x430 [ 1438.042781] ? device_private_init+0x190/0x190 [ 1438.047363] rfkill_register+0x19c/0xb20 [ 1438.051572] hci_register_dev+0x34b/0x810 [ 1438.055721] ? __raw_spin_lock_init+0x2d/0x100 [ 1438.060291] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1438.064633] tty_ioctl+0x8f7/0x1320 [ 1438.068248] ? hci_uart_tty_poll+0x10/0x10 [ 1438.072475] ? tty_vhangup+0x30/0x30 [ 1438.076185] ? __might_sleep+0x93/0xb0 [ 1438.080059] ? __fget+0x210/0x370 [ 1438.083503] ? tty_vhangup+0x30/0x30 [ 1438.087222] do_vfs_ioctl+0x7ae/0x1060 [ 1438.091103] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1438.095853] ? lock_downgrade+0x740/0x740 [ 1438.100050] ? ioctl_preallocate+0x1c0/0x1c0 [ 1438.104457] ? __fget+0x237/0x370 [ 1438.107903] ? security_file_ioctl+0x89/0xb0 [ 1438.112305] SyS_ioctl+0x8f/0xc0 [ 1438.115663] ? do_vfs_ioctl+0x1060/0x1060 [ 1438.119792] do_syscall_64+0x1e8/0x640 [ 1438.123660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1438.128496] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1438.133678] RIP: 0033:0x459f49 [ 1438.136859] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1438.144549] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1438.151806] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1438.159070] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1438.166324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1438.173579] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1439.360144] net_ratelimit: 18 callbacks suppressed [ 1439.360150] protocol 88fb is buggy, dev hsr_slave_0 [ 1439.370203] protocol 88fb is buggy, dev hsr_slave_1 [ 1439.375282] protocol 88fb is buggy, dev hsr_slave_0 [ 1439.380351] protocol 88fb is buggy, dev hsr_slave_1 [ 1440.240136] protocol 88fb is buggy, dev hsr_slave_0 [ 1440.245241] protocol 88fb is buggy, dev hsr_slave_1 [ 1440.250397] protocol 88fb is buggy, dev hsr_slave_0 [ 1440.255435] protocol 88fb is buggy, dev hsr_slave_1 [ 1440.260509] Bluetooth: hci0 command 0x1003 tx timeout [ 1440.265754] Bluetooth: hci0 sending frame failed (-49) 11:42:59 executing program 0 (fault-call:2 fault-nth:46): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:42:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x44000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 11:42:59 executing program 5: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000080)='./bus/file0\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000002c0)={0xff0f}) 11:42:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000140)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/video2\x00', 0x2, 0x0) r4 = dup3(r3, r1, 0x0) ioctl$KVM_SET_CPUID(r2, 0xc008ae88, &(0x7f0000000540)={0x1, 0x0, [{0x40000101}]}) dup2(r4, r2) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 11:42:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000240)=""/212, 0xd4}, {&(0x7f0000000400)=""/160, 0xa0}], 0x2, &(0x7f00000004c0)=""/102, 0x66}, 0x0) connect(r0, &(0x7f0000000380)=@hci={0x1f, r1}, 0x190) r2 = socket(0x10, 0x803, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000700)={0x2, @pix_mp={0x1, 0x745, 0x31303553, 0x2, 0xc, [{0x4, 0x1}, {0x6, 0x401}, {0x0, 0x401}, {0x7fffffff, 0x5207}, {0x1, 0x1}, {0x1, 0x21}, {0x5, 0x8}, {0x5, 0x4c}], 0x8a, 0x1, 0x3, 0x2, 0x1}}) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50b03000000c4b58c81684a168e08"], 0x80}}, 0x0) [ 1440.480140] protocol 88fb is buggy, dev hsr_slave_0 [ 1440.485209] protocol 88fb is buggy, dev hsr_slave_1 11:42:59 executing program 3: openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x12) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1440.557922] FAULT_INJECTION: forcing a failure. [ 1440.557922] name failslab, interval 1, probability 0, space 0, times 0 [ 1440.584263] CPU: 1 PID: 6508 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1440.591225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1440.600581] Call Trace: [ 1440.603179] dump_stack+0x138/0x197 11:42:59 executing program 3: syslog(0x4, &(0x7f0000000000)=""/206, 0x471) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) prctl$PR_CAPBSET_READ(0x17, 0x22) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x0) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$UI_END_FF_ERASE(r3, 0x400c55cb, &(0x7f0000000140)={0x10, 0x46, 0x7ff}) [ 1440.606821] should_fail.cold+0x10f/0x159 [ 1440.610977] should_failslab+0xdb/0x130 [ 1440.614964] kmem_cache_alloc_node_trace+0x280/0x770 [ 1440.620076] ? mark_held_locks+0xb1/0x100 [ 1440.624241] __kmalloc_node_track_caller+0x3d/0x80 [ 1440.629172] ? led_trigger_unregister+0x2e0/0x2e0 [ 1440.634038] __devres_alloc_node+0x39/0x120 [ 1440.638368] devm_led_trigger_register+0x36/0xc0 [ 1440.643132] hci_leds_init+0xe8/0x1b0 [ 1440.643464] overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1440.646935] hci_register_dev+0x2ee/0x810 [ 1440.646954] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1440.646969] tty_ioctl+0x8f7/0x1320 [ 1440.646977] ? hci_uart_tty_poll+0x10/0x10 [ 1440.646988] ? tty_vhangup+0x30/0x30 [ 1440.647008] ? __might_sleep+0x93/0xb0 [ 1440.647020] ? __fget+0x210/0x370 [ 1440.667171] ? tty_vhangup+0x30/0x30 [ 1440.675003] do_vfs_ioctl+0x7ae/0x1060 [ 1440.675018] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1440.675030] ? lock_downgrade+0x740/0x740 11:42:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x7, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x3}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) [ 1440.675045] ? ioctl_preallocate+0x1c0/0x1c0 [ 1440.711435] ? __fget+0x237/0x370 [ 1440.714895] ? security_file_ioctl+0x89/0xb0 [ 1440.719310] SyS_ioctl+0x8f/0xc0 [ 1440.722677] ? do_vfs_ioctl+0x1060/0x1060 [ 1440.726841] do_syscall_64+0x1e8/0x640 [ 1440.730723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1440.735600] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1440.740790] RIP: 0033:0x459f49 [ 1440.743981] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1440.751694] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 11:42:59 executing program 5: bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) close(r0) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000640)='memgry.\x00\x00\x00\x00\x00', 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x16, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x3c) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000200)={r2, 0x0, 0x0}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x8) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0xf0, 0x0) close(r3) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3}, 0x0, 0x80000001, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r1, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup\x00\f\x7f\xd9\xfa;\x8b\x88gb\xefi\x16\x91\xbb\xc4\xd5Jk\tU~ \xa4\vR\\\x8a\xdb\xcel\xe0\xa3[\xae\x9d\xac\x84\x9f\v\x9e\x9f\r\x10\x1f\xd3\x80\xc1\xccq\xab\x01y\xed\xfc\x96)\xf6_>+\xa03\xf4\xcc0\xbbE\xb0\xc3\x94\xd53\x87\xd6\xc4\\\xc7\x82\xe9\xaf\xb5\xb6\x15\xf4K2\x17\f\x98\x1c\xebq/\xf5\x81#\x85\xc5\xa0\xfd\xfac\xd9\xf2c`\xe9[c\a\x12\x1bb\x82\x83\x86d\xf0k\xa8\x90\x06\xa8\x1cK\xea\x19\x91\a1z)\xde_r`\xee\xb6\x9e\xcb\x05\x00\x00\x82\xa1\t\xc9\x05\xcc^', 0x200002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000040)) r5 = openat$cgroup_int(r4, &(0x7f0000000200)='memory.high\x00\x90\x80\xa4\x96\xbb\xe4\xb2\xa2\x01\xc0\xb8*Z\xef\xf8\x0e\x1f]\xf7\x10\xdb\xfe\xe4\x1d\xc6\x92\x7f\xeeK_p\t\x8c\x9f5\xd0\xef)\xd8\x04\xbf\xc2N\x1c\xf0R\xdc\r\xb1Gf\xba\xd11#<\xaf^,s\x85\x10R\x99\xc2D\xee\n\"\xf9c\x15{\xc1[\xef\x06\x8a\xcd\x9d\xc8\x90#\xd0\xe7\xe3\xe0\xa9\xf3\xc0n\x1f\xd1\x11P\xe20\xcd\x1c\xfa\xfd\xa3\xcf\x9c\xc6\xb7]\x16\xc7\xd7\xb4/\x82\xd1\xae\xd9TM\x05a\xe5\xc5U\x91\xbe\x81\xac4\x9d\x02`\xe7\xa6q\x1f@\x1f\x1f?tm\x9c\xd1\x8c\xa1\xb5\xe0`H)\x97r\xc0?y\x9cc=c`A^\x9f\xcd\xbc\xf4m>I\xae\xdf\x946\xe7M`\xeb\x9fm\xbe+n\x00\x18k\x98\xab\xd5\xeet\"d\x81\x94\x04\xf5\xeb', 0x2, 0x0) write$cgroup_int(r5, 0x0, 0x0) 11:42:59 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0xffffffffffffffeb) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1440.758994] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1440.766269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1440.773617] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1440.780880] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:42:59 executing program 1 (fault-call:11 fault-nth:0): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1440.999196] FAULT_INJECTION: forcing a failure. [ 1440.999196] name failslab, interval 1, probability 0, space 0, times 0 [ 1441.019123] CPU: 0 PID: 6539 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1441.026085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1441.035440] Call Trace: [ 1441.038028] dump_stack+0x138/0x197 [ 1441.041646] should_fail.cold+0x10f/0x159 [ 1441.045839] should_failslab+0xdb/0x130 [ 1441.049799] kmem_cache_alloc_node+0x287/0x780 [ 1441.054368] __alloc_skb+0x9c/0x500 [ 1441.057975] ? skb_scrub_packet+0x4b0/0x4b0 [ 1441.062282] alloc_skb_with_frags+0x86/0x4b0 [ 1441.066674] ? __might_fault+0x110/0x1d0 [ 1441.070715] ? find_held_lock+0x35/0x130 [ 1441.074756] sock_alloc_send_pskb+0x5db/0x740 [ 1441.079237] ? check_preemption_disabled+0x3c/0x250 [ 1441.084235] ? sock_wmalloc+0xf0/0xf0 [ 1441.088021] packet_sendmsg+0x16c4/0x5a70 [ 1441.092147] ? avc_has_perm_noaudit+0x420/0x420 [ 1441.096796] ? save_trace+0x290/0x290 [ 1441.100584] ? trace_hardirqs_on_caller+0x400/0x590 [ 1441.105580] ? __fget+0x210/0x370 [ 1441.109018] ? packet_notifier+0x760/0x760 [ 1441.113240] ? selinux_socket_sendmsg+0x36/0x40 [ 1441.117887] ? security_socket_sendmsg+0x89/0xb0 [ 1441.122621] ? packet_notifier+0x760/0x760 [ 1441.126944] sock_sendmsg+0xce/0x110 [ 1441.130639] SYSC_sendto+0x206/0x310 [ 1441.134332] ? SYSC_connect+0x2d0/0x2d0 [ 1441.138292] ? trace_hardirqs_on_caller+0x400/0x590 [ 1441.143291] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1441.148028] ? retint_kernel+0x2d/0x2d [ 1441.151911] SyS_sendto+0x40/0x50 [ 1441.155343] ? SyS_getpeername+0x30/0x30 [ 1441.159391] do_syscall_64+0x1e8/0x640 [ 1441.163258] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1441.168125] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1441.175119] RIP: 0033:0x459f49 [ 1441.178289] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1441.185978] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1441.193229] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1441.200478] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1441.207726] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1441.214974] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1442.320141] Bluetooth: hci0 command 0x1001 tx timeout [ 1442.325473] Bluetooth: hci0 sending frame failed (-49) [ 1442.800103] Bluetooth: hci1 command 0x1003 tx timeout [ 1442.805371] Bluetooth: hci1 sending frame failed (-49) [ 1444.400154] net_ratelimit: 18 callbacks suppressed [ 1444.405114] protocol 88fb is buggy, dev hsr_slave_0 [ 1444.410284] protocol 88fb is buggy, dev hsr_slave_1 [ 1444.415463] protocol 88fb is buggy, dev hsr_slave_0 [ 1444.420725] protocol 88fb is buggy, dev hsr_slave_1 [ 1444.425986] Bluetooth: hci0 command 0x1009 tx timeout [ 1444.640133] protocol 88fb is buggy, dev hsr_slave_0 [ 1444.645198] protocol 88fb is buggy, dev hsr_slave_1 [ 1444.880158] protocol 88fb is buggy, dev hsr_slave_0 [ 1444.885268] protocol 88fb is buggy, dev hsr_slave_1 [ 1444.890420] Bluetooth: hci1 command 0x1001 tx timeout [ 1444.895670] Bluetooth: hci1 sending frame failed (-49) [ 1445.600277] protocol 88fb is buggy, dev hsr_slave_0 [ 1445.605409] protocol 88fb is buggy, dev hsr_slave_1 [ 1446.960114] Bluetooth: hci1 command 0x1009 tx timeout 11:43:07 executing program 2 (fault-call:2 fault-nth:53): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1448.834602] FAULT_INJECTION: forcing a failure. [ 1448.834602] name failslab, interval 1, probability 0, space 0, times 0 [ 1448.846071] CPU: 1 PID: 6545 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1448.852999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1448.862336] Call Trace: [ 1448.864911] dump_stack+0x138/0x197 [ 1448.868528] should_fail.cold+0x10f/0x159 [ 1448.872700] should_failslab+0xdb/0x130 [ 1448.876656] kmem_cache_alloc+0x2d7/0x780 [ 1448.880801] ? save_trace+0x290/0x290 [ 1448.884589] __kernfs_new_node+0x70/0x420 [ 1448.888731] kernfs_new_node+0x80/0xf0 [ 1448.892602] __kernfs_create_file+0x46/0x323 [ 1448.896992] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1448.901647] sysfs_create_file_ns+0x8e/0xb0 [ 1448.905956] device_create_file+0xd7/0x110 [ 1448.910193] ? acpi_bind_one+0x770/0x770 [ 1448.914241] device_add+0x3be/0x1490 [ 1448.917934] ? device_initialize+0x430/0x430 [ 1448.922323] ? device_private_init+0x190/0x190 [ 1448.926893] rfkill_register+0x19c/0xb20 [ 1448.930937] hci_register_dev+0x34b/0x810 [ 1448.935066] ? __raw_spin_lock_init+0x2d/0x100 [ 1448.939634] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1448.943941] tty_ioctl+0x8f7/0x1320 [ 1448.947545] ? hci_uart_tty_poll+0x10/0x10 [ 1448.951760] ? tty_vhangup+0x30/0x30 [ 1448.955462] ? __might_sleep+0x93/0xb0 [ 1448.959336] ? __fget+0x210/0x370 [ 1448.962772] ? tty_vhangup+0x30/0x30 [ 1448.966463] do_vfs_ioctl+0x7ae/0x1060 [ 1448.970331] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1448.975065] ? lock_downgrade+0x740/0x740 [ 1448.979191] ? ioctl_preallocate+0x1c0/0x1c0 [ 1448.983581] ? __fget+0x237/0x370 [ 1448.987030] ? security_file_ioctl+0x89/0xb0 [ 1448.991419] SyS_ioctl+0x8f/0xc0 [ 1448.994774] ? do_vfs_ioctl+0x1060/0x1060 [ 1448.998915] do_syscall_64+0x1e8/0x640 [ 1449.002782] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1449.007610] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1449.012779] RIP: 0033:0x459f49 [ 1449.015956] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1449.023662] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1449.030912] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1449.038171] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1449.045419] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1449.052686] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1449.065188] Bluetooth: hci0 sending frame failed (-49) [ 1449.760138] net_ratelimit: 22 callbacks suppressed [ 1449.760144] protocol 88fb is buggy, dev hsr_slave_0 [ 1449.770195] protocol 88fb is buggy, dev hsr_slave_1 [ 1449.775324] protocol 88fb is buggy, dev hsr_slave_0 [ 1449.780401] protocol 88fb is buggy, dev hsr_slave_1 [ 1450.640147] protocol 88fb is buggy, dev hsr_slave_0 [ 1450.645255] protocol 88fb is buggy, dev hsr_slave_1 [ 1450.650396] protocol 88fb is buggy, dev hsr_slave_0 [ 1450.655554] protocol 88fb is buggy, dev hsr_slave_1 [ 1450.880137] protocol 88fb is buggy, dev hsr_slave_0 [ 1450.885204] protocol 88fb is buggy, dev hsr_slave_1 [ 1451.130353] Bluetooth: hci0 command 0x1003 tx timeout [ 1451.135657] Bluetooth: hci0 sending frame failed (-49) 11:43:10 executing program 0 (fault-call:2 fault-nth:47): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:43:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200) sendmmsg(r2, &(0x7f0000003240)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)="d2d051a7ffed4ab4dd19b13bf7de380b4f60acbe7b0665095fb21829ed3f834bdbe37bf017a09d83c36044a9cee2ba4898b54c5aabc250c396274287c85ec42d717f6d1191e62e72f0d247b57b1502a5235092dd0bcf9bb3db2430773c9d4027ad27ad5e9f86733c6d64d28afed02d855485f2a46346812f0a42635c6f7db34b90757a4d75515bcbbe90bb8406b999fbac3b28d21f2c15", 0x97}, {&(0x7f0000000700)="741af0e3be112288ca1cb5ddf43c16091781d1e16710930844a54d791a968be352841fd737b9ce6f3479661ddb34e69ba805e6f8013d57b871031bc3a4a98afd44f9d4b5298a538866aec03798c5a529f0d47928603136e1d91facf1c87d5daf42999cb12ba782da9dc1b07008f39c2fc832e58045c24b550653632777603ccf0bba8b166bff780f0a7f28beb423b3bc18d0bfbd1f13ed59365ea21bfda530c69e34358ecd9424c98a416a151ade40eb1b759e68fff16594a5027c32bb87da925bfd31e193e4ed7b4d40bcff781bd77cd527cb479eafb7ad67596118f56eac2c0b5cb624c3d470a0ef8e976509d030071dcbfe26fd66852a8b9c3b2d9c32447c2849c81312335926fa02469315aa94bd8adc56a8a79053d7d4059f62d8c166a4364b26ade62342a6e06d1d8195a884cf55f92d0e39328ff326997b639861aed01ad2bb1d7ce3b78a9681ef73f8c95fc1ac6edaa36e761cffac51dce5b6771bfce94166a4987548b18e214ff17296a560d8787becd7302f22fefc49dccb4227650b69b977adcd1506fe67a0ce982208c057be265c95d0ae5072e472e9d9c91e3c0136c262fec42e864af5eeb018dc42dcc2b05dbabefce78d6bce054f0bf06008beb241ff00d1c1b63ba4f0c6e699a18cce52db6aede245993ac8462208d7ceefa5c2674e937a93329d7efaff9bb8cff1d5da3f706c5c89bdfa9a50e729a0f8738ee529c3536fe6f33c1c836aa08c048c31a35fcab83584eb0405d1e147f1cec435c77997cf54b80136748b139e4626392f351b54333aa8354a44b39fb1a0ebe82cc577e059caa70a419bebd72f57f26a55218c5419291edf5db6ae0535843ad3db9d5198b490fee71b622fd022cc81337ebb22cdb52b7e8d56dc9b6a88fd79f7e5f750b3a5a59f639c641a2510b2ded06af261bbb50486870a192a447823204cb92c7350e7e95815fe321c0aaf7ff20f107b5f229434a608a6f7e7b72d768c85765e61896241d7854e1b3f0e43a81f293aa33387c24b27c80a9ecc67272368ac465969476966f14f196386fa45bb93e6c0657f866280d3c990409af7a4cb7f6d250a680c05912514fe65b06bc66a8b14e82c4e29b4b8038bf6b84e3ff17a1f5f896385f2aea6b1d12cc10449fd1e6da3eb000e18468701205b988c80824a723196e559df28a4da98c3e1a9bd6fe1a708b32beb7547dff532a67dc9870974d31ab31d359e88735019e1a34ac3afc941c5af3145f9290868d3ecbbc408928870b87ea46909f1f7d25ffa745e30130ccdcff1130689e53499c6fc18c8b287be82f9a32510de9e6c8f1d08f98d230ed7e4cdbb94cfe1c603e80567db18d282ca7cdc517720f898dce53429f6e8594dd2d764fdf24a38ba9164d58297f70a506b0d2a92f41be055d751252fab6c658a2fe3bf6a6db6fe1717b663338c4c60c364f7951d83c87e4b90071ebe7ff0b2d4e7a8411d83c52709ec1f91e204b4bb5b267249c62a2c4efb766f3f30e67f35d89307edb265cd72d4f33feb9a73e30d21cc0e1266524fa292d9b99f9e55972739513b480bd556c63bb161d53314c9d35d675536eeddee3ee42ed3314f2ae769140e0004be13e7edd40c5f541eb38591b47e8d768c29c9154de20a9e4778cf624eb8c29fed9af89c439a2c1ca3ae130fd1fef5f99469f360548c3fdb62e8eff80a7929d71a2f792907bd4cecd3b6fec3a749aac06a0c2d8472c5ea046796ac3a9e03fdfa977445d52416693c10c4617057c7cabd5c4da5f0de5af400399cbc07bc2f3b771df4afd0e4db5e5b3f5af0e588ab7b9decdebd9de7702cb5965096fbdfb67408117da65cb3f198ad15a6361d29606c1fa07e0d2868e0726dac2112f7637b50acedf9b1ee99223e7addfc4ea759403f4d471bac36d8c643594e206d29c8b4b2cf78e6d9b22266a24adf384c3cf2b9bf615274e25b5861c6603ae37f8f3de87c3d633d07a3f7e8b9c9ea9e69d9e4346e89684405969486de8b1622fc83b0222179779b420f9c4f026537d3f951adc0ea5885477920401e32f0fe4d6b83f17807a92580de3b3f49bfe6582c6ff96cdd94dcf54fce019c58d62d901d7aad8ce90e5af2b006568dda98d7c02c9e3ec30fbc7c9e007d36cdf67564b16ef5747d2497bcd062d78a257720f118024e44c63f28df9c2dd24e3d73f86655cd7dfebc6c793732bbbf84a0d0759390ae2219c55b92c57f31753e389925c2a4fdff84f001c46a11eab7c7b9ccb5f405a42c636270a5e3a008d906c5eb486e254a61d9d63d00aabbfd1ac44e8f2977e59b80318dc04ad05240642442298461cad0eb20239bfbdce4189bec4877f2a864ef9edbb6af3242678f8b021a6627e9af6ad4416ceb2121ee35b7da89d47178fef9301d4fbf3588ccc73dd5e956efa0bbcefa33a2e908f62edb0eb5d2a1f46505c820c9eb46aff68613bfc369137b0f103f9684086ce253f0dc3da30efbacf4e015af2f2b19609b84bbc553389779df4f8f8fecf785afa916979dc1d0fa131912c47ec673731e2b25c4c22c17645283d908fa59bdef17430e1657da0b8960cc1d53902547672de4435f4032498bd5dd2a3ce8c11dc3552a39c5079a55a2d53687056e574cbbbe21b7b6db9522aeccef90c2ace9939ee8c3d750d9bee1234687c8152fe98552dbec88799a02347a44c0c77c9660e802c95b4df89c1716dbd79a0701ed15818fba9b5bf24003cdbae59fca77e60156065c203b187e242559e004e6fe112e81ac39693c9b6b8fa1cd2dc0996c23f8d2028ead6ea679603c8ca0ced9070aedec614a5b6a1036671798022e4884575eb2678412338eb7b6ab23dc65ad79197bb876f64a97f672d129ec87c317dd995f514d93d837c7cb61a33bfdb0b349e03cade1dd34f190b8dddf03ea12667e476f3f7b1c43ac04000275d74aabaf4901663651cc0c92dd18f332e2b7f0e998011c0e56c21f954ab6cd0de1639509c87babd0d940f42bb7fbd491ca0686a57c7aec7be3788f838f41000d43a0e5f1df067328bc7d85f0aa9e1731da8a9c554514ec56fe890da848fd3bd3aa0ed46eea955cbb7ac7488dc336d5b13b9d7b980785de1646f9cb8613b9f9cf83afea44f7db4872fceafd28151f430f6ec7064f48d7e86b8157f566575fba1eca45135b199eb1b91dd2e0eed3cbbc8ac0ed6b9ec5282d88e73e2f7306fd7ede0941671ee65f0d0ee4a9eba1bf91d11dd20c8cd082ba8566da97e5804ed1fca59b6485bc47fbe81f86d6609f759db4b792dcb87eae7c8326b6d70b0fff468b7fd368f0da874733b6ee72a3576bc76a15f1e65aeb46cd0ad319a5bde9d08026efdfd7980699c82d366ff247da5a9def6586c1b32499b572308083568cc878cccea4e3194b2343ee5f9a0e9d5346bb596460c67aedec38c36340ff8c9b4785aaa092a6a8f0e56a5c5383e3cd6de87a47c7a888381157abb32011a5010d945d8b7886722481065ed199d567b18261a9dca89c723facf0e06ee75bbfc24e02d3006756f58f1b7e325c3a476edf6e01599434638b0d90f27986b382791fd98aebe197615af56c8cdba9bd43829a21b30aca39c4a90cdf04e8b5146a04e5041fe3b72afed7f38ae1b03c31a043d480ecde72cad35bfdf2e040ceeaad34450619d5d9405861b5c0899c68e57112421c46665d248202b17431e6f99a3a01a5310f21728df25794d404c18581ca633db35ba1a91377a2ef759ff9197bca47290ea5bc412a623775fc05d663530eb474e745a657cfb9b74a97939383697bdebba154483130af0c76c3ef536f152f4d9269b43bb88d57829041f10279b216a3781723b687282a3d91018c027c8c6005d0b80969ee567f0d17a1fbf2dab41165eb40c461b71f4881641eb263092a64e0af6dec1905daf1f24ad42f6b885ac45416286c3c2c3f4338f9f7264e35007acb06e20f609c1d35ddf2fdf16af2efb60e09addbadda4de8aeed04ba4d5bb1ff682dfa2363f325f104263b61c91bbe8895a92be0a6fd3d0fe7b7179091f9ebbc8e2218d1d65f9a2ec4007be8b7245023a0864919c5456766e92098d43ff4de4326a365c2e03f459a7e27168f8a286018afe38c8458474478fd5f37718818a0522ae79eab5a74d4061bb6237888fc1a2b19c4742dd0262b38a991d2dfc64972db1e362669be5e22170af7bc91f92788baed3662eadb2b9764ef8929091f38e8a55d7dd2b5121c0eeadd622bb7fe33fc0fb7929930d637933a98593be4e95275c3afb831fc1dc618e5c26f515776c6492af07cf6f297ba97809ae2303f8bbe0c3e92c1ffa2b303d5c77c4950a2d96e46a67cd99b409bd9238f5a5ff95bc304c85768916a57b75676c0285bdee42934b670c1b630ce24ca491a811fa56dbe04622c6804aa8575da60c81c77a99116457c64dc67ac04b26ec1f424308c57927467d3bec23a53e3fe0a1172c8258189545fe3292bc348790b3d1d8d0909c6cbbbc8a3ed30cf6af6221ba076ef3f773f73c5d497300174859bcd35bcdb3fbfe16d6d2d6e360bdb8bf4a82de91ec3b8d960847381504548db4b507aacdefb7d177af1ebf8a0920493eea23a53652822229b032fcf6c238ff73d7f4560d967011b5241b1839fd73f88a5f14a8530ecce6853cd537e510c7a2d4e75245c865fa4c68bf697bc5a3032aa24111a10dbd432b83ed4afb6a9e5b62adc2d12587dd6531e65cf4c7634e2042ef25830a7fb5aec3578152d42a955cc0ed79ef825470d41ee549896202fa34ad3ffbc3c65554f10f518c9b7439071e7b2b41e99c2139df7c717c0476bbe760da0cfa39fe72122f649812b76dc6c9ee72d31e7b8fe768372dc3b53c811244f263c9efd4144c86bd3e28a445e4d19117568333202578e80d1712a3053f6af01d7d41fc9913538c4f6e432910eb3b74fd021f35a924e82f203adb8a4aa16e613268721e6cfa1c26e85a57793a1cf8425ea4cd867a09a8ad6b13bc2ed2d176e187e03cb439afb8352f0fd357e5b76f7cca765b3de9bdc5710b217da2eec8aa5bacbd95065801c181758cb4e46e3cd1e440b5d428801a33ae4f46ba1e4322d895ff8d239c70b758435d5861a7486de1065b83cc22df189e2e0443eaa3bc4e574a5739226bd6168769e8408387e891217213a056b80571f9695dbcf02575b79433324eb877b9ae212b676660dbd3c2007fe12e6c35ffefee17ce5fa11d8930846c3563da4f20f14dc5bada792ac157e42f273f185b97e60ea3529d745b7ad63f89e8750c9fc4f79011f9616ed8f0cbaa3b4b4459614eec1c18f566b4c0550d0ed0b33cf2b04cd5a73037c580c9bced5da2f8d31c43f73d9aa8939416e1a80d29fef1b0d6779dd8fda0215240196845e18e29d19d000ff763b43345d6b62ed9281d3589c0ee1c8b9a010e9139c4eb03dcfed96172aca115e18962fd3bd3a3f845f22d8fa007ddc66cc5d068f6ed1b39e51195635517e27e4dc855028c8cbf826b54fed5e2e0db22276b148970cfeba15f2efd3c1084b19e8c71b6510fecf3ae34349cc5f17859132f4c84d19a4b10e055ef95e00189ad418b966d4dc36593471030b2d053ff406f959cdb25d103e1b3d5e13d22ddc9d1756221e49014029cc44228dc673aec21fd4b0fb2b42a1fdfa3ed4df513b6e62be6217f9e7aed735fbcb31b05484e935fc0fe3b8d9d896c3e1bc6fd53965b6e40244dee6dfb7acd5adf224016b2c2f05833b447d6cc486cd689ae314584f406ad16b0fab744054548c3460efb7bce36136383a312866ef7916a5e152f44bf7a02f4aaca4bda1b846649750", 0x1000}, {&(0x7f0000000240)="fdf96cd4cd9d3ba6675e09c3a94a6fb161a017673c7d98c97c9ce821b6cf1c2278ec7aab37cd8385a62442f0f35db5a03dc9ea093229c923c6f88860d0bec823278867320020e6b356e29c59284ea70fe81829cb17e834effed6df986457cc97c7240f584d8eedef50bd3844d6bc48f032307ee9da9d0c5d99d5248fe2d1a5f9ea3e058ef5a6268280c93ce3665d9232f305e1b5698bca2d99fc763e72f9cad8b70945d1198d5ff46b135602ca449718e3e734dd8cc9b3", 0xb7}, {&(0x7f0000000140)="cb2880c513dd57c6f8df9f8b8d7264c153f0e598f2f1e5ad666d716d55b27b343060386b65214c8fe4d2", 0x2a}, {&(0x7f0000000400)="61cf610f2fe814354dd1d123f8c7909c756b3f4a03b015211f4fc5fba34e28fcca3d861c3fc6dd2639f670d2165e07dfaac1e830a8b3c557d62a3e30f16952a2996001fa000453e9ed237862b5ef6b2befe894b6c3c34bfac48205838a1a1b3c65717735574d66d5f2ee39e77fc82ff4a3ed9666fc7c0049a78cc47ff5281e77a2c0b17530b1bb8c1e16ef08ecde9eb6b5ba49e3ed94c31b76fde452f49a2335185c54eb177eb593ae440426cca95ab62551baad7f2d33bca9b78438d67eb7a56fdf", 0xc2}], 0x5, &(0x7f0000001700)=[{0x70, 0x100, 0x80000000, "0ef84ad60deae18dab3e27c329cc67293b52f3f07a6f1d1afde98dcd9c3006767dac0ba1b3058216689caff6af7672053f8aa6d4840af2fbcb72549997cb2c41e03d981e83cde107b1a06933394dfcb9d8ea7ad8035209da892e"}, {0x28, 0x86f3897983a8193f, 0x1, "94cacb6677298214bd0b159841fcaa3f9ddd92f7eeec35"}], 0x98}}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000000300)}, {&(0x7f00000017c0)="e717d11a68fe399815b797f164b1502f2fd7bdf5abd60e864dc21ed2ec5a0eb41d03d65b02f7591046ebb2aa47a32cbc73c1e7f43ea8d32bffcedd040a909a3fb962245ddafc3ad64b4a645840e8ee841e6346fb11e4b4bbd547d9ba37ac3626ec900d0d07ee14d6ced442a4c2e1504fbeb2a6a345be3f662c0468c10782e4708d25dcba5386e45a1656e87c068bd4bc2bb79cc0994e5b49fbe14cde2e", 0x9d}, {&(0x7f0000000500)="c1246b0d97d8146dd310deffa795bbeba233", 0x12}, {&(0x7f0000001880)="26b4e5fe0a625edecadc0b892b67bfadedcdf68677557c06b7ab6dd0648b1a5d04757c7fecc7d19efb32a86517a1446af3db5fd93324ef03a5e71d84ea7c469ba789bb7f222d612725ce35e65f3f6258fd1c1e6e2509e19e7351782e838d3c5ab302eaad37d7e6b660559e572ba2fa7bc715d56374fc1443bf716cbbfdad984432a00dd59ec2dce97795960e155a47f539a9d87fe8bb007d6d4689aae4510df190c0fd21450ee65ec37308a05ac8b772473c0221ab39c8f41f2bfe56e034fba36eea90d6177cce6941d6786d36556755baeef121b9227eb1106ec30e44da97043674781e32cde66159806edf60d0f8158466da", 0xf3}, {&(0x7f0000001980)="91e2554ca76c7749bdc8455841a08fba9683df6b39a347a2a9f1f5fcecb5f7eed5ea00c914f8f2c1b55f3248dbeed04e6267e84556acf728b4e6c52eb1cf73dc4241bb163092f3e53d747169590be5d4d7f585bc50ba34e12cbd0dacc94526f7b16c1a209aa73af9d72d853ffd5b07448cae7f7a021897b7c689566ddbd4270fda39c03adfcd37d442e5f50856086dca", 0x90}, {&(0x7f0000001a40)="d60537876425c1c6475d18ea3603d993b73273a10d48342b9399948fb50b592d0b2da17cffb90b2b28d5b5b8377398aff3a2e05d50748e81cd89c43f7d262202d449022c3c36f3fd7f307b88c2c37295fe4a39552a941029e6eebffebd2d0f4b50282532a2b5943e0cbfc3838b0ece50dd9ed2265be1ddc93f3b21d949c73d187c39387a8551abdc1b2616e2347c77d32f2aec4aeae868315b29f11eb9f557cf705739d5ad143b448d5f32d74d54ee3ba4700e49b8c103420e2a921b510bc23fced754fd007d1689de3c69eae47c6db0715e83847ed45272f3aad4a884d57c4825a9c60efaa7c5fa7cc674b0844a43", 0xef}, {&(0x7f0000001b40)="67a4b114cbffd2edc79cf9aed66b68a0f76e7c3f35c154e1892c5dcde0770c5bf0b4ceffcc4b82c680464c5d28a7c89d91b3036546514902bf9d70547eaba639b12eb8596d0d15d60c8c9f", 0x4b}, {&(0x7f0000001bc0)="4d4acd8257cc3ba35630fec054c0e5936f9046b0c48069930a54ce3e65ab3b072c0c60949d20cdb90165d77aff3b9b55d5fa0d763f9445543c2d04d169e9d241587df99bdece2819cb61e75ba13de66817d3196c7628c0956cf23e92b19dbe4e4c9c6041b140a257227ce2149c6b06c6927f9b146cb14bafbcab91ffbdaead6faa84d0df41cd45691d0eb822ac33600fe63a4f9ebac8c26ecb7ecc2381675bd8ea15a5262e6fc94e5fa8a2c27e6ed5455c1e9c88c45ad90dd56b96c213ec3289b09a428f5998d9fab0a260a4df3a6aed9cfa93dcabf1b09f1a60c75e0352539dc7c68fd1e08b0d7915c8ec77f7b8", 0xee}], 0x8, &(0x7f0000001d40)=[{0x40, 0x110, 0xbf, "1fd4f9aebfd168f542b0dae9e9fd1c67d9ad0dcd1b82a2c53dc144f95e9ec8fbe3b0bb99a617aad586"}, {0x10, 0x10c, 0x9}, {0x68, 0x1, 0xfda4, "69a68276770c304bbf6e2af1e63b450298c5e339db490f6c4ff5a390a16581c43fbab1190055a369263fc6e87b00562433bd9886f18bd5c2698845e17ba041acb656efb7b23ec901f0576e802e1c0e8bfe8b0e7daa2cc01e"}, {0x30, 0x117, 0x401, "b5d4f066a4de95e16100a0f83b8a02d65f900e96a0247850c75cb8d63d46"}, {0x18, 0x10c, 0x7, "42e4170228d7f9bf"}], 0x100}}, {{&(0x7f0000001e40)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x3, 0x3}}, 0x80, &(0x7f00000031c0)=[{&(0x7f0000001ec0)="2b674cc3558e4d6d79c1441663827cc04183c7b086f7ca3e4416adc489ffe1fbfe1625838afb96dc5bbc168a5be5a9a1d2c97771698c6269e60891cb53b1d223239562123365e105040fe033a52f669d", 0x50}, {&(0x7f0000001f40)="377e862918f0e610b1bb33154a10a526a150f5266758ae4bf8c9c4d60dfd30949526e1ac922b5fc9f81b8eaca27c6aee1d5c7adbdd028b51fc2ef2d30f562c8573529806", 0x44}, {&(0x7f0000001fc0)="09071889fbe93862e68c9a893ed15263b0628b2cfdb0fc11d0d374129e5f478827631711d0b1eec3a15a6464c7be9cd0c538a960fce8af5b11fe07ff93c572d25bca9e24c896c5f8f7dd656ae510b16073148fb35c1c30", 0x57}, {&(0x7f0000002040)="a7cb13364aecdaa1727a7d6f825ca9c6aceee022b95dbb8f91432d0c5d01d2e386697a80f6295c86a5bc1b56baf22527546531342be11140a135f0929a1876ece18e4dea7a2283a65b3c71b71be79164e96144dab229796957dee2bdaa723a6c155c84b5feb3ceb19c9a72167842bf4254e65fd726be0193538070d78e0904c56a4cd9d622f25562a29f4b1dbeee53d49a671fec8565ff7766f860f803cf00e2aae3d344848502c8095f3d927d801e6baf979b9fa5b090e45127f54adfdcf287f11c4e7e8c047db0b82f9523f0c2f94cd4ca36d11ce00e19eeedd4393a33a41dfaa6107e158c8777777261ec3f1edb401a158b9151804f06f75f435f1c6b36dfde505331edf97f28e97f1a01fac6276ea948c44ec14dc23a3280101e94faad702365c41d6956f2afd92f43cb72ca0915c79e6ca257f0e83f81f618f63fdf35e2d90407ab6df0d10ad4fbf76a20779cc198bbff50af766ecfb401706eb73fd102d636d54577a532f83c8a2f0d25f63690fb63c9fd7742c93134185ab49940f345391e24a4eed4828b92357b6fedb48c8fc000293592397cb1484c411de63660bd60fcd106f416315328381c848d66e233488ce8d75364b9a7f86ffd9768c2b89df2d9b08b86b5614c17677206f0067e437d1783a62dd7fc46758e3d93548558202d815c6231e6d929a89a9050a428510197d583120a6688b6694a81b719c5922dd921f658e95b88688ff2497cc202f7d1691d21a6949e5b0a54e7301613cb999c8147a80cd6e8b0da4c0331ffe1365411d4eb2461ed2e8e9c10d517f22684c811145a64de75b3ba87634a8ddeee37bc9a4cbe14b80be00561be311728b12e20448dabf24a3c8a18e0493171f2cb60067ef1b6598ea33335c43c69968d0ff7d9bcf975e4c027d3c86eed4f6f15a6be6748aa6a535085ff1524c082c7168864a16e1d0eeaa35716dfd7edb9035c05789b491ea5d7842f6d8088320af6c6f6c8d2f88fcc42e68a211655426a8575da27040c8351b0d7498848b5cd883e010ff5cce89057eea69883399fe6c1abfb81a859f2874d6de2c8315e3f2108939320a40bfbe46a1908970c2e9116a7dcff38373141c574c19b08793fd98f853d2858b48ae9eeb89cadaa124e133aea0a21d90c186e66b819c5ece5019fc7203c6b3286534fb8e46939ee75a6050f71c2571102c4e327a0ecb55ec5bab1e6a7a9a94925169beba0ef02b28a08eee1d83312eed89dca8c52fab397ffc54a615a5006ed78d029e3b6d4c2e496e30ef37f340857180ca15b65183cb010124a650645aff4dba1404cb115c040570ae91fb7ede88e24253a2a1d5e9a1ac6e594d95e27bb9bd77a7280f3eb4f2a6266bc1362181bbd2d58ce5b59cab92853534a6e9d1e1fb6cd6c3e2ba8f59eabcc13dbea49f72bb69c848ce9b98c81df143581ec27df9132e165baee595362f8f98586783e8d21f902d75387cc426d6c50b42601133f45c2f0d5231a7600475169c65740018b2d2fd7f80801715eca84a759c4a1777d5fa6312c45f0c31a4babc60fa93a5771e1938388ea243bf7739f762c0f4f9029db1ca3309e051df8d510e62d4aa42f236bac41f680b80c4684a00e955dd512ee46de88741e11345ed19b47da124e9259313c428aa5140818c2f07332f3e40a725b8c202a21fbbf448eef6a977694f3e533e6b176eeff606a21a046b8c81b36df9e16ae68b3e51c679b2532a72ec64a50f31ba1556c28d9818e825f26a226a9ef271397e952433f1af18df1c24199ddb3c4de1d1617a97ef87a9ec0f0d35db2607f90580ba29bd45de497beec223bf083e40ace2b835fc6de83d07982b8916e0484e9ccfa671fcab2cd8e83a5f7908789196cc7fd5874cb4d49cf9a1f93e07f039b22fbc08860ef17f74dbe473f854d73ff070023b4935ea5e27d090531b2cdeb91859e7f6c553e448f80ce0842b72c9061134de4f512c6b8004f50c0bdd0e1587c20372ae43855b9f196ee21cf48e033c753f6f6dbd72bf94bb69de6a2328afe8cb88f9142897d41063796784165a661835d510351c2e775a253aa1c7e1e3e9d2f58fc4c618eee631caba93499a04e49cd77b478f505e0cffe9beb7d088816503d6ceccb3922fc9b6624666e19225ab24640203845b75c7cca02a03b2848df8ca7a07f5e62c9bf3f39d2a9aa108b4a9aeea4b69235bffa6f77ab7d52c58062ab1fbc8540ab774b1508e53736951aa98ac1b1429a55c0ea83da21e1cd1494afa63fe7d90529016a69f816e3750addd7abb938a788a942ec70f60c8240346664dea6e16cbb120ee6c09edc02907d6f3feee5935df2073997abb0e035f40956f6725252e870ff6b120d0a6a16a801be5b0f8854183f2c56971f3e99efb2c346c63fdaf87f3be79ef176a511c64620faa46c9210407ab67e81f1e07d64a6c8d28e827e278def086ebabd868980f4c0ae42aa4a704f7d056dd573032a41070aab8e952756ecd28a2a64b16b4675fdcb9be2488d7ff692e0413bbe8cd95659522395b63f666a413405fcea6c359917d01c2d127258166d5dc333e0df7f8a71c6476ae9b19d0c697752279594aa52ac1810d156c7c112f16985f9d998680bda5c3f09d19d589b94de95dadb11cce42367f14774845dfdf0aea7f9e508b907b7d2bc3d573b114449247e9fd108b5f8a57b25e948e9740df01ad8ec6a91175ebb21ec73c3d7b28dc411d1eb653a34862c8591df0fde195041e5cab85cdda48aaa8880c2f7328314a19f1b6d8e6dfde12f3711bac547da1b34ce4544d4f4af16f7f9eee535f1318fadd0f5c21071af85a65df563f095cb0b8302ce27bb0dd74a3ec4a206bfcb819b33b65a27c709f14c104febdf56e81e4dc7a9b624af68082d173056996e001d11391b5e8341f6235298bef9851914906abb041c7a9e3e165117350fba5c6b6fa578fc4c264f8c89b42412149038606516026f582126317f285b352f610fc2b48c4b1466215ffefed625fdb7f15011be91e04c3b12a5ddb1080d6b467eef1404bc60ba6ee733b7b26317421d572bfbf1a379091eed177c8508be26ded009056eb5b96766edf550c94df4d5ca763575194de385fb55c6861c019ac034371ff6b71f79424f34b173c1199487602b7b30d90cbee38c8c649bef3d16959cef60a7b3952d43b506e2b0f63f946639dccbc84e2397e668a073f1a6a38ffc5467b5437e3c0bee15dc3125237f4bfd20b18f13e3c0c7894e7a6661f9a41057162ab94e675a34669b2cc9c12e4f4e12d4c22b7e4198c7b89d4f63be5aca1b6b4d7b0440a180722abed90128bf0a12c678ba04ccbaedaae6d2bf297acd91bfd0a1a9b88e4c38a02cd3098c6da67cf3f61777ef8fb9466c8d4f25ae3954582848926d30b67b00c5e548267eda77c9d8299859f1482b711a24ed4ec7b24123295ead0609c9085a1bcb30b382c2cf3121cff83498ca175f1f3e603f865d5ca3a933df9c148e10ae2c7960d766926a3f698b08a9bc7cf4a8cd213c343c6a7a78ec51c5b7678c7423303c835d94199395b93b7fe4d9d4b4a4b0062f2097fa0eb26180dafcb47d56133569d2cddba777d32920dc6446cf94c021d5a772b9d5afcd08ccbf18e31327855fe2f7dce7644328dc2111db72946a9c2979aa6f2079d725483cf709b45d0eee68bc7aaec11244012811ce3e11cf4c2583415179e6d872fdcfb4cd37858567eda3040e99c91bc6dee0aaaff792d6db14e256508372959abead4a8f85780ca0f362ca10911bd18ced1722ceab81c1203704e160e764942c8ffee8e3f5c460eda36e664a3dda506766363eeee5676fdf0aca73ed57e401ea2a67503007f74d5662748560c03d853481a061242fadd21ff0fa678b05b5189a77aaaf0af7bdc03854623b086feceece91ba0aa9f1b25830ee2c4e2a9ad91a2252bc970c88ea478a6d0b16f42570604802872cf70f71ceca399830be9853f7a911935e58fb5bfeee0d03710959e57bef445468f83a48bd1fe668eb6f5b78d7a259be78117183252a98dfde7f8d2017b86c8c8119c3d10380a5d4d05dee9f68b6d4fe7c7983818f0c5714981d839f0a58befaef665c4a69452f77f17f74fbc3c0d635f6d56946fa30107a7e831a44a0e4e8d0810cbb03b9a468ab001a744f769ca758649dd2ec23419361c2bb610f239f3f5577a2e7c27e4e9789402674b7a8e12636d7e8a774b4a77f369d7d7ac48b7edd207ec81f96b194c3f0c4aa0ef992dd5cca32ce55e629d2e5d6428d09e02ce173a04308fb3fe8325278508acf222d12f7f06711b2babab34cb95d02ac5da84c4321b4cca55201a7a9ac6c567a82cc04f23667c80c9e827cf6b3f808252bbd36129d9c0714784fa6bc2f3fa646c35ff3dc9519205fc7bde05023eb4904750c6c5b943d5dea4638cadb9e0fff17872fc919ec667ecd402716b50ea79d3896163be0f5dbe0bf5315502e2cbb0ad7584fd7618ab9084a6f72eea5126fce66d93eec9cf847d247fdb196598924eea4931cc62c25c88ac01811a80d2526aedb879478c4b926a3afa23848c5d4b33ca23982206ef422ae286c296cf29c97daf0907e86c2d0e5cf7a7d50c88ad68721ef0f5e4a2b28b003402c37a4f78e0155c6e0857ff57f99de50160760d6c73629f19d0cbce05c8438cd5c2d8ca0b9c38d652089944836df4d782199c47dbfa7b4e7ae47d3b39452bbc4f2a9641b2e0c2c93ffb74ea4535a9675debd72775e3efebd3ec635e1c2a793c5d5b0a409f837af923591f1ade63e0ad2b8f8ab0c9e4d86231f975e29f3a1c64731d0a5d5f192346f78cf325146e476f09c0b61aee6cd40f1303f28cf3e4ed63bbe4223539f3614ef5248932cc982f451078f59569181ca463d7b98ab1409b9566d2749763809b10ebc4c8852ae3e8b5cc399b77ddd83144d443e69764032aa243fae905c5df236dbac92401a5e5a7ff891b259e3e31b0cd5b45055bcb9a64f1574ae6042085aa1658ff3471bad346b07fad19f4ff7a875a53d7c2dd8591d6bca74589ac299829739143d4b1257ff6cfa4baac515e0e038450d02afca201f86c22cc919fb1b3c2179732c25f3325d725275876d54dfd91a2626dd1418d721b07d9eb1a348b9eb48deea203ad524cba2d3ad07031c598307d2c04789e215f7f0c58d6c446569a1fae3cc6bdb80ddc0461948d97a5242480db73c7cc168b90ef01472190114a7eef26bae6752c56b45624e8b65ff5292467cd84f46252946e9e2bb0ee8df7c42da854053aad62de871f3008e3702e8853720393e866675b92d0ccc84da4ec5247bbcab64801e5e5221f2fe3a8fddbd1867ca8f2a83f3cad366a4ee6b80586b52b282e614a0ed4d048ced4cc60b07ea66f6fe358256206ce437f58419a3dec575a584fd39b540e7fefccc0e03bc1d6f76d524d1bb35ab3f350627d924b79c61adbbd1c8c394c480b0ef990412f454ef833c2c30d7bd584da3359e9f89197efb55359ffbaca6d293b1b672c684ff886a7fe3dde6eaa701975a5c98ff0039a7bde0e7e8285b5490c0c16370125e52ea030c1e89a82b9f1f70d3998439c2acf4a95e6edb0d6e8a2115c34f83cfd2e5905f53a5ac3132e348146dff0a38ff2f6ef78a42d9b16a41f30b6750bc9ab4baf47ecac8fea5d8b1d3c9ceafb925d0340df47bbaa7980970d8ac592f1da8d7e5883592646ceceb8c4f5cac285db0405de27df32d571dd8beafbc4dc8b7ac7dc4d6e9ec1df9bf61ac4c0156bde25a74108140f31805bb820aa9cfab7093b91dd020bc488af3c93ba32c811aa9210bbd93197a62ad", 0x1000}, {&(0x7f0000003040)="fb4f0a9ab4ffb98b7d9b807dba91851918517d26ff040eb273365c4925a2bb241fd905820f3d9970296975a3cbdadc77da7e2cb01d80e61e1fc222ed161df22336b95996c657e4a9c54f889e182cf62a0b1eb0df48259cdc774d05402e97fcd5519251", 0x63}, {&(0x7f00000030c0)="f9c02f01d482799502ea82a3f83673cc2280752d4a4b9b8397516db96cdf10d2b83f034cc87b921499f9f323090358164907f81f5e1fc4acca10b432b08914c801fe4b864f3c8871e415cad991ba49448fc1d9fa2f2385d01b533d52bba20f77e8163faf75c36f05a763fde7f5a63083c6945d4119c4725d4c6a38da34734abd709177f8077714514341e88062fcb83c18936c9644370435574959017ea30da75b9a9a5031e22c3cdc5456c623713fa36a39e3e8ee33ffa1a5260665550a144ccb1aba5e9d53485a2412458cbd3d7894573c4feede1b28c81492b7c17d297c2b83a33c8e39f712e7d827cf", 0xeb}], 0x6}}], 0x3, 0x4000) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000010000000000f06fd6f400005deca2c94acb507247cc3684d1523426a976f37950451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000008880)={0x1, &(0x7f0000005fc0)=[{0x7, 0x7, 0x20, 0x8}]}, 0x10) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) clock_gettime(0x0, &(0x7f0000009200)={0x0, 0x0}) clock_settime(0x0, &(0x7f0000009240)={r5, r6+30000000}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) recvmmsg(0xffffffffffffffff, &(0x7f0000008a80)=[{{&(0x7f0000003300)=@nfc, 0x80, &(0x7f0000000300)=[{&(0x7f0000003380)=""/192, 0xc0}, {&(0x7f0000003440)=""/169, 0xa9}], 0x2}, 0x6}, {{&(0x7f0000003500)=@generic, 0x80, &(0x7f0000003680)=[{&(0x7f0000003580)=""/148, 0x94}, {&(0x7f00000005c0)=""/30, 0x1e}, {&(0x7f0000003640)=""/6, 0x6}], 0x3}, 0x4}, {{&(0x7f00000036c0)=@sco, 0x80, &(0x7f0000003a00)=[{&(0x7f0000003740)=""/198, 0xc6}, {&(0x7f0000003840)}, {&(0x7f0000003880)=""/142, 0x8e}, {&(0x7f0000003940)=""/164, 0xa4}], 0x4}, 0x4}, {{&(0x7f0000003a40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000003dc0)=[{&(0x7f0000003ac0)=""/221, 0xdd}, {&(0x7f0000003bc0)=""/77, 0x4d}, {&(0x7f0000003c40)=""/9, 0x9}, {&(0x7f0000003c80)=""/96, 0x60}, {&(0x7f0000003d00)=""/152, 0x98}], 0x5, &(0x7f0000003e40)=""/222, 0xde}, 0x5}, {{&(0x7f0000003f40)=@tipc, 0x80, &(0x7f0000004040)=[{&(0x7f0000003fc0)=""/11, 0xb}, {&(0x7f0000004000)=""/21, 0x15}], 0x2, &(0x7f0000004080)=""/210, 0xd2}, 0x3}, {{&(0x7f0000004180), 0x80, &(0x7f0000004680)=[{&(0x7f0000004200)=""/241, 0xf1}, {&(0x7f0000004300)=""/193, 0xc1}, {&(0x7f0000004400)=""/218, 0xda}, {&(0x7f0000004500)=""/201, 0xc9}, {&(0x7f0000004600)=""/82, 0x52}], 0x5, &(0x7f0000004700)=""/238, 0xee}, 0x2}, {{&(0x7f0000004800)=@tipc=@name, 0x80, &(0x7f0000004c00)=[{&(0x7f0000004880)=""/143, 0x8f}, {&(0x7f0000004940)=""/193, 0xc1}, {&(0x7f0000004a40)=""/142, 0x8e}, {&(0x7f0000004b00)=""/205, 0xcd}], 0x4, &(0x7f0000004c40)=""/183, 0xb7}, 0x6}, {{0x0, 0x0, &(0x7f0000007000)=[{&(0x7f0000004d00)=""/161, 0xa1}, {&(0x7f0000004dc0)=""/242, 0xf2}, {&(0x7f0000004ec0)=""/57, 0x39}, {&(0x7f0000004f00)=""/54, 0x36}, {&(0x7f0000004f40)=""/36, 0x24}, {&(0x7f0000004f80)=""/4096, 0x1000}, {&(0x7f0000005f80)=""/22, 0x16}, {&(0x7f0000005fc0)}, {&(0x7f0000006000)=""/4096, 0x1000}], 0x9, &(0x7f00000070c0)=""/16, 0x10}}, {{&(0x7f0000007100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @empty}}, 0x80, &(0x7f0000007280)=[{&(0x7f0000007180)=""/217, 0xd9}], 0x1, &(0x7f00000072c0)=""/4096, 0x1000}, 0x5}, {{&(0x7f00000082c0)=@rc, 0x80, &(0x7f00000088c0)=[{&(0x7f0000008340)=""/251, 0xfb}, {&(0x7f0000008440)=""/153, 0x99}, {&(0x7f0000008500)=""/118, 0x76}, {&(0x7f0000008580)=""/147, 0x93}, {&(0x7f0000008640)=""/162, 0xa2}, {&(0x7f0000008700)=""/69, 0x45}, {&(0x7f0000008780)=""/103, 0x67}, {&(0x7f0000008800)=""/93, 0x5d}, {&(0x7f0000008880)}], 0x9, &(0x7f0000008980)=""/227, 0xe3}, 0x7}], 0xa, 0x122, &(0x7f0000008d00)={0x77359400}) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000008dc0)=@security={'security\x00', 0xe, 0x4, 0x3a8, 0x0, 0x0, 0xc0, 0x1b8, 0x0, 0x310, 0x310, 0x310, 0x310, 0x310, 0x4, &(0x7f0000003840), {[{{@uncond, 0x0, 0x98, 0xc0}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x2, 0x7}, {0x1f, 0x3, 0x8}}}}, {{@uncond, 0x0, 0x98, 0xf8}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x11, [0x1e, 0x732, 0xfbde, 0x8, 0xffffff7f, 0x3], 0x80, 0x80}, {0x2, [0x3, 0xfffffff6, 0x9, 0x7ff8000, 0x7, 0x6], 0x4d, 0x6}}}}, {{@ip={@loopback, @empty, 0xffffffff, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00', {0x1fe}, {}, 0x84, 0x2, 0x8}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x0, [0x3, 0xfffffe01, 0xfffffff9, 0x66bcdbc8, 0x1, 0x7f], 0x80, 0x8}}}, @common=@socket0={0x20, 'socket\x00'}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="279c56cd308b", 0x2, 0xc, [0x1e, 0x11, 0x1b, 0x30, 0x28, 0x24, 0x2d, 0x12, 0x13, 0x13, 0x35, 0x1a, 0x36, 0x40, 0x1a, 0x12], 0x1, 0x5, 0x8}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x408) bind(r4, &(0x7f0000008d40)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x4e22, @broadcast}, 0x3, 0x2, 0x2, 0x4}}, 0x80) 11:43:10 executing program 3 (fault-call:15 fault-nth:0): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:43:10 executing program 5 (fault-call:2 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 11:43:10 executing program 1 (fault-call:11 fault-nth:1): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1451.413536] FAULT_INJECTION: forcing a failure. [ 1451.413536] name failslab, interval 1, probability 0, space 0, times 0 [ 1451.423539] FAULT_INJECTION: forcing a failure. [ 1451.423539] name failslab, interval 1, probability 0, space 0, times 0 [ 1451.427072] CPU: 0 PID: 6554 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1451.442912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1451.452266] Call Trace: [ 1451.454853] dump_stack+0x138/0x197 [ 1451.458479] should_fail.cold+0x10f/0x159 [ 1451.462628] should_failslab+0xdb/0x130 [ 1451.466600] kmem_cache_alloc_node_trace+0x280/0x770 [ 1451.471699] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1451.477165] __kmalloc_node_track_caller+0x3d/0x80 [ 1451.482090] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1451.486759] __alloc_skb+0xcf/0x500 [ 1451.490384] ? skb_scrub_packet+0x4b0/0x4b0 [ 1451.494705] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1451.498928] FAULT_INJECTION: forcing a failure. [ 1451.498928] name failslab, interval 1, probability 0, space 0, times 0 [ 1451.499458] alloc_skb_with_frags+0x86/0x4b0 [ 1451.515022] ? retint_kernel+0x2d/0x2d [ 1451.518909] sock_alloc_send_pskb+0x5db/0x740 [ 1451.523399] ? iov_iter_advance+0x218/0xc60 [ 1451.527714] ? sock_wmalloc+0xf0/0xf0 [ 1451.531506] ? _copy_from_iter_full+0x1c6/0x6c0 [ 1451.536192] packet_sendmsg+0x16c4/0x5a70 [ 1451.540340] ? avc_has_perm_noaudit+0x420/0x420 [ 1451.545003] ? save_trace+0x290/0x290 [ 1451.548808] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 1451.553737] ? __fget+0x210/0x370 [ 1451.557196] ? packet_notifier+0x760/0x760 [ 1451.561425] ? check_preemption_disabled+0x3c/0x250 [ 1451.566432] ? packet_notifier+0x760/0x760 [ 1451.570666] ? packet_notifier+0x760/0x760 [ 1451.574893] sock_sendmsg+0xce/0x110 [ 1451.578603] SYSC_sendto+0x206/0x310 [ 1451.582308] ? SYSC_connect+0x2d0/0x2d0 [ 1451.586279] ? lock_downgrade+0x740/0x740 [ 1451.590434] ? wait_for_completion+0x420/0x420 [ 1451.595004] ? __sb_end_write+0xc1/0x100 [ 1451.599057] ? fput+0xd4/0x150 [ 1451.602239] ? SyS_write+0x15e/0x230 [ 1451.605946] SyS_sendto+0x40/0x50 [ 1451.609389] ? SyS_getpeername+0x30/0x30 [ 1451.613442] do_syscall_64+0x1e8/0x640 [ 1451.617319] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1451.622158] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1451.627338] RIP: 0033:0x459f49 [ 1451.630528] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1451.638234] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1451.645499] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1451.652761] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1451.660024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1451.667287] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1451.674569] CPU: 1 PID: 6560 Comm: syz-executor.3 Not tainted 4.14.151 #0 [ 1451.681508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1451.690855] Call Trace: [ 1451.690872] dump_stack+0x138/0x197 [ 1451.690891] should_fail.cold+0x10f/0x159 [ 1451.690908] should_failslab+0xdb/0x130 [ 1451.690920] __kmalloc+0x2f0/0x7a0 [ 1451.690936] ? __lock_acquire+0x5f7/0x4620 [ 1451.690947] ? rw_copy_check_uvector+0x1d8/0x290 [ 1451.690964] rw_copy_check_uvector+0x1d8/0x290 [ 1451.697164] import_iovec+0xa2/0x370 [ 1451.697179] ? dup_iter+0x260/0x260 [ 1451.697188] ? save_trace+0x290/0x290 [ 1451.697204] vfs_readv+0xb3/0x130 [ 1451.697217] ? compat_rw_copy_check_uvector+0x310/0x310 [ 1451.697233] ? lock_downgrade+0x740/0x740 [ 1451.697251] ? __fget+0x237/0x370 [ 1451.697267] ? __fget_light+0x172/0x1f0 [ 1451.697281] do_preadv+0x15d/0x200 [ 1451.697293] ? do_readv+0x2d0/0x2d0 [ 1451.705387] ? SyS_writev+0x30/0x30 [ 1451.705401] SyS_preadv+0x31/0x40 [ 1451.705416] do_syscall_64+0x1e8/0x640 [ 1451.705424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1451.705441] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1451.705450] RIP: 0033:0x459f49 [ 1451.705456] RSP: 002b:00007fee0baadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1451.705467] RAX: ffffffffffffffda RBX: 00007fee0baadc90 RCX: 0000000000459f49 [ 1451.705475] RDX: 0000000000000331 RSI: 00000000200017c0 RDI: 0000000000000005 [ 1451.709803] FAULT_INJECTION: forcing a failure. [ 1451.709803] name failslab, interval 1, probability 0, space 0, times 0 [ 1451.713215] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1451.713221] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee0baae6d4 [ 1451.713226] R13: 00000000004c76a3 R14: 00000000004dd2a0 R15: 0000000000000006 [ 1451.721934] CPU: 1 PID: 6553 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1451.847336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1451.856678] Call Trace: [ 1451.859263] dump_stack+0x138/0x197 [ 1451.862887] should_fail.cold+0x10f/0x159 [ 1451.867029] should_failslab+0xdb/0x130 [ 1451.871002] kmem_cache_alloc_trace+0x2e9/0x790 [ 1451.875675] hci_alloc_dev+0x43/0x1c60 [ 1451.879561] hci_uart_tty_ioctl+0x27e/0xa20 [ 1451.883880] tty_ioctl+0x8f7/0x1320 [ 1451.887501] ? hci_uart_tty_poll+0x10/0x10 [ 1451.891729] ? tty_vhangup+0x30/0x30 [ 1451.895446] ? __might_sleep+0x93/0xb0 [ 1451.899329] ? __fget+0x210/0x370 [ 1451.902783] ? tty_vhangup+0x30/0x30 [ 1451.906487] do_vfs_ioctl+0x7ae/0x1060 [ 1451.910370] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1451.915116] ? lock_downgrade+0x740/0x740 [ 1451.919256] ? ioctl_preallocate+0x1c0/0x1c0 [ 1451.923657] ? __fget+0x237/0x370 [ 1451.927110] ? security_file_ioctl+0x89/0xb0 [ 1451.931515] SyS_ioctl+0x8f/0xc0 [ 1451.934873] ? do_vfs_ioctl+0x1060/0x1060 [ 1451.939018] do_syscall_64+0x1e8/0x640 [ 1451.942896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1451.947740] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1451.952921] RIP: 0033:0x459f49 [ 1451.956101] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1451.963800] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1451.971059] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1451.978413] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1451.985673] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1451.992933] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1452.000214] CPU: 0 PID: 6561 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1452.007149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.011300] Bluetooth: Can't allocate HCI device [ 1452.016494] Call Trace: [ 1452.016510] dump_stack+0x138/0x197 [ 1452.016529] should_fail.cold+0x10f/0x159 [ 1452.016546] should_failslab+0xdb/0x130 [ 1452.035570] kmem_cache_alloc_node_trace+0x280/0x770 [ 1452.040668] ? mark_held_locks+0xb1/0x100 [ 1452.044809] __kmalloc_node_track_caller+0x3d/0x80 [ 1452.049726] ? led_trigger_unregister+0x2e0/0x2e0 [ 1452.054554] __devres_alloc_node+0x39/0x120 [ 1452.058864] devm_led_trigger_register+0x36/0xc0 [ 1452.063607] hci_leds_init+0xe8/0x1b0 [ 1452.067392] hci_register_dev+0x2ee/0x810 [ 1452.071532] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1452.075847] tty_ioctl+0x8f7/0x1320 [ 1452.079454] ? hci_uart_tty_poll+0x10/0x10 [ 1452.083674] ? tty_vhangup+0x30/0x30 [ 1452.087378] ? __might_sleep+0x93/0xb0 [ 1452.091244] ? __fget+0x210/0x370 [ 1452.094687] ? tty_vhangup+0x30/0x30 [ 1452.098385] do_vfs_ioctl+0x7ae/0x1060 [ 1452.102257] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1452.106995] ? lock_downgrade+0x740/0x740 [ 1452.111125] ? ioctl_preallocate+0x1c0/0x1c0 [ 1452.115517] ? __fget+0x237/0x370 [ 1452.118960] ? security_file_ioctl+0x89/0xb0 [ 1452.123357] SyS_ioctl+0x8f/0xc0 [ 1452.126704] ? do_vfs_ioctl+0x1060/0x1060 [ 1452.130852] do_syscall_64+0x1e8/0x640 [ 1452.134733] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1452.139567] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1452.144743] RIP: 0033:0x459f49 [ 1452.147927] RSP: 002b:00007fd353c48c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.155618] RAX: ffffffffffffffda RBX: 00007fd353c48c90 RCX: 0000000000459f49 [ 1452.162883] RDX: 0010000400000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1452.170134] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1452.177386] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd353c496d4 [ 1452.184640] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:43:10 executing program 3 (fault-call:15 fault-nth:1): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:43:10 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4068aea3, &(0x7f0000000000)={0x7b, 0x0, [0x74d95283, 0xbd, 0x0, 0x81]}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000240)=ANY=[@ANYBLOB="00000000000800000000000000000600", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcca17c0bfc9e50bae2feb0b5f82ec973500000000"], 0x80}}, 0x0) 11:43:10 executing program 1 (fault-call:11 fault-nth:2): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:43:10 executing program 5 (fault-call:2 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 11:43:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e23, 0x6, @loopback, 0x10001}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x17}, 0x2}], 0x58) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000080)={0x3, 0x800, 0x0, {0x77359400}, {r3, r4/1000+30000}, {}, 0x1, @canfd={{0x2, 0x1, 0x1, 0x1}, 0x10, 0x1, 0x0, 0x0, "8d4b34a36fdc7c609ffbedf248fff54b244bd30cf75d5e6852a9a88a604f5dc7e6a1016c54091407dadc5f7fc2c700417c9c9fa4986079b0e8a00cb461d740ba"}}, 0x80}}, 0x0) [ 1452.306808] FAULT_INJECTION: forcing a failure. [ 1452.306808] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1452.318647] CPU: 1 PID: 6574 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1452.325577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.334936] Call Trace: [ 1452.337537] dump_stack+0x138/0x197 [ 1452.341173] should_fail.cold+0x10f/0x159 [ 1452.341189] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1452.341204] ? __alloc_pages_slowpath+0x2930/0x2930 11:43:10 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000000000080000002000000000000013c536eeb7dcbc6d9bdce137ad1ded1716038607db1514d18e0625bee3a9b032d0475c341744ed88fb5d9763d4352d33d2a956814e08438f2aed96d93172f00dbc87e166aa973580e605f0214f63c1b5b44989be31", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000030000000000005deca2c94acb50724774d184d15234260129384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce38681684a168e08"], 0x80}}, 0x0) [ 1452.350009] cache_grow_begin+0x80/0x400 [ 1452.359055] kmem_cache_alloc_trace+0x6b2/0x790 [ 1452.363739] hci_alloc_dev+0x43/0x1c60 [ 1452.367634] hci_uart_tty_ioctl+0x27e/0xa20 [ 1452.371963] tty_ioctl+0x8f7/0x1320 [ 1452.375593] ? hci_uart_tty_poll+0x10/0x10 [ 1452.379834] ? tty_vhangup+0x30/0x30 [ 1452.383558] ? __might_sleep+0x93/0xb0 [ 1452.387439] ? __fget+0x210/0x370 [ 1452.390901] ? tty_vhangup+0x30/0x30 [ 1452.394612] do_vfs_ioctl+0x7ae/0x1060 [ 1452.398514] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1452.403284] ? lock_downgrade+0x740/0x740 [ 1452.407430] ? ioctl_preallocate+0x1c0/0x1c0 [ 1452.407442] ? __fget+0x237/0x370 [ 1452.407459] ? security_file_ioctl+0x89/0xb0 [ 1452.419686] SyS_ioctl+0x8f/0xc0 [ 1452.423052] ? do_vfs_ioctl+0x1060/0x1060 [ 1452.423068] do_syscall_64+0x1e8/0x640 [ 1452.423078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1452.423095] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1452.423104] RIP: 0033:0x459f49 [ 1452.423110] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.423122] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1452.423128] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1452.423134] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1452.423140] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1452.423146] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1452.492896] FAULT_INJECTION: forcing a failure. [ 1452.492896] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1452.504718] CPU: 1 PID: 6583 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1452.511649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.520999] Call Trace: [ 1452.521019] dump_stack+0x138/0x197 [ 1452.521039] should_fail.cold+0x10f/0x159 [ 1452.521056] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1452.521067] ? fs_reclaim_acquire+0x20/0x20 [ 1452.521082] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1452.521105] cache_grow_begin+0x80/0x400 [ 1452.521121] kmem_cache_alloc_node_trace+0x697/0x770 [ 1452.521141] __kmalloc_node_track_caller+0x3d/0x80 [ 1452.521155] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1452.527349] __alloc_skb+0xcf/0x500 [ 1452.527362] ? skb_scrub_packet+0x4b0/0x4b0 [ 1452.527378] alloc_skb_with_frags+0x86/0x4b0 [ 1452.536165] ? __might_fault+0x110/0x1d0 [ 1452.536179] ? find_held_lock+0x35/0x130 [ 1452.536195] sock_alloc_send_pskb+0x5db/0x740 [ 1452.536210] ? iov_iter_advance+0x218/0xc60 [ 1452.536226] ? sock_wmalloc+0xf0/0xf0 [ 1452.536238] ? _copy_from_iter_full+0x1c6/0x6c0 [ 1452.536261] packet_sendmsg+0x16c4/0x5a70 [ 1452.545558] ? avc_has_perm_noaudit+0x420/0x420 [ 1452.545574] ? save_trace+0x290/0x290 [ 1452.545583] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 1452.545596] ? __fget+0x210/0x370 [ 1452.545621] ? packet_notifier+0x760/0x760 [ 1452.545642] ? selinux_socket_sendmsg+0x36/0x40 [ 1452.554774] ? security_socket_sendmsg+0x89/0xb0 [ 1452.554787] ? packet_notifier+0x760/0x760 [ 1452.554798] sock_sendmsg+0xce/0x110 [ 1452.554809] SYSC_sendto+0x206/0x310 [ 1452.554819] ? SYSC_connect+0x2d0/0x2d0 [ 1452.554832] ? lock_downgrade+0x740/0x740 [ 1452.554857] ? wait_for_completion+0x420/0x420 [ 1452.554868] ? __sb_end_write+0xc1/0x100 [ 1452.554881] ? fput+0xd4/0x150 [ 1452.554892] ? SyS_write+0x15e/0x230 [ 1452.564730] Bluetooth: hci2: Frame reassembly failed (-84) [ 1452.568089] SyS_sendto+0x40/0x50 [ 1452.568099] ? SyS_getpeername+0x30/0x30 [ 1452.568114] do_syscall_64+0x1e8/0x640 [ 1452.568123] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1452.568141] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1452.568149] RIP: 0033:0x459f49 [ 1452.568154] RSP: 002b:00007fd07cd4cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1452.709536] RAX: ffffffffffffffda RBX: 00007fd07cd4cc90 RCX: 0000000000459f49 [ 1452.716789] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1452.724039] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1452.731289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd4d6d4 [ 1452.738551] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1452.799219] FAULT_INJECTION: forcing a failure. [ 1452.799219] name failslab, interval 1, probability 0, space 0, times 0 [ 1452.810647] CPU: 1 PID: 6589 Comm: syz-executor.3 Not tainted 4.14.151 #0 [ 1452.817571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.826919] Call Trace: [ 1452.829522] dump_stack+0x138/0x197 [ 1452.833165] should_fail.cold+0x10f/0x159 [ 1452.837312] should_failslab+0xdb/0x130 [ 1452.841275] kmem_cache_alloc_node_trace+0x280/0x770 [ 1452.846377] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1452.851120] __kmalloc_node+0x3d/0x80 [ 1452.854902] kvmalloc_node+0x4e/0xe0 [ 1452.858612] seq_read+0x916/0x1280 [ 1452.862137] ? __fsnotify_parent+0xbc/0x330 [ 1452.866464] ? __inode_security_revalidate+0xd6/0x130 [ 1452.871643] ? seq_lseek+0x3c0/0x3c0 [ 1452.875347] ? avc_policy_seqno+0x9/0x20 [ 1452.879400] ? selinux_file_permission+0x85/0x480 [ 1452.884242] proc_reg_read+0xfa/0x170 [ 1452.888026] ? seq_lseek+0x3c0/0x3c0 [ 1452.891723] do_iter_read+0x3e2/0x5b0 [ 1452.895515] vfs_readv+0xd3/0x130 [ 1452.898952] ? compat_rw_copy_check_uvector+0x310/0x310 [ 1452.904304] ? __fget+0x237/0x370 [ 1452.907741] ? __fget_light+0x172/0x1f0 [ 1452.911700] do_preadv+0x15d/0x200 [ 1452.915230] ? do_readv+0x2d0/0x2d0 [ 1452.918858] ? SyS_writev+0x30/0x30 [ 1452.922467] SyS_preadv+0x31/0x40 [ 1452.925900] do_syscall_64+0x1e8/0x640 [ 1452.929774] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1452.934602] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1452.939771] RIP: 0033:0x459f49 [ 1452.942946] RSP: 002b:00007fee0ba8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1452.950639] RAX: ffffffffffffffda RBX: 00007fee0ba8cc90 RCX: 0000000000459f49 [ 1452.957898] RDX: 0000000000000331 RSI: 00000000200017c0 RDI: 0000000000000007 [ 1452.965164] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 1452.972416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee0ba8d6d4 [ 1452.979668] R13: 00000000004c76a3 R14: 00000000004dd2a0 R15: 0000000000000008 [ 1453.210407] Bluetooth: hci0 command 0x1001 tx timeout [ 1453.215802] Bluetooth: hci0 sending frame failed (-49) [ 1454.250328] Bluetooth: hci1 command 0x1003 tx timeout [ 1454.255692] Bluetooth: hci1 sending frame failed (-49) [ 1454.560141] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1454.566885] Bluetooth: hci2 command tx timeout [ 1454.800188] net_ratelimit: 18 callbacks suppressed [ 1454.805168] protocol 88fb is buggy, dev hsr_slave_0 [ 1454.810275] protocol 88fb is buggy, dev hsr_slave_1 [ 1454.815371] protocol 88fb is buggy, dev hsr_slave_0 [ 1454.820417] protocol 88fb is buggy, dev hsr_slave_1 [ 1455.040177] protocol 88fb is buggy, dev hsr_slave_0 [ 1455.045273] protocol 88fb is buggy, dev hsr_slave_1 [ 1455.280207] protocol 88fb is buggy, dev hsr_slave_0 [ 1455.280211] Bluetooth: hci0 command 0x1009 tx timeout [ 1455.290544] protocol 88fb is buggy, dev hsr_slave_1 [ 1456.320183] Bluetooth: hci1 command 0x1001 tx timeout [ 1456.320234] protocol 88fb is buggy, dev hsr_slave_0 [ 1456.325470] Bluetooth: hci1 sending frame failed (-49) [ 1456.330470] protocol 88fb is buggy, dev hsr_slave_1 [ 1458.400146] Bluetooth: hci1 command 0x1009 tx timeout 11:43:17 executing program 2 (fault-call:2 fault-nth:54): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1459.715846] FAULT_INJECTION: forcing a failure. [ 1459.715846] name failslab, interval 1, probability 0, space 0, times 0 [ 1459.727284] CPU: 1 PID: 6595 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1459.734220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1459.743568] Call Trace: [ 1459.746147] dump_stack+0x138/0x197 [ 1459.749814] should_fail.cold+0x10f/0x159 [ 1459.753951] should_failslab+0xdb/0x130 [ 1459.757909] kmem_cache_alloc+0x2d7/0x780 [ 1459.762043] ? find_held_lock+0x35/0x130 [ 1459.766087] ? sysfs_do_create_link_sd.isra.0+0x82/0x120 [ 1459.771521] __kernfs_new_node+0x70/0x420 [ 1459.775652] kernfs_new_node+0x80/0xf0 [ 1459.779537] kernfs_create_link+0x2c/0x170 [ 1459.783759] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1459.789018] sysfs_create_link+0x65/0xc0 [ 1459.793066] device_add+0x447/0x1490 [ 1459.796780] ? device_private_init+0x190/0x190 [ 1459.801358] rfkill_register+0x19c/0xb20 [ 1459.805426] hci_register_dev+0x34b/0x810 [ 1459.809570] ? __raw_spin_lock_init+0x2d/0x100 [ 1459.814139] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1459.818441] tty_ioctl+0x8f7/0x1320 [ 1459.822045] ? hci_uart_tty_poll+0x10/0x10 [ 1459.826261] ? tty_vhangup+0x30/0x30 [ 1459.829979] ? __might_sleep+0x93/0xb0 [ 1459.833849] ? __fget+0x210/0x370 [ 1459.837299] ? tty_vhangup+0x30/0x30 [ 1459.841000] do_vfs_ioctl+0x7ae/0x1060 [ 1459.844873] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1459.849657] ? lock_downgrade+0x740/0x740 [ 1459.853794] ? ioctl_preallocate+0x1c0/0x1c0 [ 1459.858367] ? __fget+0x237/0x370 [ 1459.861810] ? security_file_ioctl+0x89/0xb0 [ 1459.866322] SyS_ioctl+0x8f/0xc0 [ 1459.869679] ? do_vfs_ioctl+0x1060/0x1060 [ 1459.873816] do_syscall_64+0x1e8/0x640 [ 1459.877688] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1459.882521] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1459.887707] RIP: 0033:0x459f49 [ 1459.890894] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1459.899107] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1459.906359] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1459.913610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1459.920876] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1459.928125] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1459.936475] Bluetooth: Unknown HCI packet type 5e [ 1459.945021] Bluetooth: Unknown HCI packet type 43 [ 1459.949914] Bluetooth: Unknown HCI packet type 5e [ 1459.955117] Bluetooth: Unknown HCI packet type 50 [ 1459.960101] Bluetooth: Unknown HCI packet type 5e [ 1459.965026] Bluetooth: Unknown HCI packet type 40 [ 1460.480173] net_ratelimit: 22 callbacks suppressed [ 1460.485167] protocol 88fb is buggy, dev hsr_slave_0 [ 1460.490343] protocol 88fb is buggy, dev hsr_slave_1 [ 1460.495571] protocol 88fb is buggy, dev hsr_slave_0 [ 1460.500714] protocol 88fb is buggy, dev hsr_slave_1 [ 1461.040172] protocol 88fb is buggy, dev hsr_slave_0 [ 1461.045300] protocol 88fb is buggy, dev hsr_slave_1 [ 1461.050430] protocol 88fb is buggy, dev hsr_slave_0 [ 1461.055592] protocol 88fb is buggy, dev hsr_slave_1 [ 1461.280141] protocol 88fb is buggy, dev hsr_slave_0 [ 1461.285272] protocol 88fb is buggy, dev hsr_slave_1 [ 1462.000111] Bluetooth: hci0 command 0x1003 tx timeout [ 1462.005401] Bluetooth: hci0 sending frame failed (-49) 11:43:20 executing program 0 (fault-call:2 fault-nth:48): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:43:20 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x500, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89a2, &(0x7f0000000300)={'veth1_to_team\x00', @ifru_map={0x6, 0x6, 0x4, 0x7, 0x2, 0xae}}) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000000c0)={r4, 0xb21}, 0x14) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000240)={r4, 0x3, 0xab, "ee1c8130f8a5dbda866a1e907be5f110c99e362cf1a98e8083526025c9b3c884a1c7bcfd8c67acbe6d8ced791abc016ea547f950165a7a9b07f5f79a19a065b89fdd79ddeb1c03d569c5d691bd3ae4fd80fe7455eeda94c14c701c2011794ecd0831a427cafcd2dfe80132399219be74d5b5e80098dd9b9921809969e37e3748c8075cd9825d6b516c26f2e536444486b4c2b15f101f15f556248954678e58e6ed893710210163a98111d1"}, 0xb3) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d152baf4dcda0e493426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c618d90d01347ea5d1a23d6383eb827117d9aca64c0326070832dfc02f73ce5d5ec23aef4830eb6bb6097b141c44d4e41b7447c47ed23ca275e00663d5c0a2f8a3568015576ffdbd082d9cf07da3574b25668911742cb94954d51"], 0x80}}, 0x0) 11:43:20 executing program 1 (fault-call:11 fault-nth:3): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:43:20 executing program 3 (fault-call:15 fault-nth:2): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:43:20 executing program 5 (fault-call:2 fault-nth:2): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1462.286267] FAULT_INJECTION: forcing a failure. [ 1462.286267] name failslab, interval 1, probability 0, space 0, times 0 [ 1462.288901] FAULT_INJECTION: forcing a failure. [ 1462.288901] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1462.298239] CPU: 0 PID: 6604 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1462.316855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1462.326208] Call Trace: [ 1462.328796] dump_stack+0x138/0x197 [ 1462.332427] should_fail.cold+0x10f/0x159 [ 1462.336575] should_failslab+0xdb/0x130 [ 1462.340547] kmem_cache_alloc_trace+0x2e9/0x790 [ 1462.345222] ? pm_runtime_init+0x355/0x400 [ 1462.349451] ? device_initialize+0x18d/0x430 [ 1462.353864] ag6xx_open+0x46/0x160 [ 1462.357402] hci_uart_tty_ioctl+0x668/0xa20 [ 1462.361739] tty_ioctl+0x8f7/0x1320 [ 1462.365361] ? hci_uart_tty_poll+0x10/0x10 [ 1462.369592] ? tty_vhangup+0x30/0x30 [ 1462.373321] ? __might_sleep+0x93/0xb0 [ 1462.377202] ? __fget+0x210/0x370 [ 1462.380662] ? tty_vhangup+0x30/0x30 [ 1462.384376] do_vfs_ioctl+0x7ae/0x1060 [ 1462.388267] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1462.393018] ? lock_downgrade+0x740/0x740 [ 1462.397174] ? ioctl_preallocate+0x1c0/0x1c0 [ 1462.401582] ? __fget+0x237/0x370 [ 1462.405039] ? security_file_ioctl+0x89/0xb0 [ 1462.409447] SyS_ioctl+0x8f/0xc0 [ 1462.412813] ? do_vfs_ioctl+0x1060/0x1060 [ 1462.416962] do_syscall_64+0x1e8/0x640 [ 1462.420846] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1462.425693] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1462.430878] RIP: 0033:0x459f49 [ 1462.434063] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1462.441771] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1462.449038] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1462.456302] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1462.463575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1462.470842] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1462.478230] CPU: 1 PID: 6602 Comm: syz-executor.1 Not tainted 4.14.151 #0 11:43:20 executing program 5 (fault-call:2 fault-nth:3): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1462.485163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1462.485168] Call Trace: [ 1462.485184] dump_stack+0x138/0x197 [ 1462.485204] should_fail.cold+0x10f/0x159 [ 1462.485215] ? __might_sleep+0x93/0xb0 [ 1462.485229] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1462.485242] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1462.485258] ? __alloc_skb+0x3ee/0x500 [ 1462.485272] alloc_pages_current+0xec/0x1e0 [ 1462.485284] alloc_skb_with_frags+0x179/0x4b0 [ 1462.497293] ? retint_kernel+0x2d/0x2d [ 1462.497315] sock_alloc_send_pskb+0x5db/0x740 [ 1462.497332] ? iov_iter_advance+0x218/0xc60 [ 1462.497348] ? sock_wmalloc+0xf0/0xf0 [ 1462.497361] ? _copy_from_iter_full+0x1c6/0x6c0 [ 1462.497371] ? __rcu_read_unlock+0x10b/0x170 [ 1462.497389] packet_sendmsg+0x16c4/0x5a70 [ 1462.497402] ? avc_has_perm_noaudit+0x420/0x420 [ 1462.526909] FAULT_INJECTION: forcing a failure. [ 1462.526909] name failslab, interval 1, probability 0, space 0, times 0 [ 1462.531357] ? save_trace+0x290/0x290 [ 1462.531366] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 1462.531379] ? __fget+0x210/0x370 [ 1462.589042] ? packet_notifier+0x760/0x760 [ 1462.593284] ? selinux_socket_sendmsg+0x36/0x40 [ 1462.597948] ? security_socket_sendmsg+0x89/0xb0 [ 1462.602694] ? packet_notifier+0x760/0x760 [ 1462.606922] sock_sendmsg+0xce/0x110 [ 1462.610628] SYSC_sendto+0x206/0x310 [ 1462.614334] ? SYSC_connect+0x2d0/0x2d0 [ 1462.618303] ? lock_downgrade+0x740/0x740 [ 1462.622461] ? wait_for_completion+0x420/0x420 [ 1462.627037] ? __sb_end_write+0xc1/0x100 [ 1462.631094] ? fput+0xd4/0x150 [ 1462.634281] ? SyS_write+0x15e/0x230 [ 1462.637992] SyS_sendto+0x40/0x50 [ 1462.641435] ? SyS_getpeername+0x30/0x30 [ 1462.645488] do_syscall_64+0x1e8/0x640 [ 1462.649368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1462.654209] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1462.659387] RIP: 0033:0x459f49 [ 1462.662569] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1462.670272] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1462.677542] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1462.684806] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1462.692085] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1462.699349] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1462.706639] CPU: 0 PID: 6610 Comm: syz-executor.3 Not tainted 4.14.151 #0 [ 1462.713575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1462.722930] Call Trace: [ 1462.725522] dump_stack+0x138/0x197 [ 1462.729169] should_fail.cold+0x10f/0x159 [ 1462.733326] should_failslab+0xdb/0x130 11:43:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xdcfa2b8caac494bd}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="186c60e1770021e42dd8a21829d72c66720000000800040000020000"], 0x1c}, 0x1, 0x0, 0x0, 0xa7b5a8b58a7ee043}, 0x5) write$apparmor_exec(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="027461636b202f6465762f70746d7800"], 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x10000400000001) [ 1462.737303] kmem_cache_alloc_node_trace+0x280/0x770 [ 1462.742408] ? trace_hardirqs_on+0x10/0x10 [ 1462.746652] __kmalloc_node+0x3d/0x80 [ 1462.750458] kvmalloc_node+0x4e/0xe0 [ 1462.754165] seq_read+0x916/0x1280 [ 1462.757711] ? __inode_security_revalidate+0xd6/0x130 [ 1462.762904] ? seq_lseek+0x3c0/0x3c0 [ 1462.766607] ? avc_policy_seqno+0x9/0x20 [ 1462.770667] ? selinux_file_permission+0x85/0x480 [ 1462.775578] proc_reg_read+0xfa/0x170 [ 1462.779419] ? seq_lseek+0x3c0/0x3c0 [ 1462.783128] do_iter_read+0x3e2/0x5b0 [ 1462.786919] vfs_readv+0xd3/0x130 [ 1462.790365] ? compat_rw_copy_check_uvector+0x310/0x310 [ 1462.795726] ? __fget+0x237/0x370 [ 1462.799165] ? __fget_light+0x172/0x1f0 [ 1462.803124] do_preadv+0x15d/0x200 [ 1462.806648] ? do_readv+0x2d0/0x2d0 [ 1462.810270] ? SyS_writev+0x30/0x30 [ 1462.813936] SyS_preadv+0x31/0x40 [ 1462.817375] do_syscall_64+0x1e8/0x640 [ 1462.821252] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1462.826106] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1462.831288] RIP: 0033:0x459f49 11:43:20 executing program 1 (fault-call:11 fault-nth:4): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1462.834466] RSP: 002b:00007fee0baadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1462.842156] RAX: ffffffffffffffda RBX: 00007fee0baadc90 RCX: 0000000000459f49 [ 1462.849406] RDX: 0000000000000331 RSI: 00000000200017c0 RDI: 0000000000000005 [ 1462.856656] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1462.863909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fee0baae6d4 [ 1462.871164] R13: 00000000004c76a3 R14: 00000000004dd2a0 R15: 0000000000000006 11:43:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4000000f) r1 = socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0406618, &(0x7f0000000000)={{0x3, 0x0, @identifier="86d2a8d2a0d2b511aab61d7c01e14274"}}) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r5 = dup3(0xffffffffffffffff, r2, 0x80000) bind$rds(r5, &(0x7f0000000140)={0x2, 0x4e22, @multicast1}, 0x10) [ 1462.937347] FAULT_INJECTION: forcing a failure. [ 1462.937347] name failslab, interval 1, probability 0, space 0, times 0 [ 1462.964128] CPU: 1 PID: 6617 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1462.971076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1462.971083] Call Trace: [ 1462.971101] dump_stack+0x138/0x197 [ 1462.971121] should_fail.cold+0x10f/0x159 [ 1462.971138] should_failslab+0xdb/0x130 [ 1462.971152] __kmalloc+0x2f0/0x7a0 [ 1462.971164] ? vsnprintf+0x290/0x1560 [ 1462.971178] ? __alloc_workqueue_key+0x114/0xec0 [ 1462.990853] __alloc_workqueue_key+0x114/0xec0 [ 1462.990864] ? pointer+0xb10/0xb10 [ 1462.990884] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1462.990891] ? scnprintf+0x100/0x100 [ 1462.990904] ? ida_remove+0x230/0x230 [ 1463.027554] hci_register_dev+0x1a7/0x810 [ 1463.031686] ? __raw_spin_lock_init+0x2d/0x100 [ 1463.036258] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1463.040577] tty_ioctl+0x8f7/0x1320 [ 1463.044188] ? hci_uart_tty_poll+0x10/0x10 [ 1463.048405] ? tty_vhangup+0x30/0x30 [ 1463.052165] ? __might_sleep+0x93/0xb0 [ 1463.056044] ? __fget+0x210/0x370 [ 1463.059510] ? tty_vhangup+0x30/0x30 [ 1463.063208] do_vfs_ioctl+0x7ae/0x1060 [ 1463.067089] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1463.071850] ? lock_downgrade+0x740/0x740 [ 1463.076003] ? ioctl_preallocate+0x1c0/0x1c0 [ 1463.080412] ? __fget+0x237/0x370 [ 1463.083877] ? security_file_ioctl+0x89/0xb0 [ 1463.088295] SyS_ioctl+0x8f/0xc0 [ 1463.091658] ? do_vfs_ioctl+0x1060/0x1060 [ 1463.095806] do_syscall_64+0x1e8/0x640 [ 1463.095815] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1463.095831] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1463.109717] RIP: 0033:0x459f49 [ 1463.112904] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1463.120610] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1463.127871] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 11:43:21 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x240}, 0x1, 0x0, 0x0, 0x81}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:43:21 executing program 3 (fault-call:15 fault-nth:3): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) [ 1463.135142] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1463.142413] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1463.146894] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1463.149707] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1463.158413] Bluetooth: Can't register HCI device [ 1463.244566] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1463.255240] FAULT_INJECTION: forcing a failure. [ 1463.255240] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1463.301698] CPU: 0 PID: 6625 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1463.308665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1463.318023] Call Trace: [ 1463.320602] dump_stack+0x138/0x197 [ 1463.324219] should_fail.cold+0x10f/0x159 [ 1463.328369] ? __might_sleep+0x93/0xb0 [ 1463.332254] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1463.336933] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1463.341936] ? __alloc_skb+0x3ee/0x500 [ 1463.345805] alloc_pages_current+0xec/0x1e0 [ 1463.350121] alloc_skb_with_frags+0x179/0x4b0 [ 1463.354611] ? __might_fault+0x110/0x1d0 [ 1463.358658] sock_alloc_send_pskb+0x5db/0x740 [ 1463.363140] ? iov_iter_advance+0x218/0xc60 [ 1463.367446] ? sock_wmalloc+0xf0/0xf0 [ 1463.371240] ? _copy_from_iter_full+0x1c6/0x6c0 [ 1463.375906] packet_sendmsg+0x16c4/0x5a70 [ 1463.380041] ? avc_has_perm_noaudit+0x420/0x420 [ 1463.384703] ? save_trace+0x290/0x290 [ 1463.388485] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 1463.393416] ? __fget+0x210/0x370 [ 1463.396885] ? packet_notifier+0x760/0x760 [ 1463.401109] ? selinux_socket_sendmsg+0x36/0x40 [ 1463.405760] ? security_socket_sendmsg+0x89/0xb0 [ 1463.410509] ? packet_notifier+0x760/0x760 [ 1463.414736] sock_sendmsg+0xce/0x110 [ 1463.418432] SYSC_sendto+0x206/0x310 [ 1463.422127] ? SYSC_connect+0x2d0/0x2d0 [ 1463.426084] ? lock_downgrade+0x740/0x740 [ 1463.430234] ? wait_for_completion+0x420/0x420 [ 1463.434807] ? __sb_end_write+0xc1/0x100 [ 1463.438852] ? fput+0xd4/0x150 [ 1463.442030] ? SyS_write+0x15e/0x230 [ 1463.445730] SyS_sendto+0x40/0x50 [ 1463.449166] ? SyS_getpeername+0x30/0x30 [ 1463.453224] do_syscall_64+0x1e8/0x640 [ 1463.457121] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1463.461960] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1463.467133] RIP: 0033:0x459f49 [ 1463.470307] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1463.478006] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1463.485261] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1463.492518] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1463.499781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1463.507048] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1464.080388] Bluetooth: hci0 command 0x1001 tx timeout [ 1464.087249] Bluetooth: hci0 sending frame failed (-49) [ 1465.520173] net_ratelimit: 22 callbacks suppressed [ 1465.525169] protocol 88fb is buggy, dev hsr_slave_0 [ 1465.530268] protocol 88fb is buggy, dev hsr_slave_1 [ 1465.680140] protocol 88fb is buggy, dev hsr_slave_0 [ 1465.685228] protocol 88fb is buggy, dev hsr_slave_1 [ 1466.160128] Bluetooth: hci0 command 0x1009 tx timeout [ 1466.960172] protocol 88fb is buggy, dev hsr_slave_0 [ 1466.965256] protocol 88fb is buggy, dev hsr_slave_1 [ 1466.970385] protocol 88fb is buggy, dev hsr_slave_0 [ 1466.975418] protocol 88fb is buggy, dev hsr_slave_1 [ 1467.280138] protocol 88fb is buggy, dev hsr_slave_0 [ 1467.285219] protocol 88fb is buggy, dev hsr_slave_1 11:43:28 executing program 2 (fault-call:2 fault-nth:55): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:43:28 executing program 5 (fault-call:2 fault-nth:4): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 11:43:28 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x221, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = getpid() sched_setscheduler(r4, 0x0, &(0x7f0000000380)) r5 = syz_open_procfs(r4, &(0x7f0000000040)='net/fib_triestat\x00') ioctl$IMADDTIMER(r5, 0x80044940, &(0x7f0000000080)=0xffffffffffffffff) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000000c0)=0x9, 0x4) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x24a, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[]}}, 0x0) 11:43:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={r3, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={r3, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x12}}}, 0xffff, 0x101, 0x9, 0x9, 0x10}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={r4, @in={{0x2, 0x4e23, @remote}}, 0x100, 0x1}, 0x90) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:43:28 executing program 1 (fault-call:11 fault-nth:5): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:43:28 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') ioctl$VIDIOC_G_PRIORITY(0xffffffffffffffff, 0x80045643, 0x3) preadv(r4, &(0x7f00000017c0), 0x331, 0x0) [ 1470.603384] QAT: Invalid ioctl [ 1470.616450] FAULT_INJECTION: forcing a failure. [ 1470.616450] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1470.621647] FAULT_INJECTION: forcing a failure. [ 1470.621647] name failslab, interval 1, probability 0, space 0, times 0 [ 1470.646204] CPU: 1 PID: 6645 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1470.653156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1470.662512] Call Trace: [ 1470.665106] dump_stack+0x138/0x197 [ 1470.668752] should_fail.cold+0x10f/0x159 [ 1470.672899] ? __might_sleep+0x93/0xb0 [ 1470.676789] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1470.681463] ? retint_kernel+0x2d/0x2d [ 1470.685349] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1470.690367] ? __sanitizer_cov_trace_pc+0x4e/0x60 [ 1470.695209] alloc_pages_current+0xec/0x1e0 [ 1470.699531] alloc_skb_with_frags+0x179/0x4b0 [ 1470.704020] ? __might_fault+0x110/0x1d0 [ 1470.708082] sock_alloc_send_pskb+0x5db/0x740 [ 1470.712576] ? iov_iter_advance+0x218/0xc60 [ 1470.716909] ? sock_wmalloc+0xf0/0xf0 [ 1470.720705] ? _copy_from_iter_full+0x1c6/0x6c0 [ 1470.725377] packet_sendmsg+0x16c4/0x5a70 [ 1470.729521] ? avc_has_perm_noaudit+0x420/0x420 [ 1470.734185] ? trace_hardirqs_on_caller+0x400/0x590 [ 1470.739199] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1470.743947] ? save_trace+0x290/0x290 [ 1470.747750] ? check_preemption_disabled+0x3c/0x250 [ 1470.752761] ? __fget+0x210/0x370 [ 1470.756233] ? packet_notifier+0x760/0x760 [ 1470.760476] ? selinux_socket_sendmsg+0x36/0x40 [ 1470.765143] ? security_socket_sendmsg+0x89/0xb0 [ 1470.769893] ? packet_notifier+0x760/0x760 [ 1470.774129] sock_sendmsg+0xce/0x110 [ 1470.777836] SYSC_sendto+0x206/0x310 [ 1470.781559] ? SYSC_connect+0x2d0/0x2d0 [ 1470.785529] ? lock_downgrade+0x740/0x740 [ 1470.789686] ? wait_for_completion+0x420/0x420 [ 1470.794261] ? __sb_end_write+0xc1/0x100 [ 1470.798331] ? fput+0xd4/0x150 [ 1470.801519] ? SyS_write+0x15e/0x230 [ 1470.805232] SyS_sendto+0x40/0x50 [ 1470.808677] ? SyS_getpeername+0x30/0x30 [ 1470.812740] do_syscall_64+0x1e8/0x640 [ 1470.816619] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1470.821464] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1470.826650] RIP: 0033:0x459f49 [ 1470.829831] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1470.837532] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1470.844793] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1470.852072] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1470.859334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1470.866594] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1470.873874] CPU: 0 PID: 6649 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1470.880809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1470.884591] QAT: Invalid ioctl [ 1470.890155] Call Trace: [ 1470.890173] dump_stack+0x138/0x197 [ 1470.890191] should_fail.cold+0x10f/0x159 [ 1470.890207] should_failslab+0xdb/0x130 [ 1470.890220] __kmalloc+0x2f0/0x7a0 [ 1470.890235] ? __lock_is_held+0xb6/0x140 [ 1470.890252] ? apply_wqattrs_prepare+0xad/0x960 [ 1470.890265] apply_wqattrs_prepare+0xad/0x960 [ 1470.890284] apply_workqueue_attrs_locked+0xa7/0x120 [ 1470.890295] apply_workqueue_attrs+0x31/0x50 [ 1470.890306] __alloc_workqueue_key+0x78d/0xec0 [ 1470.890317] ? pointer+0xb10/0xb10 [ 1470.942123] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1470.947147] ? ida_remove+0x230/0x230 [ 1470.950954] hci_register_dev+0x1a7/0x810 [ 1470.955096] ? __raw_spin_lock_init+0x2d/0x100 [ 1470.959663] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1470.963985] tty_ioctl+0x8f7/0x1320 [ 1470.967604] ? hci_uart_tty_poll+0x10/0x10 [ 1470.971830] ? tty_vhangup+0x30/0x30 [ 1470.975580] ? __might_sleep+0x93/0xb0 [ 1470.979459] ? __fget+0x210/0x370 [ 1470.982900] ? tty_vhangup+0x30/0x30 [ 1470.986597] do_vfs_ioctl+0x7ae/0x1060 [ 1470.990477] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1470.995232] ? lock_downgrade+0x740/0x740 [ 1470.999395] ? ioctl_preallocate+0x1c0/0x1c0 [ 1471.003790] ? __fget+0x237/0x370 [ 1471.007259] ? security_file_ioctl+0x89/0xb0 [ 1471.011663] SyS_ioctl+0x8f/0xc0 [ 1471.015026] ? do_vfs_ioctl+0x1060/0x1060 [ 1471.019169] do_syscall_64+0x1e8/0x640 [ 1471.023052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1471.027889] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1471.033072] RIP: 0033:0x459f49 [ 1471.036308] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1471.044007] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 11:43:29 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000000)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:43:29 executing program 1 (fault-call:11 fault-nth:6): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1471.051287] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1471.058541] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1471.065800] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1471.073058] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1471.086980] FAULT_INJECTION: forcing a failure. [ 1471.086980] name failslab, interval 1, probability 0, space 0, times 0 [ 1471.101215] Bluetooth: Can't register HCI device [ 1471.130222] net_ratelimit: 18 callbacks suppressed [ 1471.130227] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.140301] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.145440] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.150533] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.156762] CPU: 0 PID: 6651 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1471.159836] FAULT_INJECTION: forcing a failure. [ 1471.159836] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1471.163706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1471.163711] Call Trace: [ 1471.163729] dump_stack+0x138/0x197 [ 1471.163753] should_fail.cold+0x10f/0x159 [ 1471.163771] should_failslab+0xdb/0x130 [ 1471.163786] kmem_cache_alloc+0x2d7/0x780 [ 1471.163801] ? find_held_lock+0x35/0x130 [ 1471.163814] ? sysfs_do_create_link_sd.isra.0+0x82/0x120 [ 1471.163829] __kernfs_new_node+0x70/0x420 [ 1471.163848] kernfs_new_node+0x80/0xf0 [ 1471.163861] kernfs_create_link+0x2c/0x170 11:43:29 executing program 5 (fault-call:2 fault-nth:5): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1471.163877] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1471.163888] sysfs_create_link+0x65/0xc0 [ 1471.163901] device_add+0x4cc/0x1490 [ 1471.163917] ? device_private_init+0x190/0x190 [ 1471.163932] rfkill_register+0x19c/0xb20 [ 1471.163949] hci_register_dev+0x34b/0x810 [ 1471.163958] ? __raw_spin_lock_init+0x2d/0x100 [ 1471.163973] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1471.163987] tty_ioctl+0x8f7/0x1320 [ 1471.163996] ? hci_uart_tty_poll+0x10/0x10 [ 1471.164025] ? tty_vhangup+0x30/0x30 [ 1471.164051] ? __might_sleep+0x93/0xb0 [ 1471.164060] ? __fget+0x210/0x370 [ 1471.164077] ? tty_vhangup+0x30/0x30 [ 1471.164088] do_vfs_ioctl+0x7ae/0x1060 [ 1471.164102] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1471.164111] ? lock_downgrade+0x740/0x740 [ 1471.164123] ? ioctl_preallocate+0x1c0/0x1c0 [ 1471.164135] ? __fget+0x237/0x370 [ 1471.164156] ? security_file_ioctl+0x89/0xb0 [ 1471.164170] SyS_ioctl+0x8f/0xc0 [ 1471.164180] ? do_vfs_ioctl+0x1060/0x1060 [ 1471.164194] do_syscall_64+0x1e8/0x640 [ 1471.164203] ? trace_hardirqs_off_thunk+0x1a/0x1c 11:43:29 executing program 1 (fault-call:11 fault-nth:7): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1471.164223] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1471.164232] RIP: 0033:0x459f49 [ 1471.164237] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1471.164248] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1471.164254] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1471.164260] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1471.164269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1471.164275] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 11:43:29 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x4, 0x4, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x7f, 0x0, 0x10001, 0x36}) ioctl$DRM_IOCTL_SG_FREE(r3, 0x40106439, &(0x7f0000000080)={0x5e4f, r4}) [ 1471.183718] CPU: 1 PID: 6661 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1471.196280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1471.196287] Call Trace: [ 1471.196304] dump_stack+0x138/0x197 [ 1471.196323] should_fail.cold+0x10f/0x159 [ 1471.196335] ? __might_sleep+0x93/0xb0 [ 1471.204465] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1471.204480] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1471.204497] ? __alloc_skb+0x3ee/0x500 [ 1471.204512] alloc_pages_current+0xec/0x1e0 [ 1471.204524] alloc_skb_with_frags+0x179/0x4b0 [ 1471.204536] ? __might_fault+0x110/0x1d0 [ 1471.214021] sock_alloc_send_pskb+0x5db/0x740 [ 1471.214038] ? iov_iter_advance+0x218/0xc60 [ 1471.214052] ? sock_wmalloc+0xf0/0xf0 [ 1471.214066] ? _copy_from_iter_full+0x1c6/0x6c0 [ 1471.214081] ? packet_sendmsg+0x13b6/0x5a70 [ 1471.214094] packet_sendmsg+0x16c4/0x5a70 [ 1471.222095] ? avc_has_perm_noaudit+0x420/0x420 [ 1471.222106] ? trace_hardirqs_on_caller+0x400/0x590 [ 1471.222119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1471.226645] Bluetooth: Unknown HCI packet type 5e [ 1471.231590] ? save_trace+0x290/0x290 [ 1471.231605] ? check_preemption_disabled+0x3c/0x250 [ 1471.231615] ? __fget+0x210/0x370 [ 1471.231639] ? packet_notifier+0x760/0x760 [ 1471.235957] Bluetooth: Unknown HCI packet type 43 [ 1471.239394] ? selinux_socket_sendmsg+0x36/0x40 [ 1471.239406] ? security_socket_sendmsg+0x89/0xb0 [ 1471.239418] ? packet_notifier+0x760/0x760 [ 1471.239428] sock_sendmsg+0xce/0x110 [ 1471.239440] SYSC_sendto+0x206/0x310 [ 1471.239451] ? SYSC_connect+0x2d0/0x2d0 [ 1471.239471] ? lock_downgrade+0x740/0x740 [ 1471.244261] Bluetooth: Unknown HCI packet type 5e [ 1471.248087] ? wait_for_completion+0x420/0x420 [ 1471.248099] ? __sb_end_write+0xc1/0x100 [ 1471.248112] ? fput+0xd4/0x150 [ 1471.248126] ? SyS_write+0x15e/0x230 [ 1471.252645] Bluetooth: Unknown HCI packet type 50 [ 1471.256844] SyS_sendto+0x40/0x50 [ 1471.256853] ? SyS_getpeername+0x30/0x30 [ 1471.256867] do_syscall_64+0x1e8/0x640 [ 1471.256876] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1471.256894] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1471.256903] RIP: 0033:0x459f49 [ 1471.256910] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 [ 1471.261353] Bluetooth: Unknown HCI packet type 5e [ 1471.264824] ORIG_RAX: 000000000000002c [ 1471.264831] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1471.264836] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1471.264842] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1471.264848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1471.264854] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1471.299602] Bluetooth: Unknown HCI packet type 40 [ 1471.341260] FAULT_INJECTION: forcing a failure. [ 1471.341260] name failslab, interval 1, probability 0, space 0, times 0 [ 1471.436276] CPU: 0 PID: 6664 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1471.446939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1471.446944] Call Trace: [ 1471.446960] dump_stack+0x138/0x197 [ 1471.446978] should_fail.cold+0x10f/0x159 [ 1471.446994] should_failslab+0xdb/0x130 [ 1471.680342] __kmalloc+0x2f0/0x7a0 [ 1471.683877] ? __lock_is_held+0xb6/0x140 [ 1471.687926] ? apply_wqattrs_prepare+0xad/0x960 [ 1471.692590] apply_wqattrs_prepare+0xad/0x960 [ 1471.697084] apply_workqueue_attrs_locked+0xa7/0x120 [ 1471.702174] apply_workqueue_attrs+0x31/0x50 [ 1471.706589] __alloc_workqueue_key+0x78d/0xec0 [ 1471.711161] ? pointer+0xb10/0xb10 [ 1471.714710] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1471.719725] ? ida_remove+0x230/0x230 [ 1471.723519] hci_register_dev+0x1a7/0x810 [ 1471.727649] ? __raw_spin_lock_init+0x2d/0x100 [ 1471.732238] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1471.736551] tty_ioctl+0x8f7/0x1320 [ 1471.740168] ? hci_uart_tty_poll+0x10/0x10 [ 1471.744392] ? tty_vhangup+0x30/0x30 [ 1471.748093] ? __might_sleep+0x93/0xb0 [ 1471.751968] ? __fget+0x210/0x370 [ 1471.755417] ? tty_vhangup+0x30/0x30 [ 1471.759111] do_vfs_ioctl+0x7ae/0x1060 [ 1471.762984] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1471.767728] ? lock_downgrade+0x740/0x740 [ 1471.771874] ? ioctl_preallocate+0x1c0/0x1c0 [ 1471.776295] ? __fget+0x237/0x370 [ 1471.779757] ? security_file_ioctl+0x89/0xb0 [ 1471.784152] SyS_ioctl+0x8f/0xc0 [ 1471.787496] ? do_vfs_ioctl+0x1060/0x1060 [ 1471.791639] do_syscall_64+0x1e8/0x640 [ 1471.795525] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1471.800366] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1471.805546] RIP: 0033:0x459f49 [ 1471.808717] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1471.816422] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1471.823674] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 11:43:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) ioctl$TIOCGPTPEER(r0, 0x5441, 0x9) [ 1471.830932] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1471.838191] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1471.845447] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1471.853018] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.858168] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.863415] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.868575] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.873848] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.879038] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.897635] FAULT_INJECTION: forcing a failure. [ 1471.897635] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1471.910668] Bluetooth: Can't register HCI device [ 1471.917018] CPU: 0 PID: 6669 Comm: syz-executor.1 Not tainted 4.14.151 #0 [ 1471.923956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1471.933310] Call Trace: [ 1471.935907] dump_stack+0x138/0x197 [ 1471.939549] should_fail.cold+0x10f/0x159 [ 1471.943698] ? __might_sleep+0x93/0xb0 [ 1471.947598] __alloc_pages_nodemask+0x1d6/0x7a0 [ 1471.952280] ? trace_hardirqs_on_caller+0x400/0x590 [ 1471.957328] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1471.962360] alloc_pages_current+0xec/0x1e0 [ 1471.966682] ? alloc_skb_with_frags+0x196/0x4b0 [ 1471.971446] alloc_skb_with_frags+0x179/0x4b0 [ 1471.975944] ? __might_fault+0x110/0x1d0 [ 1471.980007] sock_alloc_send_pskb+0x5db/0x740 [ 1471.984527] ? check_preemption_disabled+0x3c/0x250 [ 1471.989528] ? sock_wmalloc+0xf0/0xf0 [ 1471.993318] packet_sendmsg+0x16c4/0x5a70 [ 1471.997449] ? avc_has_perm_noaudit+0x420/0x420 [ 1472.002110] ? retint_kernel+0x2d/0x2d [ 1472.005998] ? packet_notifier+0x760/0x760 [ 1472.010225] ? check_preemption_disabled+0x3c/0x250 [ 1472.015233] ? packet_notifier+0x760/0x760 [ 1472.019451] ? packet_notifier+0x760/0x760 [ 1472.023671] sock_sendmsg+0xce/0x110 [ 1472.027368] SYSC_sendto+0x206/0x310 [ 1472.031075] ? SYSC_connect+0x2d0/0x2d0 [ 1472.035044] ? lock_downgrade+0x740/0x740 [ 1472.039185] ? wait_for_completion+0x420/0x420 [ 1472.043751] ? __sb_end_write+0xc1/0x100 [ 1472.047795] ? fput+0xd4/0x150 [ 1472.050982] ? SyS_write+0x15e/0x230 [ 1472.054691] SyS_sendto+0x40/0x50 [ 1472.058141] ? SyS_getpeername+0x30/0x30 [ 1472.062198] do_syscall_64+0x1e8/0x640 [ 1472.066078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1472.070921] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1472.076105] RIP: 0033:0x459f49 [ 1472.079277] RSP: 002b:00007fd07cd8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1472.086972] RAX: ffffffffffffffda RBX: 00007fd07cd8ec90 RCX: 0000000000459f49 [ 1472.094234] RDX: 000000000000fdfa RSI: 0000000020000300 RDI: 0000000000000003 [ 1472.101498] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1472.108763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd07cd8f6d4 [ 1472.116017] R13: 00000000004c83ce R14: 00000000004de710 R15: 0000000000000008 [ 1473.200436] Bluetooth: hci1 command 0x1003 tx timeout [ 1473.205762] Bluetooth: hci1 sending frame failed (-49) [ 1474.160294] Bluetooth: hci0 command 0x1003 tx timeout [ 1474.165584] Bluetooth: hci0 sending frame failed (-49) [ 1475.280543] Bluetooth: hci1 command 0x1001 tx timeout [ 1475.285836] Bluetooth: hci1 sending frame failed (-49) [ 1476.240172] Bluetooth: hci0 command 0x1001 tx timeout [ 1476.240179] net_ratelimit: 24 callbacks suppressed [ 1476.240187] protocol 88fb is buggy, dev hsr_slave_0 [ 1476.245586] Bluetooth: hci0 sending frame failed (-49) [ 1476.250523] protocol 88fb is buggy, dev hsr_slave_1 [ 1477.360180] protocol 88fb is buggy, dev hsr_slave_0 [ 1477.360211] Bluetooth: hci1 command 0x1009 tx timeout [ 1477.365296] protocol 88fb is buggy, dev hsr_slave_1 [ 1477.375526] protocol 88fb is buggy, dev hsr_slave_0 [ 1477.380610] protocol 88fb is buggy, dev hsr_slave_1 [ 1478.080198] protocol 88fb is buggy, dev hsr_slave_0 [ 1478.085374] protocol 88fb is buggy, dev hsr_slave_1 [ 1478.090485] protocol 88fb is buggy, dev hsr_slave_0 [ 1478.095513] protocol 88fb is buggy, dev hsr_slave_1 [ 1478.320134] Bluetooth: hci0 command 0x1009 tx timeout 11:43:39 executing program 2 (fault-call:2 fault-nth:56): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:43:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) capset(&(0x7f00000001c0)={0x20071026, r0}, &(0x7f0000000240)={0x10000000, 0x89, 0x3f, 0x7fa, 0x537c, 0x3}) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000140)={0x4, &(0x7f0000000100)=[{0x3f, 0x400}, {0x1, 0x91}, {0x4}, {0x2af9, 0x1ff}]}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000180)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640), 0xac}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f00000002c0)=""/191, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0xffffffffffffff08, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:43:39 executing program 5 (fault-call:2 fault-nth:6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 11:43:39 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="000000080000c4080000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f0000000000)={r4, 0x8, 0x7, "d08fdbae0b3c792bce"}) 11:43:39 executing program 1 (fault-call:11 fault-nth:8): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:43:39 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @dev, @broadcast}, &(0x7f0000000140)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@loopback}}, &(0x7f0000000400)=0xe8) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@loopback, @in6=@empty, 0x4e23, 0x5, 0x4e22, 0x1, 0x2, 0x20, 0x80, 0x32, r2, r3}, {0x4, 0x5, 0x40, 0x620, 0x8001, 0x0, 0x5, 0x4}, {0x80000000, 0x1ffc000, 0x6, 0x2}, 0x0, 0x6e6bb0, 0x2, 0x0, 0x5, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d4, 0x3c}, 0xa, @in=@loopback, 0x3500, 0x3f078454284b726a, 0x2, 0x8, 0x3, 0x2, 0x8}}, 0xe8) ioctl(0xffffffffffffffff, 0x1, &(0x7f0000000640)="6a585ef5b128ec50e4d4f2c180838775797a53be164f687f8281a1c096ca04d7db5b0ca44a829a001872d9ad6f6b10bacbbb7112c1aecc97e5b28a201fb8f55f713a7c46bbaa86200192e266c3f676601da8101c9b88bf61cddc597bee69e42639ddcf40201be8448033aa6cca63") getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000000)={0x2, {{0xa, 0x4e23, 0xfff, @remote, 0x7054}}}, 0x88) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1481.494157] FAULT_INJECTION: forcing a failure. [ 1481.494157] name failslab, interval 1, probability 0, space 0, times 0 [ 1481.506705] CPU: 1 PID: 6703 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1481.513649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1481.523002] Call Trace: [ 1481.525605] dump_stack+0x138/0x197 [ 1481.529246] should_fail.cold+0x10f/0x159 [ 1481.533407] should_failslab+0xdb/0x130 [ 1481.537393] kmem_cache_alloc_trace+0x2e9/0x790 11:43:39 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000400)=ANY=[@ANYBLOB="000000ef97da5e5962100906a4d5f711e7e0ffa38400000000000000000042000000629009cc4b15cd30e466636cb12a0e26e28dae6ebfccc33ebd61a759014f42655d8068f741c097d5c42b8be028be403ecdd1844488ffae4f8e2c57a08642fbaf65578fe7051bffc383ef8c0984348ec666228b8fa5f0962c2c39a5413e7847fc98eda851733b2aabcadcd7b7fd5d342dc5851667f151f0cc1c35d167b48a69722f5d1f99eb", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346000000002c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) [ 1481.542072] ? apply_wqattrs_prepare+0xad/0x960 [ 1481.546744] apply_wqattrs_prepare+0xe1/0x960 [ 1481.551253] apply_workqueue_attrs_locked+0xa7/0x120 [ 1481.556463] apply_workqueue_attrs+0x31/0x50 [ 1481.560873] __alloc_workqueue_key+0x78d/0xec0 [ 1481.565449] ? pointer+0xb10/0xb10 [ 1481.565467] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1481.565481] ? ida_remove+0x230/0x230 [ 1481.574007] hci_register_dev+0x1a7/0x810 [ 1481.574015] ? __raw_spin_lock_init+0x2d/0x100 [ 1481.574032] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1481.574047] tty_ioctl+0x8f7/0x1320 11:43:39 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="00000000020800"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0x100}, @timestamp], 0x2) [ 1481.574054] ? hci_uart_tty_poll+0x10/0x10 [ 1481.574064] ? tty_vhangup+0x30/0x30 [ 1481.602420] ? __might_sleep+0x93/0xb0 [ 1481.606314] ? __fget+0x210/0x370 [ 1481.609781] ? tty_vhangup+0x30/0x30 [ 1481.613511] do_vfs_ioctl+0x7ae/0x1060 [ 1481.617415] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1481.622180] ? lock_downgrade+0x740/0x740 [ 1481.626335] ? ioctl_preallocate+0x1c0/0x1c0 [ 1481.630803] ? __fget+0x237/0x370 [ 1481.634256] ? security_file_ioctl+0x89/0xb0 [ 1481.638658] SyS_ioctl+0x8f/0xc0 [ 1481.638669] ? do_vfs_ioctl+0x1060/0x1060 [ 1481.646163] do_syscall_64+0x1e8/0x640 [ 1481.650043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1481.650063] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1481.650073] RIP: 0033:0x459f49 [ 1481.650079] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1481.650089] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1481.650095] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1481.650101] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 11:43:39 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x401000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x1, 0x9, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1481.650107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1481.650113] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1481.660418] net_ratelimit: 16 callbacks suppressed [ 1481.660423] protocol 88fb is buggy, dev hsr_slave_0 [ 1481.671315] protocol 88fb is buggy, dev hsr_slave_1 [ 1481.678886] Bluetooth: Can't register HCI device [ 1481.686002] protocol 88fb is buggy, dev hsr_slave_0 [ 1481.700647] protocol 88fb is buggy, dev hsr_slave_1 11:43:39 executing program 5 (fault-call:2 fault-nth:7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1481.752236] FAULT_INJECTION: forcing a failure. [ 1481.752236] name failslab, interval 1, probability 0, space 0, times 0 [ 1481.763795] CPU: 0 PID: 6705 Comm: syz-executor.2 Not tainted 4.14.151 #0 [ 1481.770732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1481.780083] Call Trace: [ 1481.782675] dump_stack+0x138/0x197 [ 1481.786311] should_fail.cold+0x10f/0x159 [ 1481.790469] should_failslab+0xdb/0x130 [ 1481.794449] __kmalloc_track_caller+0x2ec/0x790 [ 1481.799211] ? save_trace+0x290/0x290 [ 1481.803002] ? perf_trace_lock_acquire+0x10d/0x4f0 [ 1481.807922] ? __lock_is_held+0xb6/0x140 [ 1481.811987] ? kstrdup_const+0x48/0x60 [ 1481.815870] kstrdup+0x3a/0x70 [ 1481.819049] kstrdup_const+0x48/0x60 [ 1481.822764] __kernfs_new_node+0x2f/0x420 [ 1481.826916] kernfs_new_node+0x80/0xf0 [ 1481.830807] kernfs_create_link+0x2c/0x170 [ 1481.835034] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1481.840304] sysfs_create_link+0x65/0xc0 [ 1481.844419] device_add+0x735/0x1490 [ 1481.848137] ? device_private_init+0x190/0x190 [ 1481.852724] rfkill_register+0x19c/0xb20 [ 1481.856778] hci_register_dev+0x34b/0x810 [ 1481.860915] ? __raw_spin_lock_init+0x2d/0x100 [ 1481.865492] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1481.869809] tty_ioctl+0x8f7/0x1320 [ 1481.873434] ? hci_uart_tty_poll+0x10/0x10 [ 1481.877651] ? tty_vhangup+0x30/0x30 [ 1481.881366] ? __might_sleep+0x93/0xb0 [ 1481.885244] ? __fget+0x210/0x370 [ 1481.888682] ? tty_vhangup+0x30/0x30 [ 1481.892383] do_vfs_ioctl+0x7ae/0x1060 [ 1481.896330] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1481.901082] ? lock_downgrade+0x740/0x740 [ 1481.905222] ? ioctl_preallocate+0x1c0/0x1c0 [ 1481.909615] ? __fget+0x237/0x370 [ 1481.913059] ? security_file_ioctl+0x89/0xb0 [ 1481.917498] SyS_ioctl+0x8f/0xc0 [ 1481.920856] ? do_vfs_ioctl+0x1060/0x1060 [ 1481.925015] do_syscall_64+0x1e8/0x640 [ 1481.928893] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1481.933735] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1481.938915] RIP: 0033:0x459f49 [ 1481.942100] RSP: 002b:00007f7b6664ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1481.949801] RAX: ffffffffffffffda RBX: 00007f7b6664ec90 RCX: 0000000000459f49 [ 1481.957056] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1481.964310] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1481.971587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b6664f6d4 [ 1481.978848] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1481.993992] Bluetooth: Unknown HCI packet type 5e [ 1482.001885] Bluetooth: Unknown HCI packet type 43 [ 1482.023559] Bluetooth: Unknown HCI packet type 5e [ 1482.034633] FAULT_INJECTION: forcing a failure. [ 1482.034633] name failslab, interval 1, probability 0, space 0, times 0 [ 1482.041183] Bluetooth: Unknown HCI packet type 50 [ 1482.056831] CPU: 0 PID: 6726 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1482.062113] Bluetooth: Unknown HCI packet type 5e 11:43:40 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r5, 0x105}, 0x14}}, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0xcc, r5, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x3}]}, @IPVS_CMD_ATTR_DEST={0x58, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x10000}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1000}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @multicast2}}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x29, 0x10}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x24000004}, 0x44) [ 1482.063774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1482.063781] Call Trace: [ 1482.063797] dump_stack+0x138/0x197 [ 1482.063815] should_fail.cold+0x10f/0x159 [ 1482.063832] should_failslab+0xdb/0x130 [ 1482.083233] Bluetooth: Unknown HCI packet type 40 [ 1482.084475] kmem_cache_alloc_node+0x287/0x780 [ 1482.084497] alloc_unbound_pwq+0x486/0xbc0 [ 1482.084513] apply_wqattrs_prepare+0x355/0x960 [ 1482.110812] apply_workqueue_attrs_locked+0xa7/0x120 [ 1482.115917] apply_workqueue_attrs+0x31/0x50 [ 1482.120326] __alloc_workqueue_key+0x78d/0xec0 [ 1482.124901] ? pointer+0xb10/0xb10 [ 1482.128435] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1482.133441] ? ida_remove+0x230/0x230 [ 1482.137245] hci_register_dev+0x1a7/0x810 [ 1482.141378] ? __raw_spin_lock_init+0x2d/0x100 [ 1482.145949] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1482.150273] tty_ioctl+0x8f7/0x1320 [ 1482.153884] ? hci_uart_tty_poll+0x10/0x10 [ 1482.158206] ? tty_vhangup+0x30/0x30 [ 1482.161914] ? __might_sleep+0x93/0xb0 [ 1482.165785] ? __fget+0x210/0x370 [ 1482.169231] ? tty_vhangup+0x30/0x30 [ 1482.172933] do_vfs_ioctl+0x7ae/0x1060 [ 1482.176808] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1482.181549] ? lock_downgrade+0x740/0x740 [ 1482.185681] ? ioctl_preallocate+0x1c0/0x1c0 [ 1482.190080] ? __fget+0x237/0x370 [ 1482.193523] ? security_file_ioctl+0x89/0xb0 [ 1482.197917] SyS_ioctl+0x8f/0xc0 [ 1482.201269] ? do_vfs_ioctl+0x1060/0x1060 [ 1482.205399] do_syscall_64+0x1e8/0x640 [ 1482.209271] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1482.214112] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1482.219283] RIP: 0033:0x459f49 [ 1482.222452] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1482.230161] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1482.237417] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1482.244672] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1482.251927] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1482.259180] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1482.266776] protocol 88fb is buggy, dev hsr_slave_0 [ 1482.271882] protocol 88fb is buggy, dev hsr_slave_1 [ 1482.277005] protocol 88fb is buggy, dev hsr_slave_0 [ 1482.282199] protocol 88fb is buggy, dev hsr_slave_1 [ 1482.287456] protocol 88fb is buggy, dev hsr_slave_0 [ 1482.292649] protocol 88fb is buggy, dev hsr_slave_1 [ 1482.301878] Bluetooth: Can't register HCI device 11:43:40 executing program 5 (fault-call:2 fault-nth:8): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1482.759689] FAULT_INJECTION: forcing a failure. [ 1482.759689] name failslab, interval 1, probability 0, space 0, times 0 [ 1482.771293] CPU: 1 PID: 6742 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1482.778220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1482.787560] Call Trace: [ 1482.790155] dump_stack+0x138/0x197 [ 1482.793826] should_fail.cold+0x10f/0x159 [ 1482.797964] should_failslab+0xdb/0x130 [ 1482.801932] __kmalloc+0x2f0/0x7a0 [ 1482.805460] ? wait_for_completion+0x420/0x420 [ 1482.810035] ? pwq_adjust_max_active+0x372/0x560 [ 1482.814787] ? __alloc_workqueue_key+0x114/0xec0 [ 1482.819651] __alloc_workqueue_key+0x114/0xec0 [ 1482.824219] ? pointer+0xb10/0xb10 [ 1482.827754] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1482.832767] ? ida_remove+0x230/0x230 [ 1482.836555] hci_register_dev+0x209/0x810 [ 1482.840704] ? __raw_spin_lock_init+0x2d/0x100 [ 1482.845275] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1482.849585] tty_ioctl+0x8f7/0x1320 [ 1482.853196] ? hci_uart_tty_poll+0x10/0x10 [ 1482.857455] ? tty_vhangup+0x30/0x30 [ 1482.861160] ? __might_sleep+0x93/0xb0 [ 1482.865033] ? __fget+0x210/0x370 [ 1482.868470] ? tty_vhangup+0x30/0x30 [ 1482.872173] do_vfs_ioctl+0x7ae/0x1060 [ 1482.876053] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1482.880810] ? lock_downgrade+0x740/0x740 [ 1482.884940] ? ioctl_preallocate+0x1c0/0x1c0 [ 1482.889330] ? __fget+0x237/0x370 [ 1482.892772] ? security_file_ioctl+0x89/0xb0 [ 1482.897164] SyS_ioctl+0x8f/0xc0 [ 1482.900513] ? do_vfs_ioctl+0x1060/0x1060 [ 1482.904646] do_syscall_64+0x1e8/0x640 [ 1482.908516] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1482.913345] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1482.918517] RIP: 0033:0x459f49 [ 1482.921687] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1482.929390] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1482.936643] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1482.943905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1482.951157] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 [ 1482.958407] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1482.965967] Bluetooth: Can't register HCI device [ 1484.000157] Bluetooth: hci2 command 0x1003 tx timeout [ 1484.005473] Bluetooth: hci2 sending frame failed (-49) [ 1486.090306] Bluetooth: hci2 command 0x1001 tx timeout [ 1486.095598] Bluetooth: hci2 sending frame failed (-49) [ 1487.920199] net_ratelimit: 26 callbacks suppressed [ 1487.920202] protocol 88fb is buggy, dev hsr_slave_0 [ 1487.930210] protocol 88fb is buggy, dev hsr_slave_1 [ 1487.935302] protocol 88fb is buggy, dev hsr_slave_0 [ 1487.940427] protocol 88fb is buggy, dev hsr_slave_1 [ 1488.160179] Bluetooth: hci2 command 0x1009 tx timeout [ 1488.480153] protocol 88fb is buggy, dev hsr_slave_0 [ 1488.485215] protocol 88fb is buggy, dev hsr_slave_1 [ 1488.490306] protocol 88fb is buggy, dev hsr_slave_0 [ 1488.495328] protocol 88fb is buggy, dev hsr_slave_1 [ 1488.500402] protocol 88fb is buggy, dev hsr_slave_0 [ 1488.505424] protocol 88fb is buggy, dev hsr_slave_1 11:43:50 executing program 2 (fault-call:2 fault-nth:57): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:43:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000380)) sched_setattr(r2, &(0x7f0000000100)={0x30, 0x6, 0x1, 0xfffeffff, 0x2, 0xfff, 0x5, 0x3}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) 11:43:50 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$EVIOCGABS0(r6, 0x80184540, &(0x7f0000000000)=""/122) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:43:50 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x8000) ioctl$TUNSETNOCSUM(r3, 0x400454c8, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005dde1eeff3c9eca2c94acb507247cc3684d1523426a929384a26451e7ac33f25c26c4ffcd8265ebb8cbb1346759291752c6ce35560dcc0bfc9e50bae2febd1c4b58c81"], 0x80}}, 0x0) 11:43:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$EVIOCGABS3F(r7, 0x8018457f, &(0x7f0000000000)=""/28) r8 = dup2(r5, r5) munlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = dup2(r9, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VT_RELDISP(r4, 0x5605) 11:43:50 executing program 5 (fault-call:2 fault-nth:9): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1492.349400] FAULT_INJECTION: forcing a failure. [ 1492.349400] name failslab, interval 1, probability 0, space 0, times 0 [ 1492.362943] CPU: 1 PID: 6750 Comm: syz-executor.5 Not tainted 4.14.151 #0 [ 1492.369890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1492.379244] Call Trace: [ 1492.379263] dump_stack+0x138/0x197 [ 1492.379283] should_fail.cold+0x10f/0x159 [ 1492.379300] should_failslab+0xdb/0x130 [ 1492.379311] __kmalloc+0x2f0/0x7a0 [ 1492.379322] ? wait_for_completion+0x420/0x420 [ 1492.379334] ? pwq_adjust_max_active+0x372/0x560 [ 1492.379350] ? __alloc_workqueue_key+0x114/0xec0 [ 1492.411280] __alloc_workqueue_key+0x114/0xec0 [ 1492.415865] ? pointer+0xb10/0xb10 [ 1492.419420] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1492.424449] ? ida_remove+0x230/0x230 [ 1492.428257] hci_register_dev+0x209/0x810 [ 1492.432416] ? __raw_spin_lock_init+0x2d/0x100 [ 1492.437015] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1492.441345] tty_ioctl+0x8f7/0x1320 [ 1492.444974] ? hci_uart_tty_poll+0x10/0x10 [ 1492.449207] ? tty_vhangup+0x30/0x30 [ 1492.452915] ? __might_sleep+0x93/0xb0 [ 1492.456904] ? __fget+0x210/0x370 [ 1492.460352] ? tty_vhangup+0x30/0x30 [ 1492.464065] do_vfs_ioctl+0x7ae/0x1060 [ 1492.467958] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1492.472699] ? lock_downgrade+0x740/0x740 [ 1492.476833] ? ioctl_preallocate+0x1c0/0x1c0 [ 1492.481235] ? __fget+0x237/0x370 [ 1492.484689] ? security_file_ioctl+0x89/0xb0 [ 1492.489081] SyS_ioctl+0x8f/0xc0 [ 1492.492432] ? do_vfs_ioctl+0x1060/0x1060 [ 1492.496562] do_syscall_64+0x1e8/0x640 [ 1492.500437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1492.505293] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1492.510473] RIP: 0033:0x459f49 [ 1492.513654] RSP: 002b:00007faea97b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1492.521352] RAX: ffffffffffffffda RBX: 00007faea97b0c90 RCX: 0000000000459f49 [ 1492.528621] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1492.535881] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1492.543132] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faea97b16d4 11:43:50 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\r\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:43:50 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0x10004, 0x1) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e22, @multicast1}}, 0x0, 0x800, 0x0, "bf126b3f9e90b94083371445e69e18e17e5a71cd6e9774b221e0cf64b3c958a1a15338f98bf06146e463909c6b142b5eea400de21e60b6bd22ebd68086e50e7609be41cf7748409d7be3e251b847c260"}, 0xd8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) symlinkat(&(0x7f00000001c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') ioctl$KDADDIO(r1, 0x400455c8, 0x10000400000001) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0xffffffffffffff9a, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) ioctl$sock_x25_SIOCADDRT(r2, 0x890b, &(0x7f0000000280)={@remote={[], 0x2}, 0xc, 'eql\x00'}) fcntl$getown(r0, 0x9) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KDADDIO(r4, 0x4b34, 0x8) 11:43:50 executing program 5 (fault-call:2 fault-nth:10): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1492.550389] R13: 00000000004c2e26 R14: 00000000004d6cb8 R15: 0000000000000004 [ 1492.561228] Bluetooth: Can't register HCI device 11:43:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:43:50 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x0, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) r4 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x240243) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req={0x5, 0x40, 0x0, 0x10000}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket(0x10, 0x803, 0x0) dup(0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0xb4, &(0x7f00000002c0)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e23, @empty}, @in6={0xa, 0x4e21, 0xa4e9, @mcast2, 0x3}, @in6={0xa, 0x4e24, 0xfff, @remote, 0x2}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e24, @empty}, @in6={0xa, 0x0, 0xff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000380)={r8, 0x6}, &(0x7f00000003c0)=0x8) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = dup2(r9, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP(r10, 0x4068aea3, &(0x7f0000000400)={0x79, 0x0, [0x1, 0x2, 0x100, 0x1]}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000240)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0x10060, 0x0, 0x0, 0x0) 11:43:50 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x100, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) gettid() clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup(0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}, 0x8000000200000402, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r2 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r2, &(0x7f0000000080)={0x14}, 0xfffffff4) ioctl(0xffffffffffffffff, 0xc2604110, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\b', @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) [ 1492.779651] Bluetooth: Unknown HCI packet type 5e [ 1492.785274] Bluetooth: Unknown HCI packet type 43 11:43:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) userfaultfd(0x100800) ioctl$KDADDIO(r0, 0x400455c8, 0x200009) [ 1492.831636] Bluetooth: Unknown HCI packet type 5e [ 1492.858277] Bluetooth: Unknown HCI packet type 50 [ 1492.886614] Bluetooth: Unknown HCI packet type 5e [ 1492.909467] Bluetooth: Unknown HCI packet type 40 11:43:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = open(0x0, 0x0, 0x4) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) migrate_pages(r1, 0x3, &(0x7f0000000240)=0x9, &(0x7f00000002c0)=0x7) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x80, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') flistxattr(r5, &(0x7f0000000100)=""/114, 0x72) ioctl$SIOCX25SENDCALLACCPT(r0, 0x89e9) preadv(r5, &(0x7f00000017c0), 0x331, 0x0) 11:43:51 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x20000d) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 11:43:51 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x31) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r4, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) timer_getoverrun(r4) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) write$FUSE_POLL(r1, &(0x7f0000000140)={0x18, 0x0, 0x3, {0x80000001}}, 0x18) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:43:51 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r4 = dup2(0xffffffffffffffff, r0) ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000000)={0x8, 0x8, 0x1, 0x6, 0xf, 0x1, 0x1d, 0x9, 0x2, 0x800, 0x4, 0x40}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='6d\x84v/ptmZ\x00', 0x9d04, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r5, 0x400455c8, 0x9) 11:43:51 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000000)={0x2d, 0x1}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r2, &(0x7f0000000380)=@hci, 0x80) fcntl$setstatus(r2, 0x4, 0x4000) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1493.533545] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. 11:43:51 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0x1f6c0, 0x10000, 0x40, 0x1, 0x1b, 0x7, 0x4, 0x8, 0x4, 0x10001, 0xeae}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xc) [ 1493.669159] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1494.160212] net_ratelimit: 26 callbacks suppressed [ 1494.160217] protocol 88fb is buggy, dev hsr_slave_0 [ 1494.170275] protocol 88fb is buggy, dev hsr_slave_1 [ 1494.175363] protocol 88fb is buggy, dev hsr_slave_0 [ 1494.180446] protocol 88fb is buggy, dev hsr_slave_1 [ 1494.720122] protocol 88fb is buggy, dev hsr_slave_0 [ 1494.725244] protocol 88fb is buggy, dev hsr_slave_1 [ 1494.730399] protocol 88fb is buggy, dev hsr_slave_0 [ 1494.735562] protocol 88fb is buggy, dev hsr_slave_1 [ 1494.740864] protocol 88fb is buggy, dev hsr_slave_0 [ 1494.746052] protocol 88fb is buggy, dev hsr_slave_1 [ 1494.800112] Bluetooth: hci1 command 0x1003 tx timeout [ 1494.805430] Bluetooth: hci1 sending frame failed (-49) [ 1494.810847] Bluetooth: hci0 command 0x1003 tx timeout [ 1494.816195] Bluetooth: hci0 sending frame failed (-49) [ 1496.880161] Bluetooth: hci0 command 0x1001 tx timeout [ 1496.885410] Bluetooth: hci1 command 0x1001 tx timeout [ 1496.885465] Bluetooth: hci0 sending frame failed (-49) [ 1496.890722] Bluetooth: hci1 sending frame failed (-49) [ 1498.960120] Bluetooth: hci1 command 0x1009 tx timeout [ 1498.960208] Bluetooth: hci0 command 0x1009 tx timeout [ 1500.400184] net_ratelimit: 26 callbacks suppressed [ 1500.400190] protocol 88fb is buggy, dev hsr_slave_0 [ 1500.410238] protocol 88fb is buggy, dev hsr_slave_1 [ 1500.415316] protocol 88fb is buggy, dev hsr_slave_0 [ 1500.420403] protocol 88fb is buggy, dev hsr_slave_1 [ 1500.960179] protocol 88fb is buggy, dev hsr_slave_0 [ 1500.965283] protocol 88fb is buggy, dev hsr_slave_1 [ 1500.970383] protocol 88fb is buggy, dev hsr_slave_0 [ 1500.975405] protocol 88fb is buggy, dev hsr_slave_1 [ 1500.980517] protocol 88fb is buggy, dev hsr_slave_0 [ 1500.985545] protocol 88fb is buggy, dev hsr_slave_1 11:44:01 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket$caif_stream(0x25, 0x1, 0x4) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_inet6_tcp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000080)) readv(r3, &(0x7f0000000040)=[{&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000000000)=""/44, 0x2c}], 0x2) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r5, &(0x7f0000000380)=@hci, 0x80) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r5, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r8}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r9 = socket$rxrpc(0x21, 0x2, 0x2) r10 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video35\x00', 0x2, 0x0) r11 = socket$unix(0x1, 0x1, 0x0) r12 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r13 = socket$netlink(0x10, 0x3, 0x0) r14 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r15, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r16 = syz_open_dev$admmidi(&(0x7f00000002c0)='/dev/admmidi#\x00', 0x4, 0x101000) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x100000) r18 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r18, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r19 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r19, &(0x7f0000000380)=@hci, 0x80) r20 = socket$netlink(0x10, 0x3, 0x0) r21 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r21, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r21, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r20, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r22, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r19, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r22}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r23 = getpid() sched_setscheduler(r23, 0x0, &(0x7f0000000380)) r24 = getpgid(r23) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r26) r27 = getpid() sched_setscheduler(r27, 0x0, &(0x7f0000000380)) r28 = socket$netlink(0x10, 0x3, 0x0) r29 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r29, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r29, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r28, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r30, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) fstat(r28, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r33 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r33, &(0x7f0000000380)=@hci, 0x80) r34 = socket$netlink(0x10, 0x3, 0x0) r35 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r35, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r35, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r34, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r36, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r33, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r36}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000500)={0x6, 0xffffffffffffffff, 0x1}) r38 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r38, &(0x7f0000000380)=@hci, 0x80) r39 = socket$netlink(0x10, 0x3, 0x0) r40 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r40, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r40, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r39, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r41, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r38, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r41}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r42 = getpid() sched_setscheduler(r42, 0x0, &(0x7f0000000380)) getresuid(&(0x7f0000002d40)=0x0, &(0x7f0000002d80), &(0x7f0000002dc0)) r44 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r44, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r45) r46 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r46, &(0x7f0000000380)=@hci, 0x80) r47 = socket$netlink(0x10, 0x3, 0x0) r48 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r48, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r48, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r47, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r49, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r46, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r49}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r50 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r50, &(0x7f0000000380)=@hci, 0x80) r51 = socket$netlink(0x10, 0x3, 0x0) r52 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r52, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r52, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r51, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r53, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r50, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r53}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r54 = socket$netlink(0x10, 0x3, 0x0) r55 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r55, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r55, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r54, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r56, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r57 = socket$netlink(0x10, 0x3, 0x0) r58 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r58, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r58, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r57, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r59, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r60 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000003100)='/selinux/load\x00', 0x2, 0x0) r61 = socket$tipc(0x1e, 0x2, 0x0) r62 = socket$netlink(0x10, 0x3, 0x0) r63 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r63, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r63, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r62, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r64, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r65 = getpid() sched_setscheduler(r65, 0x0, &(0x7f0000000380)) r66 = syz_open_procfs$namespace(r65, &(0x7f0000003140)='ns/user\x00') r67 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000003180)='/proc/self/attr/current\x00', 0x2, 0x0) r68 = getpgrp(0xffffffffffffffff) stat(&(0x7f00000031c0)='./file0\x00', &(0x7f0000003200)={0x0, 0x0, 0x0, 0x0, 0x0}) r70 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r70, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r71) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000003280)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000032c0)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@empty}}, &(0x7f00000033c0)=0xe8) r74 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r74, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r75) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r76) getgroups(0x7, &(0x7f0000003400)=[r75, 0xee01, 0xee01, r76, 0xffffffffffffffff, 0xee00, 0xffffffffffffffff]) r78 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003440)='/dev/mixer\x00', 0x40, 0x0) r79 = socket$netlink(0x10, 0x3, 0x0) r80 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r80, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r80, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r79, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r81, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r82 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r82, &(0x7f0000000380)=@hci, 0x80) r83 = socket$netlink(0x10, 0x3, 0x0) r84 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r84, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r84, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r83, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r85, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r82, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r85}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r86 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003740)='/dev/ptmx\x00', 0x4002, 0x0) pipe2(&(0x7f0000003780)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r88 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r88, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r88, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r89 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r89, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r89, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r90 = socket$netlink(0x10, 0x3, 0x0) r91 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r91, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r91, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r90, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r92, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r93 = getpid() sched_setscheduler(r93, 0x0, &(0x7f0000000380)) r94 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r94, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r95) r96 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r96, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r97) r98 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r98, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r99) getgroups(0x5, &(0x7f00000037c0)=[0x0, 0xee01, 0x0, r97, r99]) r101 = getpgid(0xffffffffffffffff) r102 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r102, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r103) r104 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r104, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r105) r106 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r106, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r106, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r107 = getpid() sched_setscheduler(r107, 0x0, &(0x7f0000000380)) r108 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r108, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r109) lstat(&(0x7f0000003800)='./file0\x00', &(0x7f0000003840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r111 = fcntl$getown(r4, 0x9) r112 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r112, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r113) stat(&(0x7f00000038c0)='./file0\x00', &(0x7f0000003900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r115 = getpid() sched_setscheduler(r115, 0x0, &(0x7f0000000380)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000039c0)={r115, 0xffffffffffffffff, 0x0, 0x13, &(0x7f0000003980)='eth1\',\x1avboxnet0em0\x00'}, 0x30) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000003a00)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@empty}}, &(0x7f0000003b00)=0xe8) r118 = getgid() r119 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r119, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r119, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r120 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x4, 0x4, 0x1, 0x0, r120}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r120, 0x0, 0x0}, 0x10) r121 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r121, &(0x7f0000000380)=@hci, 0x80) r122 = socket$netlink(0x10, 0x3, 0x0) r123 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r123, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r123, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r122, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r124, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r121, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r124}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r125 = bpf$PROG_LOAD(0x5, &(0x7f0000003c80)={0x19, 0x6, &(0x7f0000003b40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6}, [@map={0x18, 0x0, 0x1, 0x0, r120}, @generic={0x40, 0x4, 0x6, 0x8, 0x7}]}, &(0x7f0000003b80)='GPL\x00', 0x8, 0x0, &(0x7f0000003bc0), 0x40f00, 0x2, [], r124, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000003c00)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000003c40)={0x4, 0xc, 0x7, 0x5}, 0x10}, 0x70) r126 = inotify_init() r127 = socket$netlink(0x10, 0x3, 0x0) r128 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r128, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r128, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r127, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r129, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r130 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r130, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r130, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r131 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r131, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r131, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r132 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000003d00)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r133 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r133, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r133, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r134 = getpgrp(0x0) lstat(&(0x7f0000004080)='./file0\x00', &(0x7f00000040c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r136) r137 = memfd_create(&(0x7f0000004b00)='selinuxGPL#lobdevnodev&\x00', 0x0) r138 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r138, &(0x7f0000000380)=@hci, 0x80) r139 = socket$netlink(0x10, 0x3, 0x0) r140 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r140, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r140, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r139, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r141, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r138, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r141}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r142 = syz_open_dev$binderN(&(0x7f0000004b40)='/dev/binder#\x00', 0x0, 0x800) r143 = fcntl$getown(0xffffffffffffffff, 0x9) r144 = getuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r145) r146 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r146, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r146, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r147 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r147, &(0x7f0000000380)=@hci, 0x80) r148 = socket$netlink(0x10, 0x3, 0x0) r149 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r149, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r149, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r148, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r150, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r147, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r150}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000004bc0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x27, &(0x7f0000004b80)='securitysystemselinuxselinux/wlan0\xcd#{@\x00'}, 0x30) r152 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r152, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r153) r154 = socket$netlink(0x10, 0x3, 0x0) r155 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r155, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r155, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r154, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r156, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) getsockopt$sock_cred(r154, 0x1, 0x11, &(0x7f0000004c00)={0x0, 0x0, 0x0}, &(0x7f0000004c40)=0xc) sendmmsg$unix(r1, &(0x7f0000004d00)=[{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f00000000c0)=[{&(0x7f0000000400)="b58a05e5d7537dfd68272875fc088daecdf2d06007a6ecf7d6da46a75712c9a8f8a8273e08c0bf3da3e17bbb7859d8a094e95f1873ddfa2a42bb8d3e4fd32587cdce1d3f825ba44751d29aa6c72eec8db7adf73cfbe9392a313b53d2fa028b77f59f12116a1c86e82ec83d811084e29e5f933acbe8f0a9c9a97bc57ce4b32bf18a4d4ee520f8ba7a64f57054096e1b9b9a58b3832c4031a0b1b5782b14212444d6b6571834ee", 0xa6}], 0x1, &(0x7f0000001800)=[@rights={{0x18, 0x1, 0x1, [r4, r5]}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, r9, r10, r11]}}, @rights={{0x38, 0x1, 0x1, [r12, r13, r4, r16, r17, r18, r4, r19, r3, r4]}}, @cred={{0x1c, 0x1, 0x2, {r24, r25, r26}}}, @cred={{0x1c, 0x1, 0x2, {r27, r31, r32}}}, @rights={{0x20, 0x1, 0x1, [r33, r37, r38, r1]}}], 0xd8, 0xc044}, {&(0x7f0000001900)=@file={0x3, './file0\x00'}, 0x6e, &(0x7f0000002cc0)=[{&(0x7f0000001980)="d847babb3857df3fe041d2a0669dc9e48639a4fbc048931d17f56782da4f0715c2c98d0e433e34a31e21c519d8f1a6dcb291a5d9ba055ab4569125db1c2a7a3127045433f31677cc40aaf9aa7b4a70048f2504a580aa6fa83fb3ce6766e8d698e17522261584ece1649dfea106ebe7865aed98b69fdda901f094a272ef12824b0abf03a70d92d9cdd4091063412cb0803bec903c40b0242afbb3d9ab5df48e5f5daa17d4759d0a19e5da85fa60584fadb49701", 0xb3}, {&(0x7f0000001a40)="ea339fdbf2bfd03716fb0617a7197ef38e41c02c47137560ab182f74bbed5fc6325c7ba648148c877929da839ffc37ad52074731e4e75f92495f25d6c1b9fda20a8c63ececaa53759f1d97ddd82e8825219a3f5288ddee11e1bb51bc5e6d833febd6a7576dabe90f442e5b08460d103f99e57fc02a1b07719c6f61750645f2050c6e23ad3cd8b26ce9d1febfd88e3d26006494f98d86d78d8f4a07a6790e88f03fff1bf94c0f2cfe56507eb6998e8c1d", 0xb0}, {&(0x7f00000005c0)="5490a6126a93a742440cf2", 0xb}, {&(0x7f0000001b00)="15b93afd9210c06cdea1c2e878f020919d6f2d172c8b1dc2bad3c67064e01e465d4055bf9d9b2fee3f5554776122ebf045837c9e48fd08a16daa8890a9c590362bf4fedeb15de4b5b0eeec8a6ba4c4088bac334fb7e9a36ce62baad6104dc7626ef66b1d2ba322d262e6116744e1cd8a39fcdbe4a3e3f8e1340b", 0x7a}, {&(0x7f0000001b80)="121d605ea661645a4736c7b31dd1b2d7e1ebae8f5a015078874443b05025eef9fa2c086728354f179cdff79679c5f863dc6732eb02774445e216c1e2a9c15603bd8562fb77538f00cef62109e0d2", 0x4e}, {&(0x7f0000001c00)="3b1c12a30b7451badc12ef67e7bcb091dcaa346aa6b8974cd1406891c162b166682f1f41ee99b3acf6e2dd8a22b159d61f3b131772d76af51a805670d05250313a0699367e53d684b69d1f70469ba27e4ad4e82e95093457054ee9be27f9637a57eb860739ff3be80c347d645afaf70c929430f951e40530d4a183e3ccaea52eb2719bc8f2a0e59c446b0f9d87a229484ec6f81f4ea53fca6bef77a62f51e4a32695377806cf5e5753a30d4e774da7f405f785edd586419772583edf22da36ec1d3745382c5bc5b396e37c4a1e1bf488cc1e4d6b4dc120af9d3f49c7f73f6cec896ec8947048c47747f7270b34b258290ec3ae914a8cd0cd5c3f9b6549bd8db00f8da92c5c3bef93175646e0a18b1af951c780fe90b5c7c65af9aacc401644d5b377e987f383a7a92d8d9224ef2fe5f1513fd777ae9a83c2f1243ee5d030c1987004bbd3418edfdc9289e1cb771645553ea92946735706426d879bdf48d5d9c87eaf69e1bc1be1c1e650558f37358254b957077f54492c3a3f5db334fde9861508b49f858af8f770c47ce4c7f0bfb408a9c72bd5c685b0a509230cd28600934adaeb3626377b315c8c25c23d16933203ea84d58c38a46b8e4692f962c5d97093e44b7b028c1d844a39e002c76fcca0c722482c4317ddb8a96846d268d589bfb99058ca80bb05aac41c846bf39e088c344ff76534b19bece749a9de3872789326b448bf8976ee70c9ae904aa12698d0ab116e340b91b682255acb741792796d05a7e121814f083c0c0a0b4acfba391170dd1ba01fd70a2086a1c406571d530b4d243d414fbbf47c9984d4ce003bd4ed47fb6b7c0e63425dd6fe9c6ab3e8ce5c8172504c34bbc412e2555cef839bf866b673b3190f9a5367b3014ee117f1e99cea84d999f51907f5231d1ce7d6e556c0a6501bcb125cf5ee11f01aecb41a40f1ef0e42feaa299c0966432893526e297ede1fc21acb306cd237ab75e4e9367a0d8aee708b0e8c748c77c3c3f7535dbde503271444cde6914e58ecbcc3cf7515fa5339bd111ee3fd7afd1477e45a0bffd10d8089771926facf16b3932a9a4582acb3c986706b0310f3408a57f85586196c991d3935950fb886e221ec706d7c5c84eee256a6606756691908d715923387023924f44c6f436fb8da4b53d3410e27269adea5b011689c81677dc8cf3b0a757c1a10d2cf8bdb8cc1d9d9203917bec985fdd4a598d94a52d5742c447c0c3f02c7ad48f24fddea838b6cdcff29309adfcd1a2e5c3a0c9341fc95409472d147d7dbee295c5148909ccae7475b01b806a7ef30aa0bef0ca13cd1809bd2e664ca60962f98388972012fde76eede07dc2747f2fc8d88a4d6e7112db88701041b1fb9cec7e2f6f0e057b8aeccd476f8f43ce3d2eeb7c69acec5de0213d4d084b48f2a1ea41b6493d7a494a3842120496b5a9f49acf9b6b0af9557575b3c75d0402d788596379e12a8106e9f39d383babe2ef7ac51e4993cc1b39403bfc224b4e0391c23a6360e9abe3e2000d160db40eb1cf3419391ee750774ee34d45eb747714a9b5b759243d962ac5483ca115b0041b39e9b3163d05b45794b566f6924c25faf8e74966c08b0298fcd773040a05c0f85ad086e8e6a749ee5278f967826cfe469ac50ab36cf7b1116b4c79e5946eb90255224ff2b6bab0d3c0c364ebb165c3d8cf4eeea9c271a524efe12d01d0586ce3227e10880e56d4537131234d3de62a3d48efe65b0a7983e294ec42f076918f605bba453a17bec0ae74ddbcbe8bc4cdd4bfc89230a83d9f6c3b4f0f22dc1859ef580192de71a0ebd73aefbe6adb472b794d87d696e1382e01b678e02d0205f07ba3b027407c3ad9e1c9de562fdcad7177b14fad3662966235302ecef7c86f32af6346f5c64482d7ebbb91d154945354ceaee01c11c09089c024305e76889518df3f74f24fb03afdd72a0940e220ab1875b2037b96b98656bfeff2e785cda913ebc347c57ed1368177ff9e680075633909688e72c63dbd9b70e9d02dbea4b68dd0c90462f51e6e0e3ad981b45662982f605a26d35d1faf6879afde50f6ff52d1a0712f2c28f340065a524733f159912c6d1fad52afbcfc258c8c380ef33fd0efd82a2a92dc1eab42c8026e404c37a3a60cde0a9cdaff2c47ca7b1352327ea7453843b2c342efa8f7b3395358bc5142550fe8bafb266718c0fec5225e9c5b5909aff86d50bf113e969f149201603d43c7fc18903e56af7a30557cb69bad9f5be13fb4d02b29a00f72c015515c1c0003b825414d98ac1f81fd2125f3d3e3592b08feb349afa78cdb99df35a9e415d39c97f05798d87c30eabc04b12da6791dcc8e07e08711c52a75a19ff01bff19c10bacb5be0dbb36588d1a73780cb475b47415084d71b791bd9e34ea64272619231bdb3796705d9722b488d3830632da0676b3595a1d3d0052d4070d3f06d4f343155dda97ba95eca405d90321c54b3e072a89773da6963946f6ea77f5759f81502e278a9d24edffc3dfbcae047c53e4baf0a5fb2f1dfd5385b000089dd00f039832800477226c85c494dde79456552914ce25877df942f97d3b6c323fe86f9c828586528feeb85b28a5213b8b678277f1cca413b65dda46157018b523396517626d30a1085700d3574f7bbe0f1484383459e30036e41c0a5cfb592810d45eaf3a84a4468699d090efbadd505825d6f61bd4184bb07ee944b71adc85d3175d83168f443f479dcd845b9caae1becf03b778f3ab0ffcb3d3ffb93078d605595148c90932c3e859938832475e592ab2adaeae4beb1aac98c01dc2208bb2ecd3e853752eec756cc5b3e696b983f700168c92ac570121126d296713357dd8a199c5b0a13023e205b06cd3f6e277c45813343447ee0ee08ef019fc6dc21a863fc8c2b67cda610022026b1d02fe29afe6eed70e6679d2f133a35b6fc5daef202ed857aeba312b4524c098fff592c7e87a3edbaf7d625db08d12bad7066b6d23a9dba3ca2ba7c9822e5328c9725d3a83d8856bd3cea7958453dba9f07c5ef2a51157d0e57a9959dbcb220a83131dfa2e5a6f70b9f84434acb3e748f1cf8649f1e269861449d3c020ebfec588cee760493c6eb4ecef07cef91f72b77d83de6cb0331aeb13cb2128fc5d956fe381b6619ed9d94caa73c207e60d98011053cc2694030ed8714b464c32a3850501088e353ce0834d062ff326dcfc8e9aee5c385984030f204dae490cbf2ecda381f43da8f5d5560f7a24b6387163bd422a622bdcdbfb8e2c67501325a560ec974ca0f6a59d9c62a2d92d3033bb2d5f02cde11a0b58b6bbe21a13b4546aabc9800f65aede00e57a065ed933b868ebcb09eff6d01abd6e09c03bdd94fceae56b128ea6b319619ffdb06ebac1a2f8902ba6be798255c863d79904064ebc1ca6b0616e854a4696fb7670f5a3a010d7c50e2b77ce7f502a16ba0bf33f8ea6b48b6c427196e0c1d55974e187d0fdf7767eb644eb08e79c9372a186174a1fb8c75020461ebcff9c6bd4c7431f6dbe315fd0799fbcdeeaee72732888773f18188e8fee28f0cb311c7ec9da04e44553920cb18cd9bc1bd50408443e06639564327e7aca02e67b072a085316c6a94149590962f2cd6cc26d13ae4f269ec883677a20caf7357461c084f79e993ccaa34b2dc23e30fa697d3cb9826174c617f819a59080d135997775011b6f335e8e7124d566c7d520a334e3777f9abb2ab78efd25be19589ef0d26ea472d0924e1829ec858beb0f677040b139493a62b43d492bd1c4fb0b38b9bc93323cb73ad5ff7de93fefb002103749746a756f53253b26def545986e0e211a8667ca68f26979658d3f23d7463348dcf4146bb10d3f0d2faa7025c9a78fc738337b7518ee7544ceef940c92fa20c27dbf94adc3a5accda8b789fc81dafcb2cac90938d1f3d280cb63b4cc75d8dff87715230ee84fee4ec815747dfb8715a8a37c2e4077092af57b546d41f1323786c4d7c75d233e2a81da7a35a69ec2d65f13240bed879bd1029a8b5d87b8dc17993088548806671a7810ff8dd157333202e7a2799a05be8ae61b1ef6921f1bbf91d1c0f9141a9f80fcd78dd404347b5724e0edd94cd5aa355f6dc76e997b5b72f11caf4a9ff0fd09ae2b4f81f668724c1876f65ec5bbdd3bd16d7cd6ff140dd919c3b7fbe8f8a954f9b3c253eba9300185d617755fef75a1fe6eef37d100a25df4f13533d5d4293e371e6268149ef9c4e9fbf665a469616bf9dec2a31041706609498e0bdf4ca1e28b937afc4acd0468a60cb4469024449b507db98f5f0abd52bb321ae31ff2edf7120f62284028b84a66e938fa7c73c9c7cf3ccf8bf33440621e80400fa0e20d106505242bbd724740f48651439c24664d98400bca16103e7fb539f1968f160013102aa319dd65e1dcd2ca5d071e620b5b6fcba30c4f5e30ff4de7fbbabdc81c12105a5d9d616c12023a98fbd95c2ad138d246209746f701d81981f48c28736472b8b6e7f83980a0dfd4c19196d9392dc7acf95911b02762dbc9452078c04a71f533fb031d57c05997409ed4c35b2c5737c61e89391bb0d9e336694d97100b0a2d30fb94ad5139afa32063a5a804782231581393ee5313f67a15ab354f90171d9eb515a0879e1b8a2a129c7bcab31a22915064d36aac5ced3ba22a7729a5e3497fc22f630f27bd18de7d3199e55c125c575c9f3e860f866bf1276afda4ab79a2c6f779ace545aab4079a51fbb5288f6751ef54a930ceb79309cea42b0f0741d133f65fca085bf10ce14a7e332a7872f880de73df6f8fa645ea43f7ed5bef6e404a13754010f7d673d992ba063c31c6e3019d74b7af8e9393a8c7126058fc8a5563134c8bc72619dd50eb4d9dd213b444770d34047fb115a83a106d16299d404395d8ac772a78f35975c37bbeba7e7ec5580052e1a53c738feb791187e8edfaad540f43f28d6d97180ec424429a6cca30699af86a2e18acac90bfcfae45990171c06ca7a59a56c5600ee10bfa0afb6d42ff0c31fc9fab9be493edca9854c36c7f2c4522b8bf13ec5e6301c99fd7191b9547eeb167441fda1b0ddfa2756fb975409365cf075324f95b55fd1dd0a21e1ce5ac95ba1cbd26c600bd41285ddb01ca71e2e55a40f40dc310491672facb235bed21a1bfef19130953c8236561532d566a0a9030ac2f9837f0bcc38ce269cfb9361f76d2f1435548389259d2c9b72e3ed75816b1907511c5e4982f2865fc8d62d7eda31f16a1e76499828aece41cf823d75491a04de1e5a2e27b046d74348b989bb3618ba8c688a9f2975dbf367c829a90e5b26de043015e85ca8464fae403cf238faa2fdb39846f6f2180c8b06b0dd13cf91072f093bec97c81525156877ec6d92eb9b5b965b1c9a139540174ba456d5286ea0f4f545ff5333532b29de3811a94454ade5bd47feddf94dc5f50bfd22348c633736eb87dbf7d3b61754a89e7dbb698a709bd5a771b636101326d60b93bbb9ab23631aad8b0e02359cce310f5346bc257b8c4ed40eb0ec2638daca0be6ccbaf5114bf06d62be7c0f9bd4abd6579bdc699dec6abb604391827c1319de372802d8923c846ee194fd2e45587e2368580c6acbff26f3ca4cfa33c5a277d4e5ea6de3d7d277292e455d400ce076c8fe0a4a5d8711fdd882b8d3672e1c963a2dbd2bf28a19ca09d0c73854153fb683375ac2e5a7a0d6ee6a4f74cece4cdf77e692236dc25f7015361c04a7f1eaac42f42483a3d24f2a1b957039cfe788af3c7c25cb1cb30e022690b3f74a502cbf3391ac562d9dbb48bc7efe0ac5", 0x1000}, {&(0x7f0000002c00)="bde2e6e93894d6bc96b87ec93b91ee9cd8a128cd3ce9d9177652a503cfb1fbae38b59ac13305c94142fd72a547cfb3d58de0c2ab7ccbed5ed46cd54cdfde221a67d6450b0f51077d8d99f5e008c0354b5cc43a4aa60b868ded0e139b7736f2d0432a60d2385a121eba5016a3635f8634faac91f15e7a5d0ef0cfed690fb322089bcb8787610fdb3f0324cedd62637154ac92b80588e1c863a8be6bc7949721134c2e9eb44e67490a81578d840b3555b891cd8fb599229f", 0xb7}], 0x7, &(0x7f0000002e00)=[@cred={{0x1c, 0x1, 0x2, {r42, r43, r45}}}], 0x20}, {&(0x7f0000002e40)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000030c0)=[{&(0x7f0000002ec0)="481c2d928a707bb299bc88fdc18e866431f8e57cf9eead59bfb12aff18f31f1805bcba247ccf634e5557b06139fb9ba883c399dae17b7135ab8199a3d53bc16f8d1fec6f76cf70a650bb0a14c13438bff97a02df9ba93ca2179eea36edeb741793ff926afbdb09859425bbc2f561ae3deae34d98e5723c8790457f657d9ee9d11081d2b19b0ebc23e62fa587bb6bd0aec74cf8c74a57f22430736171592de474a1a1fedcd8e73a3635b5a7efdd04c99537ba564f5e99a8cc68e446c8364a36460ed729642dd1cc599fb67b942cb9d2ac2b96e43e5be9d26a02401413ac02d8fe55f8e0", 0xe3}, {&(0x7f0000002fc0)="28b4eb70d96d5cb8f853e13c14f2cdb5937351b2f842dc7d3fae3480b9727f1d5e7fc6c0fc43531681e94a1b8dd7bc64a71d3c8e7c4cc4776c95807ea38c8f672050cff5d7316635acfc9a391e4399a36ced0297074ec135f03e704d2b24aaae8bf00a3b0e842a846ba3fc7141f809a783dd35e3f005b7cdd8681ba5eaa98c6dae4e24f4063c555b96a61eed6ecfbcfefb11d30afad40921d53f3e934cbd85a21acd03860cb9dd56e041b06cbc9e8a1759a630eba75c25dee0556c4bfc91cb228e220fc9fb2044627eb7e7", 0xcb}], 0x2, &(0x7f0000003480)=[@rights={{0x20, 0x1, 0x1, [r46, r50, r54, r57]}}, @rights={{0x30, 0x1, 0x1, [r1, r0, r60, r61, r62, r3, r66, r67]}}, @cred={{0x1c, 0x1, 0x2, {r68, r69, r71}}}, @cred={{0x1c, 0x1, 0x2, {r72, r73, r77}}}, @rights={{0x1c, 0x1, 0x1, [r78, r1, r3]}}, @rights={{0x20, 0x1, 0x1, [r4, r79, r0, r82]}}], 0xd0, 0x20040000}, {&(0x7f0000003580)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000003700)=[{&(0x7f0000003600)="d09dd5c731dcf7eb238ac40c01abaab9370a7f04d392ae63ab5575333e5f8aa10589ee9c94a9f08cff6e2bdb331da3b7dcbed3d7e03a426258acb3786d9a14c898dd6cf9037996c1e855db026c629017ef8c03e7f28ec11c00464ce5a914229aa368024a032ea72e49e84bba8ecc8c2e6e4358c1b5911d6b4778dcc51be30ab0aac89b09efad67237514ede7340bb6e6dc567cf93a65282cd0715210ba26537331d30eac942778482cb040b0f6765e939df4797806632165f215394bb43950cd357ac9", 0xc3}], 0x1, &(0x7f0000003d40)=[@rights={{0x28, 0x1, 0x1, [r86, r1, r87, r88, r89, r90]}}, @cred={{0x1c, 0x1, 0x2, {r93, r95, r100}}}, @cred={{0x1c, 0x1, 0x2, {r101, r103, r105}}}, @rights={{0x1c, 0x1, 0x1, [r4, r106, r4]}}, @cred={{0x1c, 0x1, 0x2, {r107, r109, r110}}}, @cred={{0x1c, 0x1, 0x2, {r111, r113, r114}}}, @cred={{0x1c, 0x1, 0x2, {r116, r117, r118}}}, @rights={{0x2c, 0x1, 0x1, [r119, r125, r126, r1, r127, r130, r131]}}, @rights={{0x18, 0x1, 0x1, [r132, r133]}}], 0x130, 0x4044000}, {&(0x7f0000003e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004040)=[{&(0x7f0000003f00)="8c0dc5338a9a31635e0cfec1d64ee09432a9a4052f70d2d0db447977a11466113f60ddad939c2f79360ed983205f7a00fa9ff7fd04d710e003b24737e2528b843482c960a52d12437965394805a8e3f7b17224a5243c2de2192659fc4d0c9cf3517fcaed212f0bc2b9cdd2004a6b93af96f268c6105cab6ad3d3baad19343efe7a7b2f48c9866ffddf247becfa3efe1228af9ed1f6ef5f570cc81a4d2b4a7b6bccf7a7a71fbecf055cfb4a991da6b9c7be3a7216982eecac87af278c529b9abaeb8e02ddb0923a14cae4d2aba9b6a7bbe77623fdae0728b48feb04233b1ba1365fd0edd608d981fc95163e0e915f88d04c1b282d5a6374cffe44024d9c", 0xfd}, {&(0x7f0000004000)="40e4aade9e761dd395ca14df4b71501feba919cf6bb6c55efc6bff03d95012553637fd30feb6b3b3", 0x28}], 0x2, &(0x7f0000004140)=[@cred={{0x1c, 0x1, 0x2, {r134, r135, r136}}}], 0x20, 0x44045}, {&(0x7f0000004180)=@abs={0x2, 0x0, 0x4e24}, 0x6e, &(0x7f00000044c0)=[{&(0x7f0000004200)="2887f1244c1534bdb8268c4dec845a1317bf6831685484586632b92cf9682f708139804eb1363ad6a3cb1794007bfdcb3be1b91bc2a26222d403fe361fde40a36029acad8aff3d98ec72155935a0b811d4069acf463a99d2e85090759e8c8eef6fb796fe55a67981bb74080f2df91b056c276d838bea10bbb8e339cddd263917b87a711886146cc5088b74bf6dd433d5e76c3c2ecbbfc19fbc96ce100671c11b67eba9bba7b5df83f5d51cc05c5680356cfedd7c35ea239a430d57fd8c144430dd3ca1178081c22e10a61906cd1b3502cc5f1e15ddebf69ebf3c320bc550e5a98857f79d34f2e1", 0xe7}, {&(0x7f0000004300)="75cf87575582145fa640812e6e091579d02fb689f3464a1798c8a2695833aba2bfaae298d264dabc096dc24efe40ea4fd1aacf2141d499bd779cdf0632007fe6b55cf66b0842a593f105440505689286a37102dbda2da000653e9bd0291b689ed947fc3d6d9ebb8e952ba098aebe8712504265f978ba47c9fb28d62e3d34fcd82941915f4918d58570bbd1e674f2b951ecb6072df1efd56f98dfa490b94bd8b30253768516885c9b87cb4b2b0ecea3da2bde48e70718c33ce8f99a33176e00b60a485bb36ee50b6a1aa9130e4c2c89a37c6085e89f656751236c", 0xda}, {&(0x7f0000004400)="1cc98b5cc0a31bc3ad4ec5cdc675b9914d42ab03a04fe13d1db83dcca71c620aa16efb75234a85a45749b8d68dca3848a7aeeab1cfbc80cd4cb0b6c0b0afb1b3f4b4ecd11b67c019b1f5aa6b18788cad1af32dca295ff152b14da3f347a8373e369dcf3e14edfd95ad6f8d41839a726c360d88944385b537b51fd9a4ddc3535b1c451a7cb622595d2fddff9c997f87a9416e00e0476ebe249626adb2e240d45667e4135f3cc7bf0c8f7aaffa647d5b86a467b60523aac0d0ca5155", 0xbb}], 0x3, 0x0, 0x0, 0x20}, {&(0x7f0000004500)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004a80)=[{&(0x7f0000004580)="cb88c4fb40b834607f01f8db1f5d0b2e3433", 0x12}, {&(0x7f00000045c0)="912ba9d5eaa2de9da26870508c8f07a091b2a959a0ed0c8cd5d4af565d3e730002593ae6dc327b28bfde53dbe17e9ad9b76b707583b7248af56b9867dd02c6383c0c7b940ca00c42f2747d43aabc3d7ccbaa0d253db5394a8d33f59ad34bf6010bea5e2facf0f6ed97c2eb9a3bbabec10d34984595f41f116cb8d0329ed6fd72cfda0365d2a61e04672a75757b54c01082571b9bda374c14c61a260c315d7195164a334016a0a74675c83f02d8bb54e32eaac2e04023ff522f1b74313f1540", 0xbf}, {&(0x7f0000004680)="2e5e0893a64cf14cda6aaf5b058a1c13fc8eb203755e425b1828f7744e9d6142e8c80c33992d36ce272aab221b2c281fe55f9f56e5044735e8ab79474b0d91fb9959f7bc3fa41a86e25c716803d9e9d3bc091e0378630d5d3a56c47f48598d48bad74b90c27c25b5784010a917260355d0c0fc648f16af8a297feaaf21750495b4587c9b7b6172ef05cb7e4c037d4285682e03f1ac765d9b878b8fd746e1f82b30f6c5a31d8a6efa807856ef15825ecb8d79f25a3ebcba5e37a52b89fd", 0xbd}, {&(0x7f0000004740)="837a82b2ad5cde13d5333c3f44f9e7f224890929f0d6dbf4f5aebe2303aac252149c6827e803d576c9d8bf25115e6731b2f359c89652b28e40cbb0f2af82ae570ab433f270a34577c3ac6f76b20ff5cbab2cf4b502338e75e64cd7e5688d1f5f99b1c668234e02201e6c8413b96819176542253b1099cacf4eafd4ec901b0d708da484357c92b72a76bd01e02c5f6ccdc258668736ef9f7e043de315cfb9df0c7d7dd9e854cd37304f4612dc3e", 0xad}, {&(0x7f0000004800)="7ac0d1786051077f377ef29ef8ee0f258787e97316995ec256b243e5f0daa96515b55057bbd96ca02338d17f0c94a8eb5a52d1e18e4edfcdeb141b9777d793a285d0e3d22ff25f1e50deb6caf017dc98b269ac6d82fe9b0e3a1923c662b4d535220631a73ca2c7767bb336037781056386302a166ce24b5838a0", 0x7a}, {&(0x7f0000004880)="cf54d0785152a1717536ca119c23b6271d48c5615ee450b52d159d287c866eb4bcb7469d9fa95204dd5b16a962836ce981e9f9307ed212ba6a5e03eb61a197f6ebe53bfb74e9127ce969292c50c9f5a9d0b34d577be3cd81866109d2266a29d0bec6d051cec78487acae2b5bb5d24197e31d9b2ccaec0cd4283b7ae9b399e9a0ecccdb9b30814e4697294f5846bb61799f5c284286f36ba5971f2eaae2a00e", 0x9f}, {&(0x7f0000004940)="f58527ddcf775ecf476dcffa8e", 0xd}, {&(0x7f0000004980)="42bf0c7190fcd5604efd95a1d558f56865f4795649449cab1a23b09464f005204e7ad060a64e55a7d75e6187cdf0f36dac59afce3c843189c48e24c9453b674a898d9ea2ad08af91cd42fa003a80ba076e918922d68cc97ed2e4c777b1dd98fa84c63df46f2ce070b742688c383985e9d53f54b8230d708c4d43540583d9786a3ac0205156afe2f1314ae6a2c866d1730e823aa8c3e9955e53b2aa85a541b83df9d7639bd11651603201ec75da5310016540b14379203315a2d5831919ab7f16d08484c13827cd2372d8ca2c85508daec8c72080ef", 0xd5}], 0x8, &(0x7f0000004c80)=[@rights={{0x28, 0x1, 0x1, [r137, r138, r3, r1, r142, r0]}}, @cred={{0x1c, 0x1, 0x2, {r143, r144, r145}}}, @rights={{0x18, 0x1, 0x1, [r146, r147]}}, @cred={{0x1c, 0x1, 0x2, {r151, r153, r157}}}], 0x80, 0x20005004}], 0x7, 0x40) 11:44:01 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8) setsockopt(r1, 0x8, 0x3, &(0x7f0000000000)="d5c585ac59191cef", 0x8) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$SIOCX25SCALLUSERDATA(r2, 0x89e5, &(0x7f0000000100)={0x10, "bb38c801d94ebad9b91908dd46c892146f3cac4d00c0eeea7ad837f4bb4c97b71b4b4beb08b8dbb8d2544d2d5286c7e765f3c2336c8431b55ddc04c459b2dd0e7179e754901da50dd554623227dcc73fd3ec7410c0befae4bb300b94865cd5d0c290563930452817e1aee65649564cf50df5f4a06f51f0a6f0cb3a3bb3f63a86"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:44:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x8c0040, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:44:01 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000005c0)='/selinux/checkreqprot\x00', 0x1, 0x0) ioctl$CAPI_CLR_FLAGS(r5, 0x80044325, &(0x7f0000000600)) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SCSI_IOCTL_DOORLOCK(r9, 0x5380) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r6, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x210, r11, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x128, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa7d8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2892}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffff54}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}]}, @TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x2c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x73be}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @empty}}, {0x14, 0x2, @in={0x2, 0x4e21, @local}}}}]}, @TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'nlmon0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x5, @mcast2}}, {0x14, 0x2, @in={0x2, 0x4e21, @local}}}}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x810}, 0x40044) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000)=0x663, 0x2) 11:44:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000000380)=@hci, 0x80) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xb) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) syz_open_pts(r7, 0x3921c0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$bt_BT_RCVMTU(r8, 0x112, 0xd, &(0x7f0000000080)=0x7, &(0x7f00000000c0)=0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = dup2(r9, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$KDGKBMODE(r10, 0x4b44, &(0x7f0000000140)) [ 1503.278183] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1503.324195] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1503.339665] audit: type=1400 audit(1572608641.385:157): avc: denied { create } for pid=6844 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 [ 1503.364894] Bluetooth: Unknown HCI packet type 5e [ 1503.376560] Bluetooth: Unknown HCI packet type 43 [ 1503.390745] audit: type=1400 audit(1572608641.435:158): avc: denied { setopt } for pid=6844 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1 [ 1503.442890] Bluetooth: Unknown HCI packet type 5e [ 1503.623726] Bluetooth: Unknown HCI packet type 50 [ 1503.624496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6862 comm=syz-executor.1 [ 1503.630399] Bluetooth: Unknown HCI packet type 5e [ 1503.649486] Bluetooth: Unknown HCI packet type 40 [ 1503.683491] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1503.736372] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1503.759689] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1503.777597] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1503.797998] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1503.824828] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1503.835670] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1503.856458] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:44:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x7, 0x18000) ioctl$VIDIOC_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f00000000c0)={0x29da36dcc5f55e14, 0x0, [], @bt={0x3d8, 0x4, 0x9, 0x3, 0x6, 0x7, 0x35dd6d27e5967bbc, 0x3}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000140), r5, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r3, &(0x7f0000000180)={0x8, 0x120, 0xfa00, {0x1, {0x3ff, 0x621e, "7a78a83bcf5200a6570bd0a4e9f9222de51e05719923959acd85f258aef8e53d1529644233b5fc22613add4b431ac4dd9d0e1bf9b33aea42822da9b3b17457c36dc049a00dff662df56e9f2d7f8d227dff13d5eb5684f7a530eb6e7c89d73a18968a4f64943d4d50c1e58c45b6211ed1a022c6e75770111d79890ceb4e08e4822aaee6e94307b15304905d56ab70cdaa592da407c421fc7afe9f0248b6b5740c5ab527dd7a1ee0f0fb5aad4cbf7d4ae6b0cd72c2f730d105121ac7d20547fc23860ea1c57c344f9c9757eacc9290f3b2f1c16ce8e4895c711b54831c9a4e9d9140ee6bb17a5e7287acc81060d427e96d988de3104bbd1ca3e962699526c6103f", 0x7, 0x44, 0x81, 0x9, 0x7, 0x4, 0xa5}, r5}}, 0x128) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 11:44:02 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) prctl$PR_GET_SECCOMP(0x15) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000041c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00'}) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) bind$packet(r5, &(0x7f0000000640)={0x11, 0xd, r2, 0x1, 0x0, 0x6, @local}, 0x14) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r9 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r9, &(0x7f0000000380)=@hci, 0x80) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r12, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r9, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r12}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000140)=0xe8) r14 = getuid() r15 = getpid() sched_setscheduler(r15, 0x0, &(0x7f0000000380)) r16 = getpgid(r15) r17 = gettid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000001c0)=0x0) r19 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r19, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r19, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_IP_XFRM_POLICY(r19, 0x0, 0x11, &(0x7f0000004240)={{{@in=@remote, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@remote}}, &(0x7f0000000240)=0xe8) r21 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r21, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r21, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r21, 0x0, 0x10, &(0x7f0000004ac0)={{{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f00000002c0)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) setregid(0x0, r23) sendmsg$netlink(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000004bc0)=ANY=[@ANYBLOB="f0000000400000022abd7000fedbdf25cc000c007e895eb68b27af118aefd181499d5f2c7f45b8c98b594b3ec31f72beca01887a1dde7d74163a1de94b1c0c9da70b265d22735f5464f0e6eed0d8f8829f0f14ca92857d6b60ab3c0e1ff6a8191ec1d94ed13fca40234a3659d7ed51f24d3f1b1ed6020a011c7563a1f43ad4a89e82863ec8a22a3ded716677845db3af1fad450059da65f4b748eb624c61721467ae55518cf9854be747ca9f73b66274f286899de8472b42b88c59221be16066c9631ea7a63c81c96ad0defd155214008d002f6465762f73837175656e636572320039d82d95a6ca36ed071d0cd1adfb3a6241b740e09d5c5a72a1f1858a2bd89a2bff19eb2fcc222f60847fd09253557e69f70697d3c9d800"/294], 0xf0}, {&(0x7f0000000680)={0x25c8, 0x22, 0x102, 0x70bd25, 0x25dfdbff, "", [@typed={0x8, 0x6d, @fd=r9}, @nested={0x24c, 0x11, [@typed={0xf0, 0x2c, @binary="95c473d3b06175f65e3c1a9cd6f2355be91b30e6f18199c2c1d0f55613888369e4e8288681ec8b0cc2bac19b0240e5655c33dd8d26949b26d734c1ae6318ae3e5bc0cca39316bc6dccb1cd4dcde64f65ca034b9497fb268142f84cb3751dc9742bb1c35719e2b9f689c3cc18bc74340f8c4be992f0cc137f26cbd634e22ddf40d8de95de32276e8d5fa2303d77a4ac623cb3c7abb077741c9b4c1b7d85478f838b1b46d8af6e19b92097029fe59a44c17f58f578d42e5a6b6df5bf6ebfebe9aadf827275e8ed4a8bb714369dd89914f3789119b44aac440185cefdbce02a7b1b427c600030e03dacd2a899"}, @generic="3e7997c0e3c6a104ec72e588885ef83b91a88cd07b3fb1b13c871b811937322de165f0d2fb077ac2583a13a08ca1bd0429640e44bd76b09d99fa06b7c140936ed2693b7f7a2b1354d95509d8ba951a1be2be72e2e418cdabacbf39514aecf460e7d15cfe904708e795ce8ee6d714682e6144183809d4b6", @typed={0x8, 0x16, @ipv4=@remote}, @typed={0x8, 0x78, @ipv4=@broadcast}, @generic="d35512ca6b58553b93c3eac17bc5ed07d57e114988bc439e1fbba9c13c4b2a2c9ffb865abebf75ef036874ed1649f5b2ccb278708929c9a190c265dcdf1df40421834f293b3cc80db65ee48608c05ffb889373c8f00a767638f3999e31dc8c4262c504304ccdd0f3955c796de0e249897f1a5d3da372a360244a40a0910bea12b4bac1b3a4e66017552e40c0729723c389af2b0024ae005109df52803494fc650716", @typed={0x8, 0x83, @fd=r0}, @typed={0x4, 0x4e}, @typed={0x8, 0x7c, @uid=r13}, @generic="2c467b4b7c95cfd241a87edef40aa982ae069d8a4a60491efb"]}, @generic="37b4c55e93024fae6a3c731f02ffe1ad22dd2c3dd695f730c88b32c9b95885e852f9afb53896c087e47d1042b2d1652f09fcf87a6de1d5c089c3c0839a639b6e5841426541cf42e5b4db8cf8aaa51fd369e0c01ddef78339c788b2a0a72bf7062e8c35306ac05209c8e90b546a1a082c917ebc80da69b1928981979e46d4ed8a7c2e65060562ecc02f8de938d3b9595ab1a2edb29a540674243e56902a5d9a2ce08ce232489a15aa043072c7f1cc9c0beba83303dfaf88c3137b3677b5267fbca2b206112dfd2b1b140ea4e1fd92420dab64556a05aea5ee7f46a16ebfb22c6c6f577ffe943fce74da29743f4fd1bfb06cca1c1c4c5a27e13b4f91d74c0401b8f294974b40b33002998f1dbfce98ef4a8dee7606f102d4b9eae9b79f3256d936b6fa97c158f177b5a3ab704b9765054522a3449caa987d91e3e20e574b9a6734bdf0d40ce29c431ad8c1cd953a60d87f3e61c1bc30875595304c5ba04e4b04413d0bb4162fa963db8e031c758a68a6bcf43561b341b4490f4c6608c7fe2c575356bd1eb806342871087984ff1333ea37802efb177f75ec1689d01eac9eb099764eb6c47001c390433d31f5b474b1665b8cdb1575a5118a1f217a6965618ffe78972d0af8080ffc5593071193f1220761052c32216f6ba19dbe7533ef229e234df8bd19102cb9538b4e979cd0ae8024c48f33e12e2994637c742b335392cf0553add2d132901bf512fffeb90b120620e5c247e26afa4085c2467a5ccfc53070ab065fe1ae6d66ea5a76910764df2ce0a92d55969bff243ed0ada3498fcec0b64d4806bd70e326e3fa27b3b44f00c9795c3e6672821380268e7a21e0c8eb8ae7103404c055be8035bfd2a46c5da02ff8261e6a498aac26d92c67c1cdd6ce1051f8b6a3eb994a023c2d8c5da9bb98645b61504f378c9adcf4b235c8fc1f63afa24379c2943de7c25ba0f116c9c851bd8302570fd3a36884fd58cbefd19ce06cb794e7c10b8036f81a52092dcfd48069bc8ff754aee462b9a285d62ba65767dead84906a3237845c2bd02aa7ad06a87bf9d5f0e670b364322e77caa528c62d49ac055071652ac83f3f67ade6f224202edaf1fce0d6b1e218de098e35766f3291c2c398c9580f67255b9ad1ea5c5a62083e1b105ccae65d125469a117ffc6160c994f01ac532adacd9918fa21e398618e712318642209ca0b071f49b88b015301816bf1d6b2b3364382c01e98e1af61dad475feab0ab25793391fa889439eb47a65af21b62ca27b23db7cd7d70d643bd355739cfa409532c893200f9ab4f45600981951255b1928ddf6cd74025d377f3b2ee0a43b7ec5c43c588bed4cb7171456ffc10e0b25024ccb608b5ce7655c058628acca48754d34800767b911f4ce00d7bd124c160cb4198b2aaafe5b2bba8b51162db38b82b2ad7172b5a149534cb641f1488cb5567177f5756ca8c05a9d7793a439e065e70b3b525f60e2164c53b41ea7721f07d9dec0df6d72119fc8689139f2c8efcaebc77a08c31a0f04da7ef9865536d9296cf7a0b09ea3013de7ae463bd02882e2db7dbe3e490e442d75756767e21ff6e997b325c01d061e03c49d0774e743b2d340acf3bb06c83a7a67a6dfd185dbd5df59781841eeafb1afed22cb94249305b7522bc7baf489202167dc25f1219d7a596a23bb15c2bbd3c4e9b4bdcf5cd780c4a86f9a4f6b71ee54cb49c1674c62e565903d45fafc2a2f59aa58470d7d1e2b5896d12826f8c74d29bd346d567fdf50b6e2bf4f70ad94c462cc8d335c380e6184a2a6900e3d5f72fb7b8e692d9590ef47c96a75081164cc6a12a509394448575f58bff6744d415b7a5d3a092f288bfaece51e0456a5688db2eaccbd70ae9fc6cdeb3b986364449eb7f72f463fbd833322017024a6d9eec1bc0b82f9f25c461c49ddd12ace276949290415f7f340219ae80ca4bdfda5f7f5365295a44258deffcc9a79cb03c9ab3c9572f62eca377f0c0be2a7d24f55d8b397d5caae1ded9638a0c6b68a6dab8fc7b176042f64e4254059e12df860d3efab03b9c86a97153a029d63352ec3350c745fc53db63e3a4dae3277deb21c0f890ad0032c2395dd4a0df017e7d07e1aa5b372f85ed3adbc9ed557fa12f504a2cf9e5a8ef808c2ca1bd9904b1488e390bd2e7956228dcc758a33bd9ecb8487dbb162d033fbca980e3acb6e0c8ea7cd93ffb1848226fb08fa53547c61a48a5600a928c1d762c031dbf3d46f3a1a9f0bbe5f798281eba47a83fbb6d38205c7c20d63a0c97282815d6c700eb6d5afe1965c7a371508c1c4eb3be8fc73bb54c7a03ad029a3c67ca89b2c218782f348f71c5e880e418a07b44cb477e5d9aa5b583876da4b04fd042f2192264af8d35db0966965dc8e15cf500454c6bfa59767662911acccaf5fbd3fff8d66081bd79f6b426e171d2078212f4db60b23995088f54cc9531038fccdb19d82ed21eedf6a9ab9e549047177e2fea971b22a67682f29be2ecb54a195c4f2f740c2552783c1cdea8ec3f10536b4ea2960447544b406294b9e6481182e13f1eaa4f54edb2c381af0f9ca052e1af46216faf39f5cab5188a3f7c3585bdcca33792726abeb4d8aca831e4dd3e6f644b93f112ca9b62f898a4ca083c1460fb447dc88e57f597912140422805f1b58dbb016ee5cb7d8204ab7f2fb28e449bb12fb093492475432b1c914e1964b86ddcfabd127270e6da1f79e9c85eb3af90d477762eb7a45d11542bebd7d149243344443eda4c6484c68f70489842b21e8110fc2ac4b71109d76c2358e925ad6d1c557b08021284e14bf949d1039644d6fb61c63882cb6d7be131b8cbef706e8822f2a97e81d8ef80496b2baf09199e0da3c2500eb3fa953f11df39dd44ef67dcba5c429d61d801b37547b22a0d939c6aacea14bff6463e2d979e3c95f5713c34755e4522c385228c5badf55297a039b085a3d8a406108e3b6437cd0a348ab3551b9af77f017fc7ea6fe438e6d53bda861dffe07835beabcf4cab86d1b09cffc18699d81bd67bca31d24fd9af0b5855192172273be51b9cac466c8174bf1acac6770b71bf65c890fa9f9bd08c9be0a5822e99e0187c4fb97488740035dfbff6dbce4b1c1fb5da24dc7d7dc05cb211dde04c6b6a1b05eb37c1dfb498e6003bb412aa9d5fbfd9447e5cbf13e62705ebcfd9c4d6df2dda1a8ab425db7b1fb9947a5d8776b681700118f811a6c540299430be6875e4b2a0f6787cc61474824556d27f6a98c2a54b2ff4eeb58841dae811ba6dd88e4c4b63d259cf2d7c0be91b7f65a3fcbfdef010b88fc32616f2f93b2674bbf140682d41a5940073054983a737f7512eb58e7fbf38c6f4ce56c3bfe6e9d4ccb15aca7b7b26d230167cb2d1c3044c2df15c92868c8d12f71fbf4030c7f8be72a2b5a8725b3b597cf563eee93babab36b8779396eb1f0157615ef6b0f0e4a088931a330421c07745d33c440261791f14e66a2de12b36db1c7d1128ca3e0bd457c702c8e4ae1ddfbc7daebe0284c803936df76cd8f0c168b9d68b33c8988e805fd3da5df2f8fdc9c187dba524307a942db6cf93f1a04af154c39fc5336e7d340b31fefcd549245e3a4c4d829d1172c863f2acb4cf0f057b3efc366d0cc50775538056b3976c6c39cc5ad8e12af0957ec6b343964e5df8c3a5c8774d1f7f50566115b2f861bb7e246104eed2e27999bea7aeaacefa063125dd7b9ea4429d45359b138eb4427a4467d8d3f834189f5ec68f18f3e83c438cea5787c8a6b0656f7ee918160c98ccbaaaaa854c5535a1f42d33d0f7d87c077db7a52afab68689756c30ea911ba9a7695a659f3e692b4bb449bc239a894483e9aad73a0c23294e3bff3d04d6e2639fd70627c7f3f2d9672dcd5ae1af2e9f50684fa20c574db95ad9d13505853341e49d7daf26580fe2d35354f75b4589b3bb99f8595d58584114e5fcc2c796d8003169cf89c8c3d594f36548f2565e1ea2bf7e00dba80c9a44beff5304df6cc7baaa36d75ae3851c6d48791a1ff0e0168cebdab8e8e030ffe706b07f439d92716068d8ace971338706a3f9addde7cc447862c4664617ca2f0c76aa58172d936d6fe07eadebf1e010f9997fb4a023e6240f626f331d6115d32c2a49bc9f1d654f5c0e9d4c17c383a1b23fdb136ba8e7062d414c8dd0c18835905c26a02e7449252a119b8e2aaa647e6dbe70c68af67900dad26e6e28cc52ee50151070fb06ee06047b5629b153ecddf63d8a69f089975d6ef0b2ce15d70824bac225a070109a2179daa9e53515fb308965061089aca91c1e60e5f4df0e2d18f0d783ebe8119e59ab7432efcb95a16ac9ba23fae32cf57803470c763c9ae19e0390d7cd10051f32bcb08f3a7e7a661f2f1cb292c10c3c35c87c02f0bdd6274db4fbc8d8edea4ed30f8aa5ac30b495653051aaee2613218411bb6a2d60893676f573d7f4efccd4919d9cb10eb2839a67408f3f1e5ab3d2526c756bbd9a225eecd5f10ec34506e77d906bac3b8df64240c3b1a9006fd2a3a39d44d233048f10932102864c292ea158b19b65bd82bfa46aaf2a0ade5ed933333b5b4778f9c95eb70ba2f40bea09aabb7b2f3a474220f06b7daeebaf99feef1a499165ada189faad4355ac73720696302a199b5d53522c3dc6aeff597177f91628f7825f003fdc71b9fec1470b2ac842c387cb4b841d675854b521300f829ad2dd952f1a19d7b8caa905b950ffba0f5917da5d243e209dcb05316e32bebf23be9315003136c5c81f7a08edf798563f7e2a55e9a21705d61a210840c0243373f29e99830f09991cd67a165e6db5ccfb31b57b7ae3f6345edb7a5accda5b3ddb87410b9d8cb6cf2def164fe243edb77b8d0c935cb6a12f4ebc355f1b2ec4351d74597b24852bcee639578420fcadf254041c65e1bbb4380617371ab05423e56319bb8601bbc54cdea0d1597221fbe236a323a9f9336ae9ea48407b67943fc03dba2dea5257a857f41c95c75b7abcff3e3b28e6dd7d71353bacdd2e79081c691cb37166976c2edb97bc99fd4f2dcdba9d1337b475bcf964ae3a203ac54c3d742ba31531f5e407e6fbb77d75362c46ed88af5e33bee06df6a5af08236fb9ea97077e49daa8630b4645488d2ae1ee5358d0ad894cfa4547220641747019779441725def005ac8b0442ed6e1b4f438d1b28d2f76c1894e94aaf3e690ae11319aab44fe88c1f1a78ee7d2626c4217dcef6a609847c0361c071cde5cfbc8d2a34029fd44090f940a9cc87cf3b7fe38091913182d0f0f175549b124269af272570fcf8665cf76935244eaaf0b9b1f1f9020f88700b67c94b44f6fa42f301077ccd5ce44a3188f678355c9d6b0495f4eac9b273dce25ca25e04deaa8c7de4ed7cb5d50a2db800b29e1fc81d85cbf636a9226bdb1ce5ee7141a1bc33646e6a4cbadf700fdc86e7f3d7f76581bb9ed2436af55e83fa6c25f793805085279665914c02b3607d230b3e1606a68a3f904a4a6e1b080d72187e537fbc537741be78c7453564c6f09951b9c0a7513a3c04045b724926c8435e5aa5bded6179c738c12f4f3bb7c955ab495db93165d75acec59ff10fbaa045cd8d5e63fd81ca2e7a3da84d69c132903ad48017ce1cf2c4855e9c07af98f9817a9f2b1ab1072d29e0c08ce5c3c8d05a6c6821e10ee66979e4ce9602813fb013be13a5a9996a3c6296657f96ace0c8fd80c44094b737d4eba6f12546584515b5136754608a294860c1f547e12d1a89b97394a5f41af3413f04bff4b75cda164bf4171c6de1a02a91f776fc79e8799d77d5450a2e", @typed={0xc, 0x4c, @u64=0x9}, @generic="2985950a06c3544b8766f93926d9124a711900924f830b1c3c1cf597130b91e2152a5a61581277dbcb35add4458981f5156d75cf40e1936aa421df36f96be0ac8957f135dc3fb0581e498ce0fa967db9e63c5d1df09e8b23f3be1441be39e73764999cbfc7dd05c03e9b803184e277138f1761d55300285b8d82", @typed={0xc, 0x17, @u64=0x1}, @generic="d8727f4cb61ef3f49c452f041a01eb9ac8c684fd0a2cbe24d284c5e2b0ac358f989fdd2e1d9717906226b7e34e8d53e94c7a84250005851ca4a8331b5a48f71955450da7fd2d12f983dfa575d9725e9c5aaa6409fa8f2c35aaef2ce564b4544172425d4d40bc8c90e442e96ffe8970e9a8de9e914e2490b19a43818359c95d4c0cca0e9eb08622010e9cb83e1539dad51c837b704e50c38c0f337088d21226234f13bd2f02de47e02c4e4921fe3710cab933fbc397d1a1da3daa2e4d4a15", @nested={0x1130, 0x0, [@typed={0x4, 0x75}, @typed={0x8, 0x14, @uid=r14}, @typed={0x8, 0x1a, @fd=r3}, @typed={0xc8, 0x55, @binary="2b850e68f93f3c140a1c32173d3a1898bb2d5d747e40d1ca414612243d2e700318f29723b7f16a4c7b5c25fe412b9e61450ba0cf044d10c0e32420fa9cf41df84aa203443acbf2427993f5712759045b3cd9436c8a38a143b908c2cb4618e0f8a61a79852e66a46468ff86e706e7aaf8ef2649c2801cdf516e6a6d1e324885f97c578b69c7dc9fdf1260741f6f29dace82c303e4996c30c39349b029708a42910390cf2728e4ac297117662f2b11a208d8d7a34bc20978d5879ffe3e29590779e2544437"}, @generic="f073d3e35b883d39f9df7027fa0b8147b6f3615f69002a3ac81008bf726cf41b3d329df6ad8c28986c7beec8eef3a8891aed7ccbf94b6446b1cf8427366d906f29425346086822115ca16a36", @typed={0x1004, 0x39, @binary="8859b981673c5413897a2e4a88d6cb30cbf6f7586152729bd15ed3398e588d73b54633fb5c8645dccb082f98cf26e29e025629f85a8691b01aeb134128464cf9f7810848868c243c0b7f8cbfd672d605cb2ae05b35db9c33fd08ddb4049efe3b5b15de2d110e6fc89de8ef931f38cea29e248ba6c310d4b834586d1b1d9c3bd351626879bd0bcbcc1d3daeba2300b7783cf2bcb48cdc39ed9bb474b470e79e33ec1bc113494c7a617d663e908c4ee9b81326d6c890642499fd3ee2820c0e603b077c286610445b1cd377dccfb850eec6d8447848457f1a3e8c465b25af6b6f7898ca37e9ec2bb953d321788f911c0520ef7ab2748083c22be623b2feac57fbbe2f50ed51b5041053692d2fab25343b1be9de8991a70e5be67954f22c8892faa780de1d6b34a8fa65e5d594ca0970e73007810fa28c4fcf2d4227e7fab8f5ea0d2411be2338969a9ccd4d03507b40de082655f58788575666831ea4caee4676eff7634e974da027189022071ee0a3004446fbe4e37b21ce53ecbee28b873c301844a169c671b6524d4c2aca957522f877ad95cef3b15f4f84d5e009f4d204f95e92b578eb1a3141a1ed229b7b9b1ae08d5936de412f289de8ccea8571d9124865109e8f9ea4304337fa715d51ace7dde2ff0b60c1d34008ef6683a04d5afbe2f257a76ca02cf1a88c56f3758637517347503c15f9f3640041f3d25fa2e89896e87534b14d3bcd7335ffca7f3b3ce650da2e574bf8d3fcba04b4c8972fd660fd4c23a951f685c34b8e836f017f5421fe759548cc1114bdc2e8e2b1cedf2e5022b7b42eb77c33fc781180882f4f1cc9518b785a78456604b3a83d673800ca12766761dfd65cc3dc6be0e1b1682ca0ba7642e5efbbb0e9bf3cf976635c95776d16b58b7af7416ac0fd995b1b56b1b169da326f6e9ac44c03676c385f6bf2dcc21beff9b5de557fd69b5a0462a0df67a909c4897211aec6b7653ea9cbd7a01a9a563ba33864ef4f9ff13bd0bc7da4a9a7b5e68a9b4552ae78e97890678d7aeee8bb2e4568841dcd9f0d262d143ec44d11731ee5145bf97d66df4440cba7e56ed5846063114f5f466dc67da73262ecf1d251a90e4bfc42b160667074e14c8b4a9c21585656be5b3d2e198e7c91985080c526d5919cf19675a002d8d4df95b0eac3999740cd32b93ccd1196095a405ffc3471113267a23800f5275e343387dba7178781db66ac2e4977581dd56d125e35052e6046eb717e6a1fc3e434d3ddf0bf9a61f721035aef58e42422ce0b2e66055f9d1d379a1d839039ed40c043150ea79c77ff432d91d25be6a034b93bafe633bbca4245ee3c66add63d1f78a82d8f25de980127d7095f4feecff560b0eab7431bde9c37881bdf111ef2ddf9b34704e0dabff988f461b70801c635a25afd029ce66068c4135b367c1c24e307360910c8467005d45dff762abe07cd66dc4742004e62de9741537f88e35593682ca33bfe393861489de9a172f49860e2d132f973277f2164b718929b461e80111cdef24b62b77d7dfd3d1e881e2d58cb4965cc025e0bead456c7251e3c0e056969fc29f8921ce645e3b4de06732b2629b36fc4c2f8f2b5d9275f7f2b047c0de56d9de8bf3352520997e1f741b6ad465436523211bd10f73fed156ead1bcd06d39dea5db62716524cee17507f084b6ec8ef9232d8f927f059bc73f7d70e8edd9bf23c7af8a9222b221c4b004318b71ed1e0d5cd499c207ef0e287f31f8be74559bd4661255ad069172ec985a00fb74ef95064f96ebb0d2f6822b8aebb6f6dfe950d4dd9c4b7d6591ea269db0d18772945a71570b9d10af977e60cc52d8ffcb1983e7d61dd568a0516fb31a21f791f264fe6d04de3b320c3fd8eef971a5c6c29c86f4b21e12e56c489e9d4e531a96d4b944fe12b04be819c92d8f7ba8468626e23732fd4a187be6ffb23b50d93e4bab637cc55edfb493c2a314226653f6ce49f08753fb960e350490c98829dae4492f89f7ebd1daee509e3eefb2e5798438e8125e9e73cf5ab5551c472a7513cbfb2d76114fde791273949b9ef271746a7677fa250cb39495f7a035606eabc6f302b644bad51727f270a6817939ab52006fdebf2aed19468ab9342824bd2e0d843adb65087234bc1c377070434b259bf8e4f78910f5f0c96e6ba515cf9f513945ba3273a45f380948efa1b475b0916b14a37f0d272373b4f52d232d081455bb3fc855d6282f5c07cbbf3c18d31db42c1115718d997ebb127a3ada8b75f46f898e0910e83c671e80741971bd8e41f5002558c74819e60a97274c456fa914f22798c35c94a6ab63023046656b04ea33ef1e97823e2db08532733aa84c71ae49959d7cdc6703b6fb2e1e005b500242a1ee3ccc5a4157d70087f656386e12c19b675c59c5acb8bb5e99a019529a78c98c58e4bc41b405e3df57aae0d7e2d6dcd2d8b71ce903311148d313b15542ab58515c1eb3d11d1e89610a5d17914fff88adc6ccd4d512244e0e35279a2d33097ba80fba54a81543be5d973d815c3f61c8532620afd176824413705bdd6140dcff1cd2222393f1a77bfec2ab7ba1c38925b4c2e686808d1a74080d770d1c315587464e79b42de1aa8e41b1a4d250bf057b77c51786051693e915a6d34d215cb6f0d026806df271bd09f369fde9bb5be41bf2c68797fd21c970f1a7b7d6d3c3c07577cb2763dce07c7cc9387ad097c51e1f1c2b8100fc709b328ec0747f6a813b7b2fef5c6009636bc5c50e137a58e9ed40a5cc750185af4f6a975c60102f55fd8e79e1fd733bfcefb6057715970914d5d992baa4901fce8954b383eb6d83fc153d30c9a6f10d60672ca7571828421edad53345a54e3dc8f8e0544f6aeb5680f2e4f2320fa4f733a0981d68fa7ca6745d7e9f73fad7cac9651237701ac21cfb21e33cbdaca8a9f68335e8a9780c12d1af78c60fe4e8784ec6ce93f14341fd1b0d2487b532b545ab7a23ba92b6bb2530fe8384da8955193663ef4a5de92552a40a3b1770aa0f1f160c84b274027852f0ec183a15d0c2e1a6c0f5134c59af9e310c7577177a069514553d25e6d4eaf3ebd82620b7937d3a051fd88494f7b6f97ae2d23b2d40f29e95ff565508fb4f0ae0759b04adf87d4845ca8a4639278527d73be250cb254c599f854a01ce98a57fd87aefa602a55a17e2a842c835bd7af21e0f19c8a14226de4d7f0e9736ce93aa05aa5ed2de4683681127524ab557637854617cc36011ff8f95a009685aa5a35969429e4c4e8bc551afff0f31cd825d172f3dd9c774204c9bd0ad3479d250f2b4e3d804bbf3ca95abdb17cc190c6acd4ece3a00d4e4b3c5f586d837c8f108d481fca3baeb549a07d769f98868d22ce3ee2ebc96834f2f316a5cf4b18687df4564c46c5d6138108b75915a2ff50e4173c93fe008ea5c4974b49922bfc7beb7fb632766c1386d9e0a83af886d4aace3e11c59632e64aa6bb15ee493618a296758660ee66a9742b34609228f04fd28461cabc1e155b1851bfaef055fcde44422e2d10bf32ea8e853126e131076f1b9957c69304de2aacd66823a846f618b33065540102d2b3549a24e9769800ddf1bb63914e580ca4e2f3e4ff6d3d6ec606e3fb05d659507394871979edef04755d86ad4f946e7cc7049c1c7c23165f47657648b61fd08d0846c14300b152560c8553fe4eeda1108de62e4d7f612f7cf133124bcec19936d568a22f18efe772c8733ec6f6584d1a5eceb09813b780216e1535ed3684b9d4c0a7e16e9fadf7f2c319159ec3096a7a91b1dd0ba71f8d742d97d0a645578b8b608df34b1c38b57b6a10af0b516704bfe866b22e3b60dd342f0015819221adcf7f8fdff84f7b2d3edbf635eb9fc6039fddb4141c25c15a731790fa0a90d97da1b7b9257fda1b00a630a4de3c113ed817a4622eef826b350365dc694895841666e9a4e3aa0874a6ce3f682ea0fc032e26848863c40e486bfd506ca6ab1199a70857846ac7685b15e1d2597e367878947f5d26e84db372428f205fe8ddaad64369dcf2593e9aa6a842e2a33c256996106c171d682e27d7a23cc9796f8e9fa9938f3d714e65ce91d6542847aa4ad015d9666dd6889b2873f07df873cd735c8b8232de468b05b313a8733d463a07602962564c03abab2caa803e8fe82940ed0089b639ce5a38c8599c4e04f343a59229f798d9acc953a489bc320b7b9df82a1ca2b37431072fa5dbf863c252ce54637deb15037283f69d1ec745a659ea8b37e68cdab35fbccc763b645ac4fca8379d8fd90c477b5170c86c46fc211c24956e87aaeb9e7e42d7297bf10aad341b7b0e2cb7fdb08f5ff99952aabe71d6ddb500eb69d89bb0bcc4563639bbd0d5ce70672faf0321a84418b8be58f4261487ac4738ab7f0de3570f2fe479b1aab9b6af71aeb56e16b35a7ce6e09dc1f6130891276c68c4c0b24152a5c0d77f2d85dc01dcf7b5377130564dd30c009d5a0b42af202a664dfaf5f00189187866db7e201d08cb074a367b630729c972efd9b38ff02631b76b9d0e46ab5c7e008dc4e3e7782e8e11179c681cda99f7d58e82163f12672c5fcd007cdbe2438bfc84a5494194517836008224ca1be725fc6778f74004d81d51acbce5e123a395108a5ebbf8ae95a2601e8b916a64ec03af91f295a2ed8e281b39993bc66da97ee8b10dd12775fc7246925250ac7d3707af210ac2b5ad9cbbfb368c9088ae75c69086b5a6c27d7c048a468cb0cde286b1aa504bcbdf5f49e5d066bc47281f33b9648998045098ea1f504fe13bd2da7b64e8df8e14024c3387159e12fa5e63f18dafdd2925b305945692ed4c24764f9b11bd28ecd430ed9a84000cbcdcf8bfa9e8edd2f6d841bb27b5a9c373e242a474cba799c5c45ccaf44b34e33c8fb9fdadd20c549315d9f887369dce88063c6e83ffbbca0633718621c11e4f88ebceea6c704cfdd62c610f274192cda3891804553309f4f773bd9e1fd3aa15470d2a7d2e8f993aaeb3ffa02e3a739eaf68900dcd24d3a07388fce5af1e589aece5c933bd8952b385363a351686c1f5e6628f6bf765b0f42dabc952929e26bbc459805258306a7173d817182a88d0fea80f8626cc3d0b36e0a032f96309de3ea5497d431dea0c6e4df3037def22f118e10eb8f18b7ab586a5bd99be20950aeece2413fc556d6e9513aa901078eb84c52e71f3f7b59c4b21b307dab3f0fd2e2d9e08e9cd86d4cc8efdba44981c498722b501f4b17d02dd14e77d8488f4d334b6a6caf27289ed7d52527c73ce78a9b94a97960ca0de4b9302679ba60064f0fb5e81ca58e12e5b7fe94fe2344e7dd6f98f7fde39a1f76c0da60819db82398e8e8cc3948aa11cce9ae4731890c569261de191aa155347a07f72ed3da425d1e5a510acf514ed8bceb197835a002a74c036f50209bf632b9217d4cac448a2617653c272c244d2f6f3ea563d6f3f1acac89fa9df8e7467785597e369b3ddef367c348de3893329bbddc86af2d94ec79cc42769cf10ad6947cd7cfe04f0e191a60a5c8b53a87b616f742cc257cd33953167285d3f7aa24a03058e7958c8572dcb73211155b72069be462301c7758456b77b44bbdd6bea6f7e3125185add198e7eedb04469de20286ae28b761837166fa8442316f278a46dd771cc0c6755c8a7568e48cb44f5fafd2d8e28bd271aa13b57f7de4783f719f4f3ec836bbd80d0cfd27ee3b66c789de38ae53e037e4ad50337e351026f0639fe6dc4675fa8d0e284109e0a59704aa8c32553f51288c7362c5c6fb42d16e96497ec4799b8cbf5e121eb92"}]}, @generic="d0f32bd3778fed012cd470e3f444f74b8ac69a06ffe8e1c9fa0d5eed75dde6b7090ba2f7118f459769540c29aa1be3f57396004d8f7d3bf2eebffee6f45e144f98436bf39a8102343e25f71867ff43eee21372c720685a6d201fc5345822ecb6bfccfb7a6e7602526fe182b59c72ca21dcddeda6c97c04a2fa6fe75f95b9ea055aaf085a8aa0720b5d5a09b07005915221cfaca320683133b2f63604b333f13a0575fada4607dfb6f7664092db53773c38edb09a79afdcc402ce913886247c4f6cc4a0c9bf7a81260119ec195aa098b7612a1be567f9258003d3c9d66c99f7cd62"]}, 0x25c8}, {&(0x7f0000002c80)={0x15a4, 0x22, 0x4, 0x70bd29, 0x25dfdbfd, "", [@generic="f36c30e99a00435ff8e5228f9d1a72eb97e01d9806dcae0dfe7281078cd62ce268a0e35cf959bf77840b566e91cc5d534376847d833b8e26f1cfbbc7d9096022cfff270196f31933be1cea601d0efc6efd0a6f4cc77de1876e6b2a710532b50966b176a6caac3bea8dd301027a2b2745501252e0b62f5f17ffea2a5554540598ca6e346fddf1c20bac87ff88fab3c4f7d6d7", @nested={0x88, 0x49, [@generic="3f20d0e2bffe6648289e2c10726bdc5078ff69bf60a80e2432b3b4eda92e5ca1abf6bd7b77524959850c7c4102e83adb43d1eed8d55e409098dac99e0977d78a94fd70de115d97737b0ef9828c7072cf4f34b8f67d0fa3c3f5e977942d96eb7a191637777e77506a1f92fb9f512d1264be7e76d8ee6a6ad015dddb9b8e083bfefcd0d6"]}, @typed={0x8, 0x8e, @pid=r16}, @nested={0x1320, 0x36, [@generic="5fce7b0a126cb2781a10c8dfdd0538083d144adc3fdc30dfa5b2935946e2ad69d1164b120d6633f3a4290add46652f5311f48a6bd1bd285f5cd4ea2ddb1e599a8750d86be6fa08506374c748a32fe0060ebda805daebb8d35f216a4258372245758ba4ba244e83ec3a50659ac89116409e35c5dbd9ac81bc613b73c915f6ef4eefaf4d8d0a65481207745a580fb82beee942d4f904f3ff06573bbc5d49b63a9a36bce47f4ccc9e4ed871aa6fbccb573d97b5e7de4094b82852f16167265f45d5c35ccf7fc5d95688dbe0ffb8006d", @generic="ad625a8aa74731028b21983a4dfe1a4adbad709175583297e429144fb965dc33d7e1b0f8fbb5a3c5bb7a75aa9f034fac091687ef0c6531fd260e3d181097574e76d6a8f9a8963a0c", @generic="8ba8187da3e83140f57c499fc013f939dfd2dcef1659119e3a5d576761ad2a7f2d8ab17a5f8aa699861791c523901485a220", @generic="dbcd9d5e8861440e1445d37f23b70785ac1d6a6ba91d8d9dac4b725bf10ccefb209084274045cffe16b283621ce91515503e344ba781dcde783e4e820877996bc90e855bd9d5ec241520b077da7972ade2f80634aed3065e01f2c26dbeb13bdae70198083def52de2269f87bb81310be285e6d8992245f9165f9af93a27119899e1a6d183481372b95690ba022ed803a1bbd3ab5bc6912f56bdc5a9e6f363da02c7faa36f217b820d3a30728e17c1df9838549063b847afdb8d124d4d3e7b5a09d7429ac3c006b2fc328ed2841a6a27b28910b6f5faefb26d7a5a6b1638cd88ef6971e7dbfa76cdad3d5e28fe91e296a18496e087eae2c9d06416077cbdef555b36e8ae7d6795a6dd19c7eaacaee4c3380e6df0a10017b54d6f322d8b82bf41cd0885c469b89c23f31069154085bdde546329deb5a34eaf809f4f8e99170fa0a9fbc0ff27307ddb0c8a51a6ddba2feea4335f480632a3961ec5dc3e057e1883056e8d3f1ec813228c8434afa8f0427c77ea126e78b2a29a244bc318a92f8b145840438190b4e859b052e0fa583f160c9d72c24d3614688ac86ee78c4cb11d6c30e14c12eb4c3c04db1c82611d90a6dfa85accc76d440f029ca425fd27f1f13d3e061c5debe63d76c5e20f78419a8ab12701d390302c5db4b2e7c295a50f8ef50de821cb3b791b1874770dff4b07ed7b43b672994d6f23e5104e7259bf5c651004bc94269be2274e8187cebff7a1b8bff6b3b5d974d0877807b0eb48e42213cc20a28df88a14a0e5c39087ecbf035cfdc4d117dd88f3b49d6386be56431f77236f6e46cfb42c19698238821839a0bcf84b039432784382a6ec54e483a5940a7d9b8e1937ce1a7384da7bfdde6975f66344dc0537c0e791ede733b9f3c065eff475703c8662d5b294054c71f4e73a70e0284b84fdf9ae82dfed953b1171d1d5c2ad75d87fda84e6b9ecc3765533d3ebfb9bc15496f01bb21c13f7435e5c315e454fb1db40a66271f1292c3be18e690de3c314eeb58021ef53c660db49af63331492cde356d843af171b43a1c4c48d1320a0d1837d81cc9861c64a20f4f2bee1e0434e69d1bab8f1211f40c10061713bfd48695cf7dee39202cba3d51bee72fbc287395e89a97b8383aa86836f635e59d655316973f369d71e501e0bae257c8c4c5746c8f3d7ffc161cab1afbcf835a628a7f65eceba96f5f9cd983ffed62906183f23b211aa0dea6fc0a43f81328a67327c098eca47d5dfc0e40ca9795128b7b36bdaa07ef05d1b950e5058fa797e343467af4ef239a175432344db0b0be6db2adbf94abc3e67899f6a3f3c18dba1b07a05fcbddea27e1b057fc9017bd34c56e15a18f0635f134e3ea04896ec5e9eadd62f621053f348fc963cfc44d511098d662406967f7a788b9fa6b75b3378b56fd097551b197b40de777602dffe75d1f95401fcf47ec9bdc1638e48ab4e95998e9a4b0015d725c9cb9dd5454de90262be6a0364c738ee1c5a57e4db2c26a6792422c45ac98eb60730467b6d2c387ee24357be76fc94fd1e724b955e1d46b612f7d002d9d00652fbe4d1a04d0b6f096d45aae53c2ceaa0e1e577719c4837a09ed8fcdbf50d26e22185e210abfd23a3465687e50a0218def8bb93616bf9587cbe168c9473b83962a4fa7f2bbcb69c09f09193a2ae6ef31e430b077bb56d04bbc8ef262e702bb2ffc11e65e44ec2d1bcd62f5c081f348bf925f2f5716da77af1c9afabbd6f40b15af10135725a4c57424e9313466bf88329a5ecf1e2aee12c1f91e9a5a1b8f4802e0d586924d1c8dd054e880d466fd4e59e61fabb4aec5803c251cd85156683f49a8bd9d56ac1a6f77fe3dece5c1640bc3997bae4ba0136cc520046817ee22a475acd6020c8c014cb89e99dc6f0b7b1a1d2651e5b9a2d31e0b58202e43941f47e6185704885c6430ff598033b1e6cab9acf441d0412615d7ce0356a9e143233fbde32e4a12b56a836aaac5160362a8eb69275b52078a41b5071fd2cabb94e8e0582a6071bb16d1a2ed5090a7dc36d6780392406c520cb69aec1b0294999f17d299a143cd89fbbb4432dc1d11e59d081d5c0da20df0a13dff56c1418ab5586e97c61d8e6e7021ae6f893a98d1b766dde411e76860f85cb54b5d57682fab2955e2234aee90036cda9ed02fabcc5aeec6532f7a79cb2a860faa48ec5c88e0a043e7763b9676a844c682b50294327ae05d9e307d8ca8a2e01be05962dba0e306c6a3405262de7d10ee647c5df667a88056194cfe65d06d813f38d80f9ba252c0bc13ce2a0dc845e6a1bb7b2aee614e12dc0ce3c22f8fe912104d89984224e3b2433d1548ae1e259505a5fdfaeaf7df2db6b2218389ad98c478d5ebfdecf25bb0fb934bdd2cc209d94dc9a42c554eb12b5e37b1404f19c69cea3c031cce90d479373ca7c1df5b7023c3a631c176b0e85b6ec2e1b7f9bbe74e7e354d206cebd13670773f746cc418af747834bb29bfda5579fc8652d6c48530b7363b6ba26119f2e9740e618e5a1bc3c676eb6771a25a921987c654fa664b5a3c265b5e210db45da9f64f4061d81016b32a77aae11c0ad4e90379d66bee8d82bc759f50fc50096fec724d4091e3cd46a68f0442941006a28ff93e9e2181086c23af5d9bf8508238c959fa2185f81e8a0f108dc09070094f0f16f9eed6c1770b67dee097033fb7b65225b4a05f853c0382884cc78527e547be06d691f7fabf3801cac5016201e601d22c5ff78595399911307384d95bfdd7ca18ba9cc3e565dcf85921c45a98e2d17344500844d7752bccea95834f7f779f33e331e892218285fa92aa876a57f30c9b2ba60f020b7152d2e8df13366f4e7a21da9e9bc7744e5a647b970686e554c235d127e7c391db56d2a487cb127f97ef6aec074fcde167d25eb391edfb0a427165b3280a228461069e6f02787006abbc7a0604f14e517a4d150aecb8349774786baf200845db0f3cf245b03721b4b6e753fe5ab6a18940839203e76c713f395c84b3432d2f25ede30bf3de0867523f498bf9d473ecb07e2d3457fce94970114d3785518f657e063e8d1de075ca7d1f145582a34049026557e4dceb2867682eacebff58396f750aae9d7e27bc680b823d1b1e2ac5c7f21779d2e93f0f272c1bb9ea9942c76508cc069773841026a9abbedd56077f982dea86795683d8a73232badc482cdf07b7b7872bf78d957e4984aabebcae30bc9acfe927bde5cc059220490e6cb7cb5ed04e9b2308a7ed543711b3fae61176008a2ec693d6c1555ce6f8ce2c12ade7aa3d042b798f75079de465b034466b21c609d2df3ceb906e64423c1c33ba7a70b56700eec54ac515780fedee74f202f7ccca0bc7722db153983ba69f5b625fe811bd4d07f97d6a590fcbd253e34b073e937a7f2a0a665200161cafe93fdb3a354bfdc63258ab02de055344fa50b05cbd7df300c2b42c6dddc5d3ec0c87a2c3342416480ce7e91e7f386e0abea5299d7aba78e12d5dfa191f0deb444c961540b0bde67d26895faad07f307b2acfe4881889dd1333e4780b874fde60fde491f76705d4316d0fc51d08ff8d7af1c1b3da24d9c6f0b852f1f9f097644b57d61eb334c5f634e11a9b41bf270369ea62c8097ab0c3ac46f545cd0285370984f84aef554e76b6fbb0285910d5d3862bb25dfb3f092cc3ffbd2317df5e91f000dcda566d2c385ba4c81bfec6deb2bc5ef6d25541e403c2656a5d504bfbcdd123bf9bd9c689a721de6bf9f9c3d2302b118b63b12cca788facba8a6a6663513d38060c562ac2f4811d9a0cdfc307c2d829ef43cc8887c64bdc3c446436757accb0aa71b8a1988d2ff30865648f917bba3f0ae15964be6499da0fcf5590bf72ca8f71e956cc9fa75cec213c0381724c34d0456b892d603c14b17e8649f340907db2b02174ed978f1ca150c5edd5046ff3b58088d240696b2b1549faed85712e3965f019ec4999e3748d377aad62fb19a1677601e37b26dd6f06ca5aaa69eb43bd5484a5906f837cca44b97955f4ab31f6e6dbffca878339fc2f5134010143088d6374df3d02f7c0b4eff64ab89629e33cafbc8b0a1308fc218362ade70458fefccacbae9eb312329fe56e114ba5830c81cb0ad112da50b76db4b42d4e55aacbff5723394a5c6acea3083c2f92084ac802727f712d1c3494d4bd092a7b430644de0ce36ab382f087b41026015add45636840a3ac68856ca455a120b9b9fcca381a16a169ca6a210c6b93587928655c92c5aeda7927e9471fd16652743c1a9d213673ab7fa1d52a276e6c5d80644e47858acd630cdef2e19852d1cebea2b2a9f17b7a5843bdf657b27712fe687926f47becdf8e8d94a6c27b11d288519abb4d4066387cb6b1a161a404f966752a2999676d8d390dbe194d97b0afbcc500a4d30b2fda78d367cf5bb4a60bf56f3c018ebdf94e164e0416c9e77807e0f03a4ffa743b13cd70bfd0093cdd3c1fa46d0f07c2e95e93d5294e77bf79952a3c14d1dc8c907916f927605007b21edd0e3d232830f7b2b51f7953892dcd612c530ff19a3ac9df4cd5df5a5590399dd908f05af6c3a2d5df39ac9886b2ed1e6e774d55ab178627dc7c73f12d8d83c19a1a7d8b2df54aa579539594e2b1b8261dc2df8bb79acaccba31a3eadec93d6b73313744dc764b25b77708289b7504aab0c2b7dac91336353f1cae777f108b5b36324d342e6331855cb1a87b5bf18c86e254f93898be0b5ec9e55a334d1e68320f8bd30c078210aca306e311dd7655827faf696bba161a1eaeadfb55a969380174aa9a0514c6c1af634b14d03b87caf005e3f5ad2fc822e96802989efa3e74b0818e5336699cdbb114b1ece6ae7843a896c90d5852c4166e042344accb4103320e8031c002d2736c79e081aa994c370452de10812bb6946c92f22170143d1dc4ace4e938d4d6e9856a57e9e75777139c4bc10c4858f28e6e837dedbecb25975c30b91cd1622ce390f9ef56c4a89b4138eee96f27572d4d6ddfc4b0ff6386b9f556afcb2954b90c493de84ed77fb3874695ef753e88bb832f906bfaf9b050862aac0ba0fd3d3154d9e2a7a21a1cd5b1ac14ef2f176c487ad3ee261bca88c784e4000aba55ca5e6de5d7f1cea2521e85baa64ca6712e3df6bc2c44db0e384be2b303e4feb1f145e47e2b8d9fdcedfc3a07bf175d43f78f4119f220426c82b29ac9597f0ae9291ca8b177fca95a190b11fc011c4aa176d0d45867c6524e8ab271a91ec1f3a6c0c0514f7bc23d91437bf1c0f70f2504cc31adec3fe0afdc5f40582d738fdf9f3f2505aabb9608eb588d45feb5e734e4ad0fe9b7f62928f22434b33240b8d1140a42512143accc647d44bbc298448af95ef3a6f98a204fa7cb5bba1f472c0d98584fdf028d5818392d30e8e54965a065641d98581f1d43a367b950604f85496b012b9063683c0380ab9d6ef5a2f9604b15c45930565599cfa79f964cc6917b5c0db6eef32684bbfd7b40eda2a7e09671f0952b28177adbad6b8f8af9ecde9082e77963ad33356d77833cf69376bbbec7c4287a239ad9051fec795771390c4b8ba728159dca9b9b9d5d0f397c1e52b8a3a8347a7196d230f779813d2088d4285123877d785f4ad830c4e035f059872cadbddade00fc7618e7fb7c7d666b921539ca8de0103753b1ea632a315e10693d0f67620e6dad5334022acc3dc78c081d9e8189c1fe68e210d66a67dd4afc4e1123d921b05544875997a68177c943ca058dcbd15f20d90bcae9f3025f0dfd57ad394eecbb71f4aec82c774af594ca329d753c4ea3", @typed={0x8, 0x7c, @pid=r17}, @typed={0x14, 0x58, @ipv6=@local}, @generic="19426be9d7843636b9d3895a24cdb8d6831e8434364452730aea2bfcdf681065525a61f2d61fe8621d183e6ba8f4182e2e1dc70a67a29e16b8fcf918025dcb3cf321f49e256c606824b8d421fb04c4e5652365e2f43a86d8a88201151a516365748316ff3ce46c2e45578f1943a9bd3b58117ba69339d557381ef2a258098e9c5305e336833c7dc8d60cc90ba6d3307abf349dfef48bdd1a52672b1013866a57ae4e0d3bc93fe3d6a9946f55e1", @generic="309a89dc11fc0beff5d1e42a702b1882199c1397416fd968ced1bf78be9f0189e82a2a4b2fd29cddf6ec5e53977608fd9a20b9bc48aa7cff174a852505992cd8fb29cfcdae9654f370d8e4afb1dcc0adba7814610693e43ab828b61ef2df726f54e59d25081eb043ce1122695cb125d110b14f6d1a7fa9f3d96f07c355ff865408ba13b25225a532cd1e43cece11301caedabb36ff0a9bfe62cdc0524958b2650c9bc08aebebfedcc5326fc21521887fe3e16453849b1a1d4a9818", @generic="cc3e13df12a0f829c2fdb12dd0f3c777df2ab2dc4e71390af4931ffd466dc5f2e393bb3f7f3aa7bd48c9547e34dfa9706f", @generic="43d67a12dd95bdfa9ca581a9599b4e28d04b5c52130c28cc1cecce4173"]}, @nested={0xb8, 0x16, [@generic="abc22b6da23069151990fdad02eea2995e9f89f6f3b2744c555caa403cdaec5e4f6dc144ca3dffc4edf783d5b29a9d98d346236e7b3daf6591ac18aae465174afa9505f664194560fa8c2a495de9c784fa153ecceb3d5948e8fc3206755e7c1cfddddb5160eefe87fc4401e4b2476815bdaac605088bee2235694e758173d52baedce2af662bec541db5d6aec966c2dac615a56906cca77785980f2121b7af4f8c938fcef80c9d68169b97d70f25077594f7"]}, @generic="1e9974d1e9c0e18be016ef9979e7dfa50d487ae6b614d720ac90181648ca912fd7b4afdea4a708266d81289f30e36d55d4f07d00371001eb8618bf10b7f6e50fcd1e64270c2fc9805963b8e65f968c7cccae679a0ef7a2c2bd578f5504ccb909f5364c4b9dcc7b76d8fa6ba40473b970b3e7124a49e7875b8e41176e62f32b9b788b0d00b73666ac5b2e0deeb56fe829acd73841a3a923"]}, 0x15a4}, {&(0x7f0000004340)={0x744, 0x1e, 0x400, 0x70bd2d, 0x25dfdbfb, "", [@typed={0x14, 0x51, @ipv6=@remote}, @nested={0x1c0, 0x37, [@typed={0x4, 0x2d}, @generic="a269f24cb9db60b9a25d21a401b52448bae8828f78f8b8f517d95bb2459c8eb7bf65f0c8d1b9e945b59f09beecd5301a40cae8940e38eaf61ca39fd9ac26240e651459fe5abe688a18fc53e703b1e5c0b0d6827a506b5fa17df63b72753ac98fa5e5ec9ff0ebb5526cec39b655d084d32b1e351f30ec4ee9c22322ac30042036f2c6328733acadd775b62fa9fcd9d418ec35e1ba9dfc1bf6af4dc535b587f35a1544ca562f4a4e75e28588d02ae8c55bc51d1989debcf00c4cc6eaa05b595d094a72d5284bf9bcf6e38514a052f60f0d2d5c378ce1bea0d8634de193cfe9f6e9fdf254c4192686aea8f2ca20bde03e580ba9cfca9a4831da1e204ec0fcafc8", @generic="816166355e30c0308d68476a088ee307813c464fe0561dbc", @generic="8de06ea5a3b0068a8e3784e15533a49a42ce942d1ee20cc6af943ba6a39d90ba31d614cc8833fd51b9ffeffea791c10f16749a90d9e985ad36a118f143e8a805b987948a16985c406610c9a8499eb3f80e49ebb15c943b2c847a834a788aa1ccf0685ce35125abb428829e80e1bc967e19c401c2d2dc2121ac948d7c83ffa98fb3edac3999c5fad0e6c6ac2686027413592efc8083c6f3f65f2ebbcab775"]}, @generic="f9c6474c36d99995b2d51b1ae54ec86889268aa3d68e0eab904873af337c3b60eeb1cfeab3c6e1e58a5ae259842edf6cb6715fd6edc0691d993f1f5bd9dc6b06c8c6b49aebe738fd3c5d7696ac5cc0b3e52ec7fd468e501ba5465a6c08c5aaea132b", @nested={0x244, 0x81, [@generic="fb7ada89e420d15e3603434377dab5bdb839b2129d789969bd7d5b037889a1b256d4ff2054f8951a223814fdf3ce025d4fb2f31517038325a3600df0437512e8ea5d2a02417c0ca61155f95c28a304fbe44f86c50850a12566f515c92f2353377676fd0aa826cbe534e49e1f9e411fbb69bd", @generic="151cd137e08937ac8ad06b025a75739d83bb131665308743a362f978afdde9d3e16c22b7deacb19aa8", @generic="d6553625e57d6b67c5e87e75f83ec71552e89f7bedbc2b093abc8205ffa25930551079dbe6b1a450c2fcdc39a8a78e39b6d2c6ccb6292d1c0bb7927cc5a72c04c530628de3cd23c9a328098924603707b51dbd2fa19d2592880d1288cb6f0d5abcb9f840886049203b528a734bb02e42e571c386d67596775d89f2ec69a4d67a98780b1e4647630405af362199d861af059c19c16c79f780579745bd235b6aa5b9ba82f81e84bf6cf241640d00189586773e98a8e52c12319f8c7d3e7dd7a896261e1bf22732aeeb1589", @generic="c1e4f1a74d12d6315ac937ede38e1e46d2e1ca7f323cb802ffa17f6d81a128f0727971bce209feb41c18547d75fa308d4215f186f8c99a3075a84e3b582ffc1333a53abb3fb11a760b281f8f4786fe57b5d5452f17ea614ecade4cb6ce49ff88fe4be8e342bcb274acab753789a903c0aa1ca293e4ce47507c1c237c3a735d333badfd67bef7a9d919a6bd5e56fe25a309aeff703e4447d3782b343d18558638ffeb48bbab6ac72a3b262b06c5ac6dcccfdf0dae9ce2225dc3360095f7c8114743804281603ebfb8322f9c01410cacb8453421", @typed={0x8, 0x2e, @pid=r18}]}, @generic="140f610022b97943631574e30357f43a8fe24838bb938c90ef2b471902da118517b9f0c8a20a6c4b7c024cebd65c20a32293be9549403c28a2028d5ec5173bd85dd79bbe24860a5a2d6e4dda9d9d34892665784b011a3b55dc9d64058853504aa91b37c5e8d8e55c3f0cbeafe5c81d121f92", @generic="007e2001bed5ed7ad3d0f301a65e56e0406e88c310a5bfcc4d65b922cb807cb8b0b37233fbcf2dd41c62a10684539ee4dc2744806ba6dcccf6636a1f01e70fba31", @typed={0x8, 0x4e, @u32=0xfffff69a}, @generic="e928e3ff54155b0995df7569984c8ae042b728738eb973474673e3ee228cdcfbd2c50aca310cef4dea3f201a6d7ee4459155af85a90f3786decf870e6e0c007c3cc3a8768ae4d6b5fa812487f92f10bbc09f66cf6dfccab5275a535702daef94f5da7d3a9bb372351c5609890e8464cbd49991a9fab78b49db4d408e68c5fb949543f16bc52fd05fd4153466", @nested={0x170, 0x1d, [@typed={0x8, 0x4d, @uid=r20}, @generic="a88715ece6dcd224cf2d3fd354ecb007aa67e61df7c83de36ef961cc74da8aba6ea038be428ba15856254fde9435b9bb0f7ffa18563c5f0bcc648f1ff43774c8b36be5f1e17a44bccbe56fefbdb992a6d883e2f0b94e8b1d3efb8bf86a60650a7682fc02be35576fc43f38a8ac6366e11d523057b299adc5264d50731cf41486b95ffc1bdc0fe1772fa375852cc406396170e3f3e17d3331082e3272196967537e4ca00634df49724a8b84e46ba101bdaccb4553b76b534317087a032e411db407d52d594a", @typed={0x8, 0x2c, @fd=r3}, @typed={0x90, 0x2a, @binary="dda3fa5bca374eff864420e3fb1078324c3de749e530c04f0bb4613f9070b2b010a7e432300584ce35d1af3f98a6f5f5a8d2cd5436b9315a06bc0fee0e7b9ede3a7041d07ae2c1af2977d01cacebd36e0f55ef97d7fbfd488d1c94b17108eb269c74ff88787f3c2ca9ea1e24fae7fa66b2d273b73cd9f02a6c2a53b508c06c05e5b1774b6eab8265d9"}, @typed={0x4, 0x25}]}]}, 0x744}], 0x4, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r22, r23}}}], 0x20, 0x48000}, 0xc008080) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:02 executing program 5: ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) recvmsg$kcm(r0, &(0x7f0000000300)={&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000140)=""/208, 0xd0}, {&(0x7f0000000240)=""/115, 0x73}], 0x2, &(0x7f00000002c0)=""/51, 0x33}, 0x100) r2 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x101, 0x109000) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f00000005c0)={0x1, 0x0, 0x2, 0x4, {0x80, 0x2, 0x3}}) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000000c0)={r6, 0xb21}, 0x14) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000600)={r6, @in6={{0xa, 0x4e20, 0x80000001, @mcast1, 0x4}}, 0x2, 0xec4d, 0x7ff, 0x0, 0x20}, 0x98) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r7) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f00000000c0)={r9, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000480)={0x0, 0xc5, "33a49f1274bac6266cabbe83c95375c4ce57cb45ef98983dd89715aad609c480e85e30c6dd4f7350ff8943f2e0d310aa57a8a839b7deddaf47c3e96499977955a3bbb02d5d179c73727ca5f4f4abd63e93f03724685e9867538ff91efeb69f78ca3d5b3708c44ca472818ca247b4f6870f398e65bb8023519933d2091c530d8685550be5c900f12c25179d408c2275fa0a89d93be12093539a91819d4e2cf6def9004c5468f5c1900d46b93b615ac902147908bef2256279c38b133d0ce7ad925ae271d4df"}, &(0x7f0000000580)=0xcd) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000380)={r10, 0x0, &(0x7f0000000340)}, &(0x7f00000003c0)=0x10) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000400)={r11, 0x20, 0x30}, &(0x7f0000000440)=0xc) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) times(&(0x7f0000000340)) 11:44:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = open(0x0, 0x0, 0x4) r1 = getpid() r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x19e) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000340)={0x0, 0x4}, &(0x7f0000000800)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000840)={r4, 0x6, 0xc, "5cd044d52af79699c40bc0a3"}, 0x14) dup(r2) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0x20000, 0x0) write$selinux_user(r8, &(0x7f0000000240)={'system_u:object_r:shadow_t:s0', 0x20, 'system_u\x00'}, 0x27) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/143, 0x8f}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000008440)=""/102400, 0x19000}, {&(0x7f0000000e00)=""/240, 0xf0}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001480)=""/223, 0xdf}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000000640)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000000100)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r9, &(0x7f00000017c0), 0x331, 0x0) 11:44:02 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0xa000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_int(r4, 0x0, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:02 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000240)={{0x2, 0x4e22, @rand_addr=0xe304}, {0x1, @broadcast}, 0x8, {0x2, 0x4e23, @empty}, 'vcan0\x00'}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:02 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) ioctl$MON_IOCQ_URB_LEN(0xffffffffffffffff, 0x9201) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="003407e96ef38f141700000000dfbeaf1d13d2ada8000000da6bd3162a51408b857413fdf9d1f4e6dc628da6997ebadb4c0dbb554fbb73027bf2b5355745f06ef3da6c3b107d8dbb9216ffffb3b39ab8b9342298aa3c143642727d0a2d30711ba8a0b7840d", @ANYRES64=0x0, @ANYRESHEX=r2, @ANYRES64=r4, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x6}}, 0x0) [ 1505.440116] Bluetooth: hci0 command 0x1003 tx timeout [ 1505.445436] Bluetooth: hci0 sending frame failed (-49) [ 1505.680144] Bluetooth: hci1 command 0x1003 tx timeout [ 1505.685471] Bluetooth: hci1 sending frame failed (-49) [ 1506.640129] net_ratelimit: 26 callbacks suppressed [ 1506.640133] protocol 88fb is buggy, dev hsr_slave_0 [ 1506.650138] protocol 88fb is buggy, dev hsr_slave_1 [ 1506.655300] protocol 88fb is buggy, dev hsr_slave_0 [ 1506.660365] protocol 88fb is buggy, dev hsr_slave_1 [ 1507.200173] protocol 88fb is buggy, dev hsr_slave_0 [ 1507.205264] protocol 88fb is buggy, dev hsr_slave_1 [ 1507.210388] protocol 88fb is buggy, dev hsr_slave_0 [ 1507.215453] protocol 88fb is buggy, dev hsr_slave_1 [ 1507.220552] protocol 88fb is buggy, dev hsr_slave_0 [ 1507.225588] protocol 88fb is buggy, dev hsr_slave_1 [ 1507.520169] Bluetooth: hci0 command 0x1001 tx timeout [ 1507.525483] Bluetooth: hci0 sending frame failed (-49) [ 1507.760125] Bluetooth: hci1 command 0x1001 tx timeout [ 1507.765493] Bluetooth: hci1 sending frame failed (-49) [ 1509.600298] Bluetooth: hci0 command 0x1009 tx timeout [ 1509.840143] Bluetooth: hci1 command 0x1009 tx timeout [ 1512.880201] net_ratelimit: 26 callbacks suppressed [ 1512.885204] protocol 88fb is buggy, dev hsr_slave_0 [ 1512.890291] protocol 88fb is buggy, dev hsr_slave_1 [ 1512.895400] protocol 88fb is buggy, dev hsr_slave_0 [ 1512.900464] protocol 88fb is buggy, dev hsr_slave_1 [ 1513.440219] protocol 88fb is buggy, dev hsr_slave_0 [ 1513.445346] protocol 88fb is buggy, dev hsr_slave_1 [ 1513.450417] protocol 88fb is buggy, dev hsr_slave_0 [ 1513.455499] protocol 88fb is buggy, dev hsr_slave_1 [ 1513.460606] protocol 88fb is buggy, dev hsr_slave_0 [ 1513.465635] protocol 88fb is buggy, dev hsr_slave_1 11:44:12 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x7) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xc000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x0, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x61}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 11:44:12 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r5, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0xe0, r6, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x48, 0x5, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x803}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa9}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_NET={0x14, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xe3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}]}, @TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x10}, 0x8000) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0xcce5001707de09c8, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xc20003) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x42004, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0xff, 0x1, 0x2, 0x0, 0x17, 0x1, 0xfa, 0x0, 0x1f, 0x1, 0x8, 0x89}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 11:44:12 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:44:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$GIO_FONT(r2, 0x4b60, &(0x7f00000000c0)=""/176) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:44:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="0904940b", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000000c0)={r5, 0xb21}, 0x14) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000000)={0x5, 0x20f, 0xffffff7f, 0x10000, r5}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x401, 0x10009, 0x2ca, 0x401, r6}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = dup2(r7, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r8, 0x80045301, &(0x7f0000000140)) 11:44:12 executing program 5: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) ioctl$TIOCNOTTY(r0, 0x5422) [ 1514.162481] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6945 comm=syz-executor.4 11:44:12 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r4, &(0x7f0000000380)=@hci, 0x80) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r4, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r7}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r11 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r11, &(0x7f0000000380)=@hci, 0x80) r12 = socket$netlink(0x10, 0x3, 0x0) r13 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r13, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r14, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r11, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r14}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'veth0\xfe\xff\xffA\xdf\xff\xff\xff\x00', r14}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r15, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:12 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000440)='/selinux/policy\x00', 0x0, 0x0) connect(r1, &(0x7f0000000380)=@l2={0x1f, 0x100, {0xe, 0x3, 0x1c, 0x9, 0x6, 0x3}, 0xf7, 0x88}, 0x80) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="482000001000050700000000000000000000000091ee1a31645a0c183b3da0", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000140)=0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$llc(r5, &(0x7f0000000300)={0x1a, 0x201, 0x5, 0x61, 0xf8, 0x4}, 0x10) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) perf_event_open(&(0x7f0000000080)={0x0, 0xffffffffffffff69, 0xc7, 0x69, 0x7, 0xff, 0x0, 0x80400001, 0x20000, 0xb, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x80000003, 0x1, @perf_config_ext={0x6, 0x388}, 0x14404, 0x81, 0x4, 0x5, 0x0, 0x0, 0x4}, r7, 0x1, 0xffffffffffffffff, 0x2) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb75bb1346759291752c6ce386315560dcc0bfc9e50bae2f07d2c4b58c81684a168e084231460b5a45fd1644778a597e405779a342e7d96720f9bd21d1c0f561f2fed8aaaf64467a2120114178f2e23e962981666295f4009a72d5893591065deb0b7bc9fd93c94df146e2a842add8f964da8d667bb39343a4a25d12addc5c11d116e18891e4df8e6cb1a46dd85ae47756dee022fcfaec35621c4b5e52b93bc28240d4e46f56db9a79bb6ec622dccf07feea2dc3278a8bc4e01a14096db3542059ae08fb500b978cbc5421a9bc771cce0e52ce22d3d4a48e32ad9f3d3fe8b31bf3b30f4f8d7f64cc2e94a5b6b86d615d7d28bc4fc6a24288298243004e4a04da8c1d6d4e6181e994ed20f7e7fc3c3ba87143087a"], 0x6}}, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$x25(r10, &(0x7f0000000000)={0x9, @null=' \x00'}, 0x12) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000400)=0xfff, 0x4) 11:44:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000000)={0x3, 0x0, [0x0, 0x0, 0x0]}) [ 1514.488360] Bluetooth: Unknown HCI packet type 5e [ 1514.499463] Bluetooth: Unknown HCI packet type 43 [ 1514.528257] Bluetooth: Unknown HCI packet type 5e [ 1514.559941] Bluetooth: Unknown HCI packet type 50 11:44:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000000)=""/42) 11:44:12 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000400)='security.selinux\x00', &(0x7f0000000440)='system_u:object_r:ld_so_cache_t:s0\x00', 0x23, 0x2) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xfffffffffffffed9}, 0x1, 0x0, 0x0, 0x80}, 0x90) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f0000000240)={{&(0x7f0000000000)=""/203, 0xcb}, &(0x7f0000000140)}, 0x20) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000280)=ANY=[@ANYBLOB="000016073ed400"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001fdfffff7ffffffff0000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e0845ccc401831515dcb69cd6912bcf5fee8882edf7dd0603de9694"], 0x80}}, 0x0) [ 1514.586945] Bluetooth: Unknown HCI packet type 5e [ 1514.606300] nla_parse: 19 callbacks suppressed [ 1514.606317] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1514.625518] Bluetooth: Unknown HCI packet type 40 [ 1514.689969] Bluetooth: hci2: Frame reassembly failed (-84) [ 1514.739971] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1514.766687] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:44:12 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000000)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000140)={0x1}, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGRS485(r4, 0x542e, &(0x7f00000000c0)) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="c9f1f560620800"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000010400000001120001060100005691072e124e22e4e039631b740a5e7bb9fcd1"], 0x48}}, 0x0) [ 1514.841401] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1514.854920] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1514.888765] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:44:13 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KDSKBMODE(r4, 0x4b45, &(0x7f0000000000)=0x7) 11:44:13 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = getpid() sched_setscheduler(r4, 0x0, &(0x7f0000000380)) ptrace$setregset(0x4205, r4, 0x3, &(0x7f0000000140)={&(0x7f0000000100)="e4831a6829c7fe5764eaab82773a516a695c91f3afc3b2d33c857af3743eef751ad5486ad88cfc1e58d489794a920c92c2541f64d00f337d66a98c1cebd09c", 0x3f}) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r3) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r5, &(0x7f00000017c0), 0x331, 0x0) 11:44:13 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xb429bd1f4ccd5f53) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 1516.240135] Bluetooth: hci0 command 0x1003 tx timeout [ 1516.245467] Bluetooth: hci0 sending frame failed (-49) [ 1516.480096] Bluetooth: hci1 command 0x1003 tx timeout [ 1516.485417] Bluetooth: hci1 sending frame failed (-49) [ 1516.720136] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1516.720141] Bluetooth: hci2 command 0xfc11 tx timeout [ 1518.320211] Bluetooth: hci0 command 0x1001 tx timeout [ 1518.325507] Bluetooth: hci0 sending frame failed (-49) [ 1518.560165] Bluetooth: hci1 command 0x1001 tx timeout [ 1518.565499] Bluetooth: hci1 sending frame failed (-49) [ 1518.800160] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1518.800164] Bluetooth: hci2 command 0xfc11 tx timeout [ 1519.120209] net_ratelimit: 26 callbacks suppressed [ 1519.125226] protocol 88fb is buggy, dev hsr_slave_0 [ 1519.130280] protocol 88fb is buggy, dev hsr_slave_1 [ 1519.135343] protocol 88fb is buggy, dev hsr_slave_0 [ 1519.140386] protocol 88fb is buggy, dev hsr_slave_1 [ 1519.680263] protocol 88fb is buggy, dev hsr_slave_0 [ 1519.685361] protocol 88fb is buggy, dev hsr_slave_1 [ 1519.690424] protocol 88fb is buggy, dev hsr_slave_0 [ 1519.695440] protocol 88fb is buggy, dev hsr_slave_1 [ 1519.700531] protocol 88fb is buggy, dev hsr_slave_0 [ 1519.705561] protocol 88fb is buggy, dev hsr_slave_1 [ 1520.400233] Bluetooth: hci0 command 0x1009 tx timeout [ 1520.640218] Bluetooth: hci1 command 0x1009 tx timeout 11:44:22 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req={0x4, 0xfffffff7, 0x8000, 0x40}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='x\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:44:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x1, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x3}}, [0x5, 0x8, 0x2, 0x1, 0x5, 0x1ff, 0x1, 0x5, 0x9, 0xa276, 0x100000000, 0x5, 0xe7f, 0x7, 0x7]}, &(0x7f0000000180)=0x100) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:44:23 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x0, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000240)=0xd, 0x34) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\a\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="020000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) 11:44:23 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}, 0xfffffffc}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000000100)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:44:23 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) 11:44:23 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x0, 0x25002) ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000380)=""/126) r2 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r2, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_LOG_STATUS(r4, 0x5646, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_FPEXC(0xc, 0x80) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000240)={0x7, {{0x2, 0x4e21, @remote}}}, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000140)=0xb) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = gettid() ptrace(0x4208, r1) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:44:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x20f) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f00000000c0)={0x0, @reserved}) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) 11:44:23 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000000)=@vsock, 0xff99) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:44:23 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RLINK(r2, &(0x7f0000000000)={0x7, 0x47, 0x2}, 0x7) 11:44:23 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x1, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1525.370095] net_ratelimit: 26 callbacks suppressed [ 1525.370100] protocol 88fb is buggy, dev hsr_slave_0 [ 1525.380404] protocol 88fb is buggy, dev hsr_slave_1 [ 1525.385629] protocol 88fb is buggy, dev hsr_slave_0 [ 1525.390861] protocol 88fb is buggy, dev hsr_slave_1 11:44:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x101000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x1, 0x40000) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f00000000c0)={0x0, {0x3f42, 0x4}}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TCGETA(r4, 0x5405, &(0x7f0000000080)) r5 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KDADDIO(r5, 0x400455c8, 0x10000400000001) 11:44:23 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x6, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x3, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x10000) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r4, 0x1, 0x80, 0x6, @broadcast}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:23 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x4000, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) [ 1525.482091] Bluetooth: hci1: Frame reassembly failed (-84) 11:44:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x10000400000001) 11:44:23 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = dup(r1) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r2, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x7, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$EVIOCSABS2F(r6, 0x401845ef, &(0x7f0000000000)={0x4, 0x2, 0x400, 0x401, 0x9, 0x6}) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) 11:44:23 executing program 4: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) futex(&(0x7f0000000000), 0xd, 0x1, &(0x7f0000000040), &(0x7f0000000080), 0x1) sendmsg$can_bcm(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r2}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) 11:44:23 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001f80)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000640)=""/110}, {&(0x7f0000000800)=""/106, 0xffffff5b}, {&(0x7f0000001480)=""/167}, {&(0x7f0000000180)=""/30}, {&(0x7f0000001540)=""/226}, {&(0x7f0000000240)=""/30}], 0x0, &(0x7f00000016c0)=""/168}, 0x3f}, {{&(0x7f0000001780)=@sco, 0x0, &(0x7f0000001880)=[{&(0x7f0000001800)=""/29}, {&(0x7f0000001840)=""/48}], 0x0, &(0x7f0000003080)=""/4096}, 0x3}, {{&(0x7f00000018c0)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001e00)=[{&(0x7f0000001940)=""/127}, {&(0x7f0000005180)=""/4096}, {&(0x7f00000019c0)=""/50}, {&(0x7f0000001a00)=""/201}, {&(0x7f0000001b00)=""/36}, {&(0x7f0000001b40)=""/129}, {&(0x7f0000001c00)=""/196}, {&(0x7f0000008440)=""/4096}, {&(0x7f0000001d00)=""/238}], 0x0, &(0x7f0000002040)=""/160}, 0x15}], 0x400000000000071, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_ENUM_FRAMESIZES(r5, 0xc02c564a, &(0x7f0000000100)={0x7f, 0x0, 0x3, @discrete={0xfffffffa, 0x9}}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0xfffffffffffffeec, 0x1, 0x1, 0x20, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) preadv(r6, &(0x7f0000000140)=[{&(0x7f0000000100)}, {&(0x7f00000002c0)=""/141, 0x8d}], 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r7, &(0x7f00000017c0), 0x331, 0x0) [ 1525.920103] protocol 88fb is buggy, dev hsr_slave_0 [ 1525.925324] protocol 88fb is buggy, dev hsr_slave_1 [ 1525.930498] protocol 88fb is buggy, dev hsr_slave_0 [ 1525.935606] protocol 88fb is buggy, dev hsr_slave_1 [ 1525.940769] protocol 88fb is buggy, dev hsr_slave_0 [ 1525.945815] protocol 88fb is buggy, dev hsr_slave_1 [ 1527.440443] Bluetooth: hci0 command 0x1003 tx timeout [ 1527.445758] Bluetooth: hci0 sending frame failed (-49) [ 1527.520114] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 1527.520153] Bluetooth: hci1 command 0xfc11 tx timeout [ 1529.520196] Bluetooth: hci0 command 0x1001 tx timeout [ 1529.525477] Bluetooth: hci0 sending frame failed (-49) [ 1531.600178] net_ratelimit: 26 callbacks suppressed [ 1531.605243] protocol 88fb is buggy, dev hsr_slave_0 [ 1531.610450] protocol 88fb is buggy, dev hsr_slave_1 [ 1531.615665] protocol 88fb is buggy, dev hsr_slave_0 [ 1531.620817] protocol 88fb is buggy, dev hsr_slave_1 [ 1531.626026] Bluetooth: hci0 command 0x1009 tx timeout [ 1532.160245] protocol 88fb is buggy, dev hsr_slave_0 [ 1532.165426] protocol 88fb is buggy, dev hsr_slave_1 [ 1532.170568] protocol 88fb is buggy, dev hsr_slave_0 [ 1532.175625] protocol 88fb is buggy, dev hsr_slave_1 [ 1532.180757] protocol 88fb is buggy, dev hsr_slave_0 [ 1532.185813] protocol 88fb is buggy, dev hsr_slave_1 11:44:33 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000004c0)="f21d8385fff33477", 0x8) openat$null(0xffffffffffffff9c, &(0x7f0000000440)='/dev/null\x00', 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000880)="3ced01712ebbbbb101f33c4ca2403832096d9ae11ceb2e42972c9b06e8a891d536cc267d1fc23e84a952f0eb9a6f940f75c4c42924d310fcecb6ff62d3525f4df1e21b32dd753a953affdc61c026982d62f44cb2c62db352d941181b368a8819658531d1595c8cb3f71ddaea75e1d8000aabc16a090196514732ad05fef9d554da", 0x4b}, {&(0x7f0000000940), 0x289}], 0x1000000000000075}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000380)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0xc8002}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)=@delchain={0x40, 0x65, 0x200, 0x70bd25, 0x25dfdbff, {}, [@TCA_RATE={0x8}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}]}, 0x40}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x1}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) 11:44:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000000380)=@hci, 0x80) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r4}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) fcntl$setlease(r1, 0x400, 0x1) r5 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x20, 0x80000) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r5, 0x28, 0x6, &(0x7f0000000140)={0x0, 0x2710}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 11:44:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) 11:44:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r3 = dup2(0xffffffffffffffff, r0) getsockopt$netlink(r3, 0x10e, 0x6, &(0x7f0000000800)=""/149, &(0x7f0000000240)=0x95) r4 = open(0x0, 0x0, 0x4) r5 = getpid() r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KVM_S390_INTERRUPT_CPU(r7, 0x4010ae94, &(0x7f0000000340)={0x3, 0x10000, 0x686}) sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x63, &(0x7f0000000100)={'icmp6\x00'}, &(0x7f0000000140)=0x1e) r8 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r8, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r10, 0x407, 0x0) write(r10, &(0x7f0000000340), 0x41395527) vmsplice(r9, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000002c0)=""/65, 0x41}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000001480)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0x5}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0xfffffffffffffc91}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000000180)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0x103}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x37}, {&(0x7f00000013c0)=""/31, 0xffffffffffffffb5}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/107, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00), 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r11, &(0x7f00000017c0), 0x331, 0x0) 11:44:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x8, 0x200000) bind$bt_hci(r3, &(0x7f0000000140)={0x1f, r2, 0x3}, 0xc) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000000)={{0x8, 0x7}, 0x5}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x200000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f00000006c0)='fou\x00') sendmsg$FOU_CMD_DEL(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r6, 0x101, 0x0, 0x0, {}, [@FOU_ATTR_PORT={0x8}]}, 0x1c}}, 0x0) sendmsg$FOU_CMD_GET(r4, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x44, r6, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @remote}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0xbe}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_AF={0x8, 0x2, 0xa}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x14020004) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) ioctl$FIGETBSZ(r7, 0x2, &(0x7f00000002c0)) 11:44:33 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') sendmsg$TEAM_CMD_OPTIONS_SET(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x20, r10, 0x21, 0x0, 0x0, {}, [{{0x8}, {0x4}}]}, 0x20}}, 0x0) r11 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r11, &(0x7f0000000380)=@hci, 0x80) r12 = socket$netlink(0x10, 0x3, 0x0) r13 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r13, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e00)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r14, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b01fc0a3047ad37f619ab4c37bb019d03e6e3d5ece9baf24902019a46fd61d84f6494c0b7fd23be2307df3215c621407dd64a8c86d9df442902d112fd6ca28820a01696965ed109f666c314480e73aac68dde9ba7dedfb6365517a1aad8cd5ee5b270e337cf606a3bfa5b0d6ee4bec5a9c6e6f8a6a39b0f263cadccc5183637b21fe31bc619723a481c9ad0997f53bea9505d330536231a6c1b12c337c54491bb64cbce6621441cd0fe55c764a7f5c0cdabe828d19a1026dd8ec78265f07f18075d03b422e35acf891d4a4f3f"], 0x48}}, 0x0) sendmsg$can_bcm(r11, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r14}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB="000000001fc400"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) r15 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r15, &(0x7f0000000380)=@hci, 0x80) r16 = socket$netlink(0x10, 0x3, 0x0) r17 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r17, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r17, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r16, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r18, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r15, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r18}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r19 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r19, &(0x7f0000000380)=@hci, 0x80) r20 = socket$netlink(0x10, 0x3, 0x0) r21 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r21, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r21, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r20, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r22, @ANYBLOB="00005df3fdfd62d7cef727000000000000280012000c00010076657468000000001800026beb00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r19, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r22}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r23 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r23, &(0x7f0000000380)=@hci, 0x80) r24 = socket$netlink(0x10, 0x3, 0x0) r25 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r25, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xfffffffffffffe68}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) getsockname$packet(r25, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r24, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r26, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r23, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r26}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000000000005deca2c94acb507247cc3684d1523429384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"], 0x80}}, 0x0) r27 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r27, &(0x7f0000000380)=@hci, 0x80) r28 = socket$netlink(0x10, 0x3, 0x0) r29 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r29, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r29, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r28, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r30, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r27, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r30}, 0x10, &(0x7f0000000600)={&(0x7f0000000f80)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100080000000000000000005deca2c94acb507247cc3684d1523426a929384a26451e759291752c6ce3863155ebd1c4b58c81684a168e089331efabec05890ce42f6da3d13a46d8490fb1b0470f610df326f2d296454fd52a78f9099e41ee1bd64c321450246fd5e91c490a167817fd49566a80ed74d607ea55f6ff06f35079d7fb3d75376530ec629bcca128e8853e03ebcf4775ddd99b6e618a6a114c483e24310e64f3c0f782"], 0x80}}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f0000000680)={0x77c, r10, 0x5, 0x70bd25, 0x25dfdbfc, {}, [{{0x8, 0x1, r14}, {0x1ec, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0xffff}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0xfffffff8}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r18}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x14, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r5}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r5}, {0xbc, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r22}, {0x1c8, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r26}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0xfffffffe}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x279, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x4}}}]}}, {{0x8, 0x1, r30}, {0xf8, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x14, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x9}}}]}}, {{0x8, 0x1, r2}, {0x1d8, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0xff}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x40}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'roundrobin\x00'}}}]}}]}, 0x77c}, 0x1, 0x0, 0x0, 0x3}, 0x8000) [ 1535.898953] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1535.935019] Bluetooth: hci0: Frame reassembly failed (-84) [ 1535.961769] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. 11:44:34 executing program 4: syz_open_procfs(0x0, &(0x7f00000007c0)='io\x00\xe3\xfc\x0e\xe9t\xd2\xcbO\x1crY\xac\xe1$\xb5\x91\xd1\xed\xccU{\xcc\xa5%\x88>\xd2\x8e\xa9k\x0fg\x03\xd5\xd6)\xc2\x87\x1eT\xf5\xa7N+\xb2U\xe1gc\xcd[\x90\xbd\xe1\x89{\xea\xa4\xe4\x9a\xba\xe0\xc8\xa2K|\x04w\xe6\rR!\xe8\xd6\aN\xb0\x8aK\xc8\x97\xc3\xfeY%\x04\xac\x8e\x89\xc1\xbfM\x04\xa4\n\xcdC\x17\xfd\xfa]\x8a$}\x87\xb9\xba\x1b\x9a)\x81\x00\x00\x00\x00\x00\x00\x00\tZ\xced\xac\x99\xb7\x00\x95\x9c`&\x18{-\'\x8fk\xd7\xb3\xd9\xd8$\x17\xc5\xf0\xb8\x81\xa8J\xdd\x9d\xb7\x80\xfc\xf1w\xa3\xf8c\xa6u\xdbgCuz6S\xe2[\x01\xaf\xa4vF\xd3\xa6\xdf \xbb\xd1?\xef\xdfn\x1d\xb8@6e\xfc\xbb\x17\xd7\x97B \xb8\x1c\x9b\x95i\xde0\a3\xcc\xb0\xf8\x1a<\x92\xbc\xab\x8a\xde\xa2\xd3\xf2\xf2\'\xf1\xb5m\xfc7\x8c\x83\xe3\t\x90y2\xb9+\xaf}\xd1\xdc\xfa\xbe\xe9>7\x90\x1fZ\xfa\t\n\xd1\xef\t\xe7j\xe0o\x8e$\xd2\xc6\x8a\x96`\x8a{k3\r\xe2}3Z\x83\x90:\xc7\xca\xecr\x17\xf5\xa7\xb2\x01d\x1a\xec\x96W\x93\x0e\x985D!\x7f\xba\xbe4\xe6I\x9a[\x8f\xcd\x10c\xe7\xbe\x0egu\xc7U\x9e\a\xb6\t\x1f\xc1z\xba\x95f\xbb\x96\x11\xeb\x04pYh\x88\x8f\xe6A:\xd0\b\xe5\xcb\xb7A\x92S\xa4/p\"r@\xc5\x9c\x05\x9c\xeb{<\x8b\xc3\xb7\x8d\x87\x9c.\xdb-P2\x1br\xabL\xc2He<\xdd\xd86\r\xb7\xfc\x91\xf4\xd9\x91|\xa7\xb7\x14\x81\x95DnJE\x96=\xa7\x99\xe8\x84\x87\x92\xd4\xfc?o\x85\xe2#\xba&X\xe7\xa2\x9e>N\x02 \xb8\x81o-\xe5\xea\xfe\xb8@E!\xce\x9e\xb7\t\xacG\xd1\xe3\x97\xe3\xa2}@i#\xf0\xe98\x03[7^\x7fA\xb7/\xadX\xfe\xad\xa2\xdeU\xf2\x8dD\xd31\"nW\xb1\xb9$\x8eV(C\x9eZ\x98*\x00B\xd1\xe1\x85F\xa2D\x1b\xcc\xda\xdcB\t\xd2k\xca>I\xba|\xb8\xa1aRq\x7f,Z\x9e\x97\x90\xd0>\xb1\xdf\x19o9\x04\xd7vwK\xbb\x17\x02\xcb\b\xec\xb7\xb9c#\x821\xb0\xe5\xc5\xc0gUQe\x1d\al\xeaL9\x87\x00\x03N\xf3H\xbfO\xae\xacP\x10\x94\xd8\x04\x11\xb2hZ\x17\xb7 b\x14\xd8\xa9\xc1\xec5O\xb0h\x10\xd68\xd0\xc4\xdcf\xa1k\x98\x17*\x1aZ\xe2-\xeb\xbd\xb6\xcc\x1d\xb4WE\x06\xa2\x11\a\x87Z\xdc\xae\xff\xc5O\xb2\xdc\xb0\x99\xcbWB_I,\am\xc4j\x9a\xe96#\xaaD\xd5\x97y\x06\f\xb3\x9c') recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfdbc7f3278ee7c4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) openat$selinux_user(0xffffffffffffff9c, 0x0, 0x2, 0x0) write(0xffffffffffffffff, &(0x7f00000005c0)="f9a26ed3feff7ce648593d3a06931d31627afb76f259c8f904ae0881f0d2", 0x1e) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000340)='net/igmp6\x00\xf2\x9f9\x9f\x11\x9fS\xc5\xffL\xe5\x06W\x92\x12b\x1cc%\xf9S\xe9u\x9f\x9d_\xfbd}\xec\xd6\x14.\x86\xc9\"\x81*\x8d>/\xcb\xa7\xc2\x99\t\x13\x15\"\x95\x91^\xc7\x8c\xa5\xeb\x86CiV\xady\xe5\x84\x83\xac\x04\x04O\xda\xf0\x0f') getuid() r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000140)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffff9}) ptrace$getsig(0x8, r1, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfffffefffffbf3bc, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 11:44:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_open_pts(r0, 0x8000) ioctl$KDADDIO(r0, 0x400455c8, 0x10000400000001) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f0000000240)={0xb, @raw_data="de644a9de9f3a337d51b289461cd2b906cfc7be4c2166423d309ebe06a123b96eab9d2be400e4282fcf0884f5d61b9453cfbaeb1cfc2b255601b6ff985bdbec2f973375c2c5cace82d3f40f0b7747de848588bf4b6f2d79db7c120e43cd1f28328276316b4c99ea6dc7b7870bcd91d460c3d7bd0883fbfcab979fa9c06d70c45fd3a05eda941cfa3aa386a23a45473fa5e33c6b2562c119d0e257a74d4b5f0f415abdc14fdd87317995244d2c3940e2a82f8eae359f598c582609f51bffc987360bacb599d096365"}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r4) ioctl$VIDIOC_QUERYCTRL(r4, 0xc0445624, &(0x7f0000000340)={0x5, 0x18d, "705ed748fce767114f14f4517b0666e60ad5f8bcb26e4211aef6e89ab9172e77", 0x1, 0x80000000, 0x8, 0x5, 0x8}) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000000c0)={r6, 0xb21}, 0x14) setsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000000)={r6, 0x3, 0x1ff, 0xe5ef}, 0x10) socket$rds(0x15, 0x5, 0x0) [ 1536.063068] Bluetooth: Unknown HCI packet type 5e [ 1536.073328] Bluetooth: Unknown HCI packet type 43 [ 1536.080292] Bluetooth: Unknown HCI packet type 5e [ 1536.085893] Bluetooth: Unknown HCI packet type 50 [ 1536.091507] Bluetooth: Unknown HCI packet type 5e [ 1536.098566] Bluetooth: Unknown HCI packet type 40 [ 1536.128344] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1536.149764] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1536.187710] ptrace attach of "/root/syz-executor.4"[10258] was attempted by "/root/syz-executor.4"[7126] [ 1536.209421] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1536.245315] ptrace attach of "/root/syz-executor.4"[10258] was attempted by "/root/syz-executor.4"[7126] 11:44:34 executing program 4: 11:44:34 executing program 4: [ 1536.372869] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:44:34 executing program 4: [ 1536.442944] Bluetooth: Error in BCSP hdr checksum [ 1536.445216] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1536.473032] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:44:34 executing program 4: [ 1536.554037] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 11:44:34 executing program 4: [ 1536.710594] Bluetooth: Error in BCSP hdr checksum [ 1536.748364] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1537.840160] net_ratelimit: 26 callbacks suppressed [ 1537.840166] protocol 88fb is buggy, dev hsr_slave_0 [ 1537.850213] protocol 88fb is buggy, dev hsr_slave_1 [ 1537.855325] protocol 88fb is buggy, dev hsr_slave_0 [ 1537.860430] protocol 88fb is buggy, dev hsr_slave_1 [ 1538.010171] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 1538.016881] Bluetooth: hci0 command tx timeout [ 1538.031018] Bluetooth: hci0: Frame reassembly failed (-84) [ 1538.036728] Bluetooth: hci0: Frame reassembly failed (-84) [ 1538.080178] Bluetooth: hci1 command 0x1003 tx timeout [ 1538.085456] Bluetooth: hci1 sending frame failed (-49) [ 1538.240079] Bluetooth: hci2 command 0x1003 tx timeout [ 1538.245431] Bluetooth: hci2 sending frame failed (-49) [ 1538.400106] protocol 88fb is buggy, dev hsr_slave_0 [ 1538.405213] protocol 88fb is buggy, dev hsr_slave_1 [ 1538.410367] protocol 88fb is buggy, dev hsr_slave_0 [ 1538.415667] protocol 88fb is buggy, dev hsr_slave_1 [ 1538.420909] protocol 88fb is buggy, dev hsr_slave_0 [ 1538.426015] protocol 88fb is buggy, dev hsr_slave_1 [ 1540.080202] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 1540.080224] Bluetooth: hci0 command 0xfc11 tx timeout [ 1540.160202] Bluetooth: hci1 command 0x1001 tx timeout [ 1540.165535] Bluetooth: hci1 sending frame failed (-49) [ 1540.320197] Bluetooth: hci2 command 0x1001 tx timeout [ 1540.325493] Bluetooth: hci2 sending frame failed (-49) [ 1542.240240] Bluetooth: hci1 command 0x1009 tx timeout [ 1542.400220] Bluetooth: hci2 command 0x1009 tx timeout [ 1544.080229] net_ratelimit: 26 callbacks suppressed [ 1544.085206] protocol 88fb is buggy, dev hsr_slave_0 [ 1544.090265] protocol 88fb is buggy, dev hsr_slave_1 [ 1544.095326] protocol 88fb is buggy, dev hsr_slave_0 [ 1544.100351] protocol 88fb is buggy, dev hsr_slave_1 [ 1544.640179] protocol 88fb is buggy, dev hsr_slave_0 [ 1544.645306] protocol 88fb is buggy, dev hsr_slave_1 [ 1544.650370] protocol 88fb is buggy, dev hsr_slave_0 [ 1544.655390] protocol 88fb is buggy, dev hsr_slave_1 [ 1544.660440] protocol 88fb is buggy, dev hsr_slave_0 [ 1544.665458] protocol 88fb is buggy, dev hsr_slave_1 11:44:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) open(0x0, 0x0, 0x4) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x342c6c90c1ca0859) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r3, 0xc0305616, &(0x7f0000000140)={0x0, {0x5, 0x41}}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000380)=""/192, 0xc0}, {&(0x7f0000007440)=""/4096, 0x1000}, {&(0x7f0000000440)=""/202, 0xca}, {&(0x7f0000000540)=""/136, 0x88}, {&(0x7f0000000600)=""/2, 0x2}, {&(0x7f00000006c0)=""/177, 0xb1}], 0x7}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/187, 0xbb}, {&(0x7f0000000640)}, {&(0x7f0000000940)=""/210, 0xd2}, {0x0}, {&(0x7f0000000a40)=""/74, 0x4a}, {&(0x7f0000000ac0)=""/23, 0x17}, {&(0x7f0000000b00)=""/170, 0xaa}], 0x7, &(0x7f0000004180)=""/4096, 0x1000}, 0x2ec}, {{0x0, 0x0, &(0x7f0000000fc0)=[{0x0}, {&(0x7f0000000c40)=""/147, 0x93}, {&(0x7f0000000d00)=""/164, 0xa4}, {&(0x7f0000000dc0)=""/12, 0xc}, {&(0x7f0000000e00)=""/248, 0xf8}, {&(0x7f0000000f00)=""/67, 0x43}, {&(0x7f0000000f80)=""/62, 0x3e}, {&(0x7f0000006180)=""/4096, 0x1000}], 0x8, &(0x7f0000001040)=""/178, 0xb2}, 0x5}, {{&(0x7f0000001100)=@caif=@util, 0x80, &(0x7f0000002500)=[{&(0x7f0000001180)=""/218, 0xda}, {&(0x7f0000001280)=""/237, 0xed}, {&(0x7f0000001380)=""/7, 0x7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f00000013c0)=""/31, 0x1f}], 0x5}, 0x1}, {{&(0x7f0000002580)=@caif=@rfm, 0x80, &(0x7f0000002880)=[{&(0x7f0000002600)=""/111, 0x6f}, {&(0x7f0000002780)=""/253, 0xfd}], 0x2, &(0x7f00000028c0)=""/225, 0xe1}, 0xd973}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000007340)=""/215, 0xd7}, {&(0x7f0000002bc0)=""/202, 0xca}, {&(0x7f0000002cc0)=""/254, 0xfe}, {&(0x7f0000002dc0)=""/5, 0x5}], 0x4}, 0x80}, {{&(0x7f0000002ec0)=@nl, 0x80, &(0x7f0000003040)=[{&(0x7f0000001400)=""/108, 0x6c}, {&(0x7f0000002fc0)=""/114, 0x72}], 0x2}, 0x5}], 0x7, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r4, &(0x7f00000017c0), 0x331, 0x0) 11:44:44 executing program 4: 11:44:44 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$packet_int(r1, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x400000000008, 0x26d) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000000)={0x0, 0x0, {0x80000000, 0x5, 0x200b, 0x9, 0xa, 0x2}}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x1f6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r4, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r6, &(0x7f0000000380)=@hci, 0x80) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r6, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r9}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) r10 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r10, &(0x7f0000000380)=@hci, 0x80) r11 = socket$netlink(0x10, 0x3, 0x0) r12 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$can_bcm(r10, &(0x7f00000006c0)={&(0x7f0000000340)={0x1d, r13}, 0x10, &(0x7f0000000600)={&(0x7f0000000540)={0x0, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5deca2c94acb507247cc3684d1523426a929384a26451e7a4ffcd8265ebb8cbb1346759291752c6ce386315560dcc0bfc9e50bae2febd1c4b58c81684a168e08"}}, 0x80}}, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'bridge0\x00', r13}) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r14}, 0x326) sendto$inet6(r0, &(0x7f0000000400)="0503000006023e0001a00000c52cf7c25975e697b02f08066be139f0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a8a0d5ef09c0d82151bbb08d8161b6fd8f24286a57c3fe257c3314a3974b697f0000dcbcb5cbf1c23e35a2d148faa25c70d541e22762e8f6553c", 0x6f, 0x40004, 0x0, 0x0) 11:44:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = getpid() sched_setscheduler(r1, 0x0, &(0x7f0000000380)) r2 = getpgrp(r1) capget(&(0x7f0000000000)={0x20071026, r2}, &(0x7f00000000c0)={0x5, 0x80000001, 0x3, 0x7, 0x1, 0x80000001}) 11:44:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000000)={0x30, 0x5, 0x0, {0x0, 0x0, 0x7fffffff, 0x5}}, 0x30) 11:44:44 executing program 4: [ 1546.154713] nla_parse: 6 callbacks suppressed [ 1546.154718] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1546.195088] Bluetooth: hci0: Frame reassembly failed (-84) [ 1546.221910] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1546.252402] Bluetooth: hci0: Frame reassembly failed (-84) [ 1546.264204] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1546.275626] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1546.722418] ================================================================== [ 1546.730044] BUG: KASAN: use-after-free in kfree_skb+0x2e9/0x340 [ 1546.736129] Read of size 4 at addr ffff888086854764 by task syz-executor.0/7122 [ 1546.743572] [ 1546.745186] CPU: 0 PID: 7122 Comm: syz-executor.0 Not tainted 4.14.151 #0 [ 1546.752087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1546.761424] Call Trace: [ 1546.764005] dump_stack+0x138/0x197 [ 1546.767612] ? kfree_skb+0x2e9/0x340 [ 1546.771310] print_address_description.cold+0x7c/0x1dc [ 1546.776576] ? kfree_skb+0x2e9/0x340 [ 1546.780267] kasan_report.cold+0xa9/0x2af [ 1546.784505] __asan_report_load4_noabort+0x14/0x20 [ 1546.789412] kfree_skb+0x2e9/0x340 [ 1546.792934] bcsp_close+0xc7/0x130 [ 1546.796455] hci_uart_tty_close+0x1cb/0x230 [ 1546.800761] ? hci_uart_close+0x50/0x50 [ 1546.804714] tty_ldisc_close.isra.0+0x99/0xd0 [ 1546.809191] tty_ldisc_kill+0x4b/0xc0 [ 1546.812972] tty_ldisc_release+0xb6/0x230 [ 1546.817116] tty_release_struct+0x1b/0x50 [ 1546.821292] tty_release+0xaa3/0xd60 [ 1546.824992] ? put_tty_driver+0x20/0x20 [ 1546.828946] __fput+0x275/0x7a0 [ 1546.832208] ____fput+0x16/0x20 [ 1546.835467] task_work_run+0x114/0x190 [ 1546.839335] exit_to_usermode_loop+0x1da/0x220 [ 1546.843897] do_syscall_64+0x4bc/0x640 [ 1546.847765] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1546.852591] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1546.857765] RIP: 0033:0x413ae1 [ 1546.860957] RSP: 002b:00007ffcf10abfa0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1546.868656] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413ae1 [ 1546.875918] RDX: 0000001b32620000 RSI: 0000000000000f9a RDI: 0000000000000003 [ 1546.883176] RBP: 0000000000000001 R08: 00000000a58e0f9b R09: ffffffffffffffff [ 1546.890425] R10: 00007ffcf10ac080 R11: 0000000000000293 R12: 000000000075c9a0 [ 1546.897672] R13: 000000000075c9a0 R14: 0000000000761148 R15: 000000000075bf2c [ 1546.904928] [ 1546.906536] Allocated by task 7714: [ 1546.910148] save_stack_trace+0x16/0x20 [ 1546.914100] save_stack+0x45/0xd0 [ 1546.917529] kasan_kmalloc+0xce/0xf0 [ 1546.921219] kasan_slab_alloc+0xf/0x20 [ 1546.925085] kmem_cache_alloc_node+0x144/0x780 [ 1546.929645] __alloc_skb+0x9c/0x500 [ 1546.933259] bcsp_recv+0x38a/0x1450 [ 1546.936863] hci_uart_tty_receive+0x1f4/0x4d0 [ 1546.941338] tty_ldisc_receive_buf+0x14d/0x1a0 [ 1546.945895] tty_port_default_receive_buf+0x73/0xa0 [ 1546.950897] flush_to_ldisc+0x1ec/0x400 [ 1546.954870] process_one_work+0x863/0x1600 [ 1546.959100] worker_thread+0x5d9/0x1050 [ 1546.963050] kthread+0x319/0x430 [ 1546.966396] ret_from_fork+0x24/0x30 [ 1546.970086] [ 1546.971697] Freed by task 7714: [ 1546.974957] save_stack_trace+0x16/0x20 [ 1546.978928] save_stack+0x45/0xd0 [ 1546.982368] kasan_slab_free+0x75/0xc0 [ 1546.986250] kmem_cache_free+0x83/0x2b0 [ 1546.990204] kfree_skbmem+0xac/0x120 [ 1546.993894] kfree_skb+0xbd/0x340 [ 1546.997331] bcsp_recv+0x28c/0x1450 [ 1547.000943] hci_uart_tty_receive+0x1f4/0x4d0 [ 1547.005430] tty_ldisc_receive_buf+0x14d/0x1a0 [ 1547.010008] tty_port_default_receive_buf+0x73/0xa0 [ 1547.015022] flush_to_ldisc+0x1ec/0x400 [ 1547.018974] process_one_work+0x863/0x1600 [ 1547.023186] worker_thread+0x5d9/0x1050 [ 1547.027135] kthread+0x319/0x430 [ 1547.030481] ret_from_fork+0x24/0x30 [ 1547.034169] [ 1547.035776] The buggy address belongs to the object at ffff888086854680 [ 1547.035776] which belongs to the cache skbuff_head_cache of size 232 [ 1547.048934] The buggy address is located 228 bytes inside of [ 1547.048934] 232-byte region [ffff888086854680, ffff888086854768) [ 1547.061232] The buggy address belongs to the page: [ 1547.066147] page:ffffea00021a1500 count:1 mapcount:0 mapping:ffff888086854040 index:0x0 [ 1547.074286] flags: 0x1fffc0000000100(slab) [ 1547.078516] raw: 01fffc0000000100 ffff888086854040 0000000000000000 000000010000000c [ 1547.086389] raw: ffffea00029c54e0 ffffea0001469e60 ffff8880a9e1aa80 0000000000000000 [ 1547.094245] page dumped because: kasan: bad access detected [ 1547.099928] [ 1547.101533] Memory state around the buggy address: [ 1547.106438] ffff888086854600: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 1547.113772] ffff888086854680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1547.121108] >ffff888086854700: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 1547.128441] ^ [ 1547.134912] ffff888086854780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1547.142249] ffff888086854800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1547.149584] ================================================================== [ 1547.156919] Disabling lock debugging due to kernel taint [ 1547.166511] Kernel panic - not syncing: panic_on_warn set ... [ 1547.166511] [ 1547.173888] CPU: 1 PID: 7122 Comm: syz-executor.0 Tainted: G B 4.14.151 #0 [ 1547.182011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1547.191368] Call Trace: [ 1547.194058] dump_stack+0x138/0x197 [ 1547.197667] ? kfree_skb+0x2e9/0x340 [ 1547.201362] panic+0x1f9/0x42d [ 1547.204533] ? add_taint.cold+0x16/0x16 [ 1547.208492] ? ___preempt_schedule+0x16/0x18 [ 1547.212885] kasan_end_report+0x47/0x4f [ 1547.216835] kasan_report.cold+0x130/0x2af [ 1547.221112] __asan_report_load4_noabort+0x14/0x20 [ 1547.226015] kfree_skb+0x2e9/0x340 [ 1547.229534] bcsp_close+0xc7/0x130 [ 1547.233052] hci_uart_tty_close+0x1cb/0x230 [ 1547.237347] ? hci_uart_close+0x50/0x50 [ 1547.241297] tty_ldisc_close.isra.0+0x99/0xd0 [ 1547.245825] tty_ldisc_kill+0x4b/0xc0 [ 1547.249600] tty_ldisc_release+0xb6/0x230 [ 1547.253737] tty_release_struct+0x1b/0x50 [ 1547.257899] tty_release+0xaa3/0xd60 [ 1547.261589] ? put_tty_driver+0x20/0x20 [ 1547.265539] __fput+0x275/0x7a0 [ 1547.268833] ____fput+0x16/0x20 [ 1547.272089] task_work_run+0x114/0x190 [ 1547.275954] exit_to_usermode_loop+0x1da/0x220 [ 1547.280511] do_syscall_64+0x4bc/0x640 [ 1547.284373] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1547.289196] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1547.294360] RIP: 0033:0x413ae1 [ 1547.297526] RSP: 002b:00007ffcf10abfa0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1547.305206] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413ae1 [ 1547.312451] RDX: 0000001b32620000 RSI: 0000000000000f9a RDI: 0000000000000003 [ 1547.319695] RBP: 0000000000000001 R08: 00000000a58e0f9b R09: ffffffffffffffff [ 1547.326938] R10: 00007ffcf10ac080 R11: 0000000000000293 R12: 000000000075c9a0 [ 1547.334182] R13: 000000000075c9a0 R14: 0000000000761148 R15: 000000000075bf2c [ 1547.342771] Kernel Offset: disabled [ 1547.346390] Rebooting in 86400 seconds..