944] Bluetooth: hci0: sending frame failed (-49) [ 2194.195507][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2194.201551][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2196.275368][T11760] Bluetooth: hci0: command 0x1009 tx timeout 12:57:05 executing program 2 (fault-call:6 fault-nth:45): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:57:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001400123c0b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:57:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000b60300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3900, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000feff0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2200.554035][T15373] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2200.562782][T15373] FAULT_INJECTION: forcing a failure. [ 2200.562782][T15373] name failslab, interval 1, probability 0, space 0, times 0 [ 2200.575964][T15373] CPU: 1 PID: 15373 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2200.587571][T15373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2200.597595][T15373] Call Trace: [ 2200.600860][T15373] dump_stack+0x1d8/0x24e [ 2200.605163][T15373] ? devkmsg_release+0x11c/0x11c [ 2200.610088][T15373] ? show_regs_print_info+0x12/0x12 [ 2200.615266][T15373] ? mutex_unlock+0x19/0x40 [ 2200.619749][T15373] ? kernfs_xattr_get+0x81/0x90 [ 2200.624579][T15373] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2200.630618][T15373] should_fail+0x6f6/0x860 [ 2200.635015][T15373] ? setup_fault_attr+0x3d0/0x3d0 [ 2200.640021][T15373] ? __kernfs_new_node+0x99/0x6d0 [ 2200.645029][T15373] should_failslab+0x5/0x20 [ 2200.649526][T15373] __kmalloc_track_caller+0x5d/0x2e0 [ 2200.654794][T15373] kstrdup_const+0x51/0x90 [ 2200.659182][T15373] __kernfs_new_node+0x99/0x6d0 [ 2200.664009][T15373] ? mutex_lock+0xa6/0x110 [ 2200.668398][T15373] ? kernfs_new_node+0x160/0x160 [ 2200.673312][T15373] ? kernfs_activate+0x3fc/0x420 [ 2200.678222][T15373] kernfs_new_node+0x95/0x160 [ 2200.682873][T15373] kernfs_create_link+0x9c/0x1f0 [ 2200.687781][T15373] sysfs_do_create_link_sd+0x85/0x100 [ 2200.693127][T15373] device_add+0x989/0x18a0 [ 2200.697540][T15373] ? get_device+0x30/0x30 [ 2200.701841][T15373] ? mutex_lock+0xa6/0x110 [ 2200.706233][T15373] ? virtual_device_parent+0x50/0x50 [ 2200.711504][T15373] ? device_initialize+0x1d3/0x3e0 [ 2200.716588][T15373] rfkill_register+0x180/0x720 [ 2200.721339][T15373] hci_register_dev+0x398/0x710 [ 2200.726168][T15373] hci_uart_tty_ioctl+0x89e/0xa10 [ 2200.731165][T15373] ? hci_uart_tty_write+0x10/0x10 [ 2200.736160][T15373] tty_ioctl+0xf68/0x1710 [ 2200.740487][T15373] ? tty_do_resize+0x170/0x170 [ 2200.745247][T15373] ? avc_ss_reset+0x3a0/0x3a0 [ 2200.749900][T15373] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2200.756025][T15373] ? refcount_inc_checked+0x50/0x50 [ 2200.761196][T15373] ? proc_fail_nth_write+0x1d5/0x240 [ 2200.766454][T15373] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2200.771623][T15373] ? check_preemption_disabled+0x9e/0x330 [ 2200.777317][T15373] ? memset+0x1f/0x40 [ 2200.781272][T15373] ? fsnotify+0x1332/0x13f0 [ 2200.785756][T15373] ? tty_do_resize+0x170/0x170 [ 2200.790495][T15373] do_vfs_ioctl+0x76a/0x1720 [ 2200.795063][T15373] ? selinux_file_ioctl+0x72f/0x990 [ 2200.800238][T15373] ? ioctl_preallocate+0x250/0x250 [ 2200.805323][T15373] ? __fget+0x37b/0x3c0 [ 2200.809457][T15373] ? fget_many+0x20/0x20 [ 2200.813672][T15373] ? do_syscall_64+0x1e0/0x1e0 [ 2200.818410][T15373] ? security_file_ioctl+0x9d/0xb0 [ 2200.823501][T15373] __x64_sys_ioctl+0xd4/0x110 [ 2200.828153][T15373] do_syscall_64+0xcb/0x1e0 [ 2200.832636][T15373] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2200.838516][T15373] RIP: 0033:0x7f041403f739 [ 2200.842908][T15373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2200.862480][T15373] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2200.870864][T15373] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2200.878809][T15373] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2200.886750][T15373] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2200.894694][T15373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 12:57:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012440b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2200.902640][T15373] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2200.933813][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 12:57:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000c00300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012480b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001400124c0b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000ffff0300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2202.994987][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2203.001025][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2205.074866][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2205.080953][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2207.154766][T11760] Bluetooth: hci0: command 0x1009 tx timeout 12:57:16 executing program 2 (fault-call:6 fault-nth:46): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:57:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012570b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000c20300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:57:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3c00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800400010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2211.428603][T15412] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2211.440515][T15412] FAULT_INJECTION: forcing a failure. [ 2211.440515][T15412] name failslab, interval 1, probability 0, space 0, times 0 [ 2211.453614][T15412] CPU: 0 PID: 15412 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2211.465222][T15412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2211.475516][T15412] Call Trace: [ 2211.478797][T15412] dump_stack+0x1d8/0x24e [ 2211.483104][T15412] ? devkmsg_release+0x11c/0x11c [ 2211.488014][T15412] ? mutex_unlock+0x19/0x40 [ 2211.492501][T15412] ? show_regs_print_info+0x12/0x12 [ 2211.497674][T15412] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2211.503717][T15412] should_fail+0x6f6/0x860 [ 2211.508118][T15412] ? setup_fault_attr+0x3d0/0x3d0 [ 2211.513112][T15412] ? _raw_spin_lock+0xa3/0x1b0 [ 2211.517843][T15412] ? __kernfs_new_node+0xdb/0x6d0 [ 2211.522838][T15412] should_failslab+0x5/0x20 [ 2211.527313][T15412] kmem_cache_alloc+0x36/0x290 [ 2211.532055][T15412] __kernfs_new_node+0xdb/0x6d0 [ 2211.536882][T15412] ? mutex_lock+0xa6/0x110 [ 2211.541275][T15412] ? kernfs_new_node+0x160/0x160 [ 2211.546194][T15412] ? kernfs_activate+0x3fc/0x420 [ 2211.551110][T15412] kernfs_new_node+0x95/0x160 [ 2211.555763][T15412] __kernfs_create_file+0x45/0x260 [ 2211.560850][T15412] sysfs_add_file_mode_ns+0x293/0x340 [ 2211.566192][T15412] internal_create_group+0x560/0xf10 [ 2211.571453][T15412] ? sysfs_create_group+0x20/0x20 [ 2211.576452][T15412] sysfs_create_groups+0x5d/0x130 [ 2211.581452][T15412] device_add+0xa51/0x18a0 [ 2211.585843][T15412] ? get_device+0x30/0x30 [ 2211.590144][T15412] ? mutex_lock+0xa6/0x110 [ 2211.594531][T15412] ? virtual_device_parent+0x50/0x50 [ 2211.599784][T15412] ? device_initialize+0x1d3/0x3e0 [ 2211.604865][T15412] rfkill_register+0x180/0x720 [ 2211.609602][T15412] hci_register_dev+0x398/0x710 [ 2211.614428][T15412] hci_uart_tty_ioctl+0x89e/0xa10 [ 2211.619428][T15412] ? hci_uart_tty_write+0x10/0x10 [ 2211.624426][T15412] tty_ioctl+0xf68/0x1710 [ 2211.628728][T15412] ? tty_do_resize+0x170/0x170 [ 2211.633461][T15412] ? avc_ss_reset+0x3a0/0x3a0 [ 2211.638106][T15412] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2211.644229][T15412] ? refcount_inc_checked+0x50/0x50 [ 2211.649397][T15412] ? proc_fail_nth_write+0x1d5/0x240 [ 2211.654649][T15412] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2211.659819][T15412] ? check_preemption_disabled+0x9e/0x330 [ 2211.665507][T15412] ? memset+0x1f/0x40 [ 2211.669457][T15412] ? fsnotify+0x1332/0x13f0 [ 2211.673932][T15412] ? tty_do_resize+0x170/0x170 [ 2211.678664][T15412] do_vfs_ioctl+0x76a/0x1720 [ 2211.683239][T15412] ? selinux_file_ioctl+0x72f/0x990 [ 2211.688421][T15412] ? ioctl_preallocate+0x250/0x250 [ 2211.693516][T15412] ? __fget+0x37b/0x3c0 [ 2211.697654][T15412] ? fget_many+0x20/0x20 [ 2211.701876][T15412] ? do_syscall_64+0x1e0/0x1e0 [ 2211.706619][T15412] ? security_file_ioctl+0x9d/0xb0 [ 2211.711709][T15412] __x64_sys_ioctl+0xd4/0x110 [ 2211.716364][T15412] do_syscall_64+0xcb/0x1e0 [ 2211.720841][T15412] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2211.726709][T15412] RIP: 0033:0x7f041403f739 [ 2211.731097][T15412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2211.750793][T15412] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2211.759176][T15412] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2211.767122][T15412] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2211.775069][T15412] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2211.783012][T15412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2211.790957][T15412] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2211.819527][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 12:57:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800500010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000c40300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000001140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800900010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2212.065405][T15440] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2213.874454][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2213.880490][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2215.954319][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2215.960352][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2218.034179][T18059] Bluetooth: hci0: command 0x1009 tx timeout 12:57:27 executing program 2 (fault-call:6 fault-nth:47): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:57:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800a00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000da0300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r2, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:57:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000002140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2222.315234][T15468] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2222.323723][T15468] FAULT_INJECTION: forcing a failure. [ 2222.323723][T15468] name failslab, interval 1, probability 0, space 0, times 0 [ 2222.339538][T15468] CPU: 0 PID: 15468 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2222.351153][T15468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2222.361187][T15468] Call Trace: [ 2222.364461][T15468] dump_stack+0x1d8/0x24e [ 2222.368777][T15468] ? devkmsg_release+0x11c/0x11c [ 2222.373696][T15468] ? mutex_unlock+0x19/0x40 [ 2222.378179][T15468] ? show_regs_print_info+0x12/0x12 [ 2222.383357][T15468] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2222.389401][T15468] should_fail+0x6f6/0x860 [ 2222.393883][T15468] ? setup_fault_attr+0x3d0/0x3d0 [ 2222.398883][T15468] ? _raw_spin_lock+0xa3/0x1b0 [ 2222.403630][T15468] ? __kernfs_new_node+0xdb/0x6d0 [ 2222.408634][T15468] should_failslab+0x5/0x20 [ 2222.413118][T15468] kmem_cache_alloc+0x36/0x290 [ 2222.417875][T15468] __kernfs_new_node+0xdb/0x6d0 [ 2222.422706][T15468] ? mutex_lock+0xa6/0x110 [ 2222.427109][T15468] ? kernfs_new_node+0x160/0x160 [ 2222.432024][T15468] ? kernfs_activate+0x3fc/0x420 [ 2222.436933][T15468] kernfs_new_node+0x95/0x160 [ 2222.441582][T15468] __kernfs_create_file+0x45/0x260 [ 2222.446672][T15468] sysfs_add_file_mode_ns+0x293/0x340 [ 2222.452026][T15468] internal_create_group+0x560/0xf10 [ 2222.457291][T15468] ? sysfs_create_group+0x20/0x20 [ 2222.462295][T15468] sysfs_create_groups+0x5d/0x130 [ 2222.467290][T15468] device_add+0xa51/0x18a0 [ 2222.471681][T15468] ? get_device+0x30/0x30 [ 2222.476007][T15468] ? mutex_lock+0xa6/0x110 [ 2222.480400][T15468] ? virtual_device_parent+0x50/0x50 [ 2222.485665][T15468] ? device_initialize+0x1d3/0x3e0 [ 2222.490760][T15468] rfkill_register+0x180/0x720 [ 2222.495512][T15468] hci_register_dev+0x398/0x710 [ 2222.500349][T15468] hci_uart_tty_ioctl+0x89e/0xa10 [ 2222.505360][T15468] ? hci_uart_tty_write+0x10/0x10 [ 2222.510358][T15468] tty_ioctl+0xf68/0x1710 [ 2222.514660][T15468] ? tty_do_resize+0x170/0x170 [ 2222.519403][T15468] ? avc_ss_reset+0x3a0/0x3a0 [ 2222.524064][T15468] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2222.530195][T15468] ? refcount_inc_checked+0x50/0x50 [ 2222.535377][T15468] ? proc_fail_nth_write+0x1d5/0x240 [ 2222.540646][T15468] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2222.545833][T15468] ? check_preemption_disabled+0x9e/0x330 [ 2222.551528][T15468] ? memset+0x1f/0x40 [ 2222.555488][T15468] ? fsnotify+0x1332/0x13f0 [ 2222.559966][T15468] ? tty_do_resize+0x170/0x170 [ 2222.564704][T15468] do_vfs_ioctl+0x76a/0x1720 [ 2222.569272][T15468] ? selinux_file_ioctl+0x72f/0x990 [ 2222.574441][T15468] ? ioctl_preallocate+0x250/0x250 [ 2222.579526][T15468] ? __fget+0x37b/0x3c0 [ 2222.583649][T15468] ? fget_many+0x20/0x20 [ 2222.587866][T15468] ? do_syscall_64+0x1e0/0x1e0 [ 2222.592610][T15468] ? security_file_ioctl+0x9d/0xb0 [ 2222.597697][T15468] __x64_sys_ioctl+0xd4/0x110 [ 2222.602348][T15468] do_syscall_64+0xcb/0x1e0 [ 2222.606923][T15468] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2222.612790][T15468] RIP: 0033:0x7f041403f739 [ 2222.617176][T15468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2222.636747][T15468] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2222.645130][T15468] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2222.653078][T15468] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2222.661024][T15468] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2222.668973][T15468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2222.676916][T15468] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 12:57:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000e20300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800c00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r2, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2224.753678][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2224.759705][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2226.833574][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2226.839607][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2228.913437][T11760] Bluetooth: hci0: command 0x1009 tx timeout 12:57:38 executing program 2 (fault-call:6 fault-nth:48): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:57:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800d00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000004140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4800, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r2, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2233.190933][T15517] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2233.201690][T15517] FAULT_INJECTION: forcing a failure. [ 2233.201690][T15517] name failslab, interval 1, probability 0, space 0, times 0 [ 2233.214871][T15517] CPU: 1 PID: 15517 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2233.226489][T15517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.236527][T15517] Call Trace: [ 2233.239802][T15517] dump_stack+0x1d8/0x24e [ 2233.244112][T15517] ? devkmsg_release+0x11c/0x11c [ 2233.249023][T15517] ? show_regs_print_info+0x12/0x12 [ 2233.254197][T15517] ? mutex_lock+0xa6/0x110 [ 2233.258597][T15517] should_fail+0x6f6/0x860 [ 2233.262995][T15517] ? setup_fault_attr+0x3d0/0x3d0 [ 2233.268008][T15517] ? kernfs_new_node+0x95/0x160 [ 2233.272833][T15517] ? kernfs_create_link+0x9c/0x1f0 [ 2233.277915][T15517] ? sysfs_do_create_link_sd+0x85/0x100 [ 2233.283442][T15517] ? mutex_lock+0xa6/0x110 [ 2233.287834][T15517] ? __kernfs_new_node+0xdb/0x6d0 [ 2233.292853][T15517] should_failslab+0x5/0x20 [ 2233.297333][T15517] kmem_cache_alloc+0x36/0x290 [ 2233.302081][T15517] __kernfs_new_node+0xdb/0x6d0 [ 2233.306905][T15517] ? kernfs_new_node+0x160/0x160 [ 2233.311819][T15517] ? selinux_path_notify+0x6c0/0x6c0 [ 2233.317078][T15517] ? _raw_spin_lock+0xa3/0x1b0 [ 2233.321814][T15517] kernfs_new_node+0x95/0x160 [ 2233.326466][T15517] __kernfs_create_file+0x45/0x260 [ 2233.331552][T15517] sysfs_add_file_mode_ns+0x293/0x340 [ 2233.336896][T15517] internal_create_group+0x560/0xf10 [ 2233.342159][T15517] ? sysfs_create_group+0x20/0x20 [ 2233.347160][T15517] sysfs_create_groups+0x5d/0x130 [ 2233.352164][T15517] device_add+0xa51/0x18a0 [ 2233.356560][T15517] ? get_device+0x30/0x30 [ 2233.360863][T15517] ? mutex_lock+0xa6/0x110 [ 2233.365252][T15517] ? virtual_device_parent+0x50/0x50 [ 2233.370507][T15517] ? device_initialize+0x1d3/0x3e0 [ 2233.375595][T15517] rfkill_register+0x180/0x720 [ 2233.380332][T15517] hci_register_dev+0x398/0x710 [ 2233.385156][T15517] hci_uart_tty_ioctl+0x89e/0xa10 [ 2233.390157][T15517] ? hci_uart_tty_write+0x10/0x10 [ 2233.395156][T15517] tty_ioctl+0xf68/0x1710 [ 2233.399468][T15517] ? tty_do_resize+0x170/0x170 [ 2233.404203][T15517] ? avc_ss_reset+0x3a0/0x3a0 [ 2233.408862][T15517] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2233.414986][T15517] ? refcount_inc_checked+0x50/0x50 [ 2233.420167][T15517] ? proc_fail_nth_write+0x1d5/0x240 [ 2233.425422][T15517] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2233.430592][T15517] ? check_preemption_disabled+0x9e/0x330 [ 2233.436282][T15517] ? memset+0x1f/0x40 [ 2233.440244][T15517] ? fsnotify+0x1332/0x13f0 [ 2233.444729][T15517] ? tty_do_resize+0x170/0x170 [ 2233.449468][T15517] do_vfs_ioctl+0x76a/0x1720 [ 2233.454037][T15517] ? selinux_file_ioctl+0x72f/0x990 [ 2233.459221][T15517] ? ioctl_preallocate+0x250/0x250 [ 2233.464308][T15517] ? __fget+0x37b/0x3c0 [ 2233.468438][T15517] ? fget_many+0x20/0x20 [ 2233.472659][T15517] ? do_syscall_64+0x1e0/0x1e0 [ 2233.477397][T15517] ? security_file_ioctl+0x9d/0xb0 [ 2233.482478][T15517] __x64_sys_ioctl+0xd4/0x110 [ 2233.487128][T15517] do_syscall_64+0xcb/0x1e0 [ 2233.491607][T15517] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2233.497470][T15517] RIP: 0033:0x7f041403f739 [ 2233.501872][T15517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2233.521457][T15517] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2233.529841][T15517] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2233.537784][T15517] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2233.545725][T15517] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2233.553667][T15517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2233.561611][T15517] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2233.598748][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 12:57:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000700140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4a00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000005140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:57:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800e00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000900140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2235.633418][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2235.639573][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2237.713228][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2237.719269][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2239.793315][T24421] Bluetooth: hci0: command 0x1009 tx timeout 12:57:49 executing program 2 (fault-call:6 fault-nth:49): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:57:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000006140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800f00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2244.068770][T15560] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2244.077656][T15560] FAULT_INJECTION: forcing a failure. [ 2244.077656][T15560] name failslab, interval 1, probability 0, space 0, times 0 [ 2244.091022][T15560] CPU: 0 PID: 15560 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2244.102640][T15560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2244.112678][T15560] Call Trace: [ 2244.115962][T15560] dump_stack+0x1d8/0x24e [ 2244.120277][T15560] ? devkmsg_release+0x11c/0x11c [ 2244.125191][T15560] ? mutex_unlock+0x19/0x40 [ 2244.129673][T15560] ? show_regs_print_info+0x12/0x12 [ 2244.134857][T15560] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2244.140911][T15560] should_fail+0x6f6/0x860 [ 2244.145317][T15560] ? setup_fault_attr+0x3d0/0x3d0 [ 2244.150338][T15560] ? _raw_spin_lock+0xa3/0x1b0 [ 2244.155092][T15560] ? __kernfs_new_node+0xdb/0x6d0 [ 2244.160102][T15560] should_failslab+0x5/0x20 [ 2244.164581][T15560] kmem_cache_alloc+0x36/0x290 [ 2244.169330][T15560] __kernfs_new_node+0xdb/0x6d0 [ 2244.174158][T15560] ? mutex_lock+0xa6/0x110 [ 2244.178644][T15560] ? kernfs_new_node+0x160/0x160 [ 2244.183555][T15560] ? kernfs_activate+0x3fc/0x420 [ 2244.188469][T15560] kernfs_new_node+0x95/0x160 [ 2244.193120][T15560] __kernfs_create_file+0x45/0x260 [ 2244.198211][T15560] sysfs_add_file_mode_ns+0x293/0x340 [ 2244.203658][T15560] internal_create_group+0x560/0xf10 [ 2244.208936][T15560] ? sysfs_create_group+0x20/0x20 [ 2244.213942][T15560] sysfs_create_groups+0x5d/0x130 [ 2244.218941][T15560] device_add+0xa51/0x18a0 [ 2244.223349][T15560] ? get_device+0x30/0x30 [ 2244.227650][T15560] ? mutex_lock+0xa6/0x110 [ 2244.232041][T15560] ? virtual_device_parent+0x50/0x50 [ 2244.237315][T15560] ? device_initialize+0x1d3/0x3e0 [ 2244.242408][T15560] rfkill_register+0x180/0x720 [ 2244.247146][T15560] hci_register_dev+0x398/0x710 [ 2244.251983][T15560] hci_uart_tty_ioctl+0x89e/0xa10 [ 2244.256998][T15560] ? hci_uart_tty_write+0x10/0x10 [ 2244.262014][T15560] tty_ioctl+0xf68/0x1710 [ 2244.266814][T15560] ? tty_do_resize+0x170/0x170 [ 2244.271560][T15560] ? avc_ss_reset+0x3a0/0x3a0 [ 2244.276213][T15560] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2244.282379][T15560] ? refcount_inc_checked+0x50/0x50 [ 2244.287572][T15560] ? proc_fail_nth_write+0x1d5/0x240 [ 2244.292838][T15560] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2244.298018][T15560] ? check_preemption_disabled+0x9e/0x330 [ 2244.303719][T15560] ? memset+0x1f/0x40 [ 2244.307682][T15560] ? fsnotify+0x1332/0x13f0 [ 2244.312173][T15560] ? tty_do_resize+0x170/0x170 [ 2244.316930][T15560] do_vfs_ioctl+0x76a/0x1720 [ 2244.321504][T15560] ? selinux_file_ioctl+0x72f/0x990 [ 2244.326683][T15560] ? ioctl_preallocate+0x250/0x250 [ 2244.331776][T15560] ? __fget+0x37b/0x3c0 [ 2244.335908][T15560] ? fget_many+0x20/0x20 [ 2244.340125][T15560] ? do_syscall_64+0x1e0/0x1e0 [ 2244.344867][T15560] ? security_file_ioctl+0x9d/0xb0 [ 2244.349955][T15560] __x64_sys_ioctl+0xd4/0x110 [ 2244.354616][T15560] do_syscall_64+0xcb/0x1e0 [ 2244.359206][T15560] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2244.365088][T15560] RIP: 0033:0x7f041403f739 [ 2244.369483][T15560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2244.389077][T15560] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2244.397470][T15560] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2244.405462][T15560] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2244.413418][T15560] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2244.421369][T15560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2244.429319][T15560] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2244.444160][T11944] Bluetooth: hci0: sending frame failed (-49) 12:57:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000b00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000007140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:50 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5c00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:57:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012801000010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:57:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:57:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000008140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2246.512395][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 2246.518432][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2248.592262][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 2248.598296][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2250.672140][T15262] Bluetooth: hci0: command 0x1009 tx timeout 12:58:00 executing program 2 (fault-call:6 fault-nth:50): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:58:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5f2b, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:58:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012801100010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000009140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2254.945160][T15600] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2254.953929][T15600] FAULT_INJECTION: forcing a failure. [ 2254.953929][T15600] name failslab, interval 1, probability 0, space 0, times 0 [ 2254.967066][T15600] CPU: 0 PID: 15600 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2254.978682][T15600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2254.988722][T15600] Call Trace: [ 2254.992001][T15600] dump_stack+0x1d8/0x24e [ 2254.996313][T15600] ? devkmsg_release+0x11c/0x11c [ 2255.001239][T15600] ? mutex_unlock+0x19/0x40 [ 2255.005732][T15600] ? show_regs_print_info+0x12/0x12 [ 2255.010914][T15600] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2255.016977][T15600] should_fail+0x6f6/0x860 [ 2255.021394][T15600] ? setup_fault_attr+0x3d0/0x3d0 [ 2255.026405][T15600] ? _raw_spin_lock+0xa3/0x1b0 [ 2255.031163][T15600] ? __kernfs_new_node+0xdb/0x6d0 [ 2255.036171][T15600] should_failslab+0x5/0x20 [ 2255.040674][T15600] kmem_cache_alloc+0x36/0x290 [ 2255.045436][T15600] __kernfs_new_node+0xdb/0x6d0 [ 2255.050309][T15600] ? mutex_lock+0xa6/0x110 [ 2255.054714][T15600] ? kernfs_new_node+0x160/0x160 [ 2255.059642][T15600] ? kernfs_activate+0x3fc/0x420 [ 2255.064577][T15600] kernfs_new_node+0x95/0x160 [ 2255.069234][T15600] __kernfs_create_file+0x45/0x260 [ 2255.074332][T15600] sysfs_add_file_mode_ns+0x293/0x340 [ 2255.079684][T15600] internal_create_group+0x560/0xf10 [ 2255.084945][T15600] ? sysfs_create_group+0x20/0x20 [ 2255.089965][T15600] sysfs_create_groups+0x5d/0x130 [ 2255.094968][T15600] device_add+0xa51/0x18a0 [ 2255.099364][T15600] ? get_device+0x30/0x30 [ 2255.103673][T15600] ? mutex_lock+0xa6/0x110 [ 2255.108068][T15600] ? virtual_device_parent+0x50/0x50 [ 2255.113328][T15600] ? device_initialize+0x1d3/0x3e0 [ 2255.118419][T15600] rfkill_register+0x180/0x720 [ 2255.123166][T15600] hci_register_dev+0x398/0x710 [ 2255.127997][T15600] hci_uart_tty_ioctl+0x89e/0xa10 [ 2255.133013][T15600] ? hci_uart_tty_write+0x10/0x10 [ 2255.138012][T15600] tty_ioctl+0xf68/0x1710 [ 2255.142330][T15600] ? tty_do_resize+0x170/0x170 [ 2255.147072][T15600] ? avc_ss_reset+0x3a0/0x3a0 [ 2255.151725][T15600] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2255.157867][T15600] ? refcount_inc_checked+0x50/0x50 [ 2255.163045][T15600] ? proc_fail_nth_write+0x1d5/0x240 [ 2255.168306][T15600] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2255.173493][T15600] ? check_preemption_disabled+0x9e/0x330 [ 2255.179188][T15600] ? memset+0x1f/0x40 [ 2255.183161][T15600] ? fsnotify+0x1332/0x13f0 [ 2255.187640][T15600] ? tty_do_resize+0x170/0x170 [ 2255.192381][T15600] do_vfs_ioctl+0x76a/0x1720 [ 2255.196976][T15600] ? selinux_file_ioctl+0x72f/0x990 [ 2255.202147][T15600] ? ioctl_preallocate+0x250/0x250 [ 2255.207235][T15600] ? __fget+0x37b/0x3c0 [ 2255.211370][T15600] ? fget_many+0x20/0x20 [ 2255.215588][T15600] ? do_syscall_64+0x1e0/0x1e0 [ 2255.220329][T15600] ? security_file_ioctl+0x9d/0xb0 [ 2255.225413][T15600] __x64_sys_ioctl+0xd4/0x110 [ 2255.230065][T15600] do_syscall_64+0xcb/0x1e0 [ 2255.234545][T15600] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2255.240412][T15600] RIP: 0033:0x7f041403f739 [ 2255.244803][T15600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2255.264381][T15600] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2255.272766][T15600] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2255.280713][T15600] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2255.288675][T15600] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2255.296621][T15600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2255.304573][T15600] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2255.331048][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 12:58:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000030c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012801200010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2255.462722][T15599] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012801300010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2255.522835][T15619] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6403, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:58:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012801500010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2255.583038][T15623] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2255.712761][T15631] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2257.391732][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 2257.397796][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2259.471622][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 2259.477652][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2261.551508][T15262] Bluetooth: hci0: command 0x1009 tx timeout 12:58:10 executing program 2 (fault-call:6 fault-nth:51): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:58:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000d00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012801c00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:58:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000b140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6800, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2265.825869][T15651] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2265.834783][T15651] FAULT_INJECTION: forcing a failure. [ 2265.834783][T15651] name failslab, interval 1, probability 0, space 0, times 0 [ 2265.847727][T15651] CPU: 0 PID: 15651 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2265.859340][T15651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2265.869396][T15651] Call Trace: [ 2265.872670][T15651] dump_stack+0x1d8/0x24e [ 2265.876980][T15651] ? devkmsg_release+0x11c/0x11c [ 2265.881894][T15651] ? mutex_unlock+0x19/0x40 [ 2265.886371][T15651] ? show_regs_print_info+0x12/0x12 [ 2265.891543][T15651] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2265.897587][T15651] should_fail+0x6f6/0x860 [ 2265.901978][T15651] ? setup_fault_attr+0x3d0/0x3d0 [ 2265.906976][T15651] ? _raw_spin_lock+0xa3/0x1b0 [ 2265.911728][T15651] ? __kernfs_new_node+0xdb/0x6d0 [ 2265.917252][T15651] should_failslab+0x5/0x20 [ 2265.921731][T15651] kmem_cache_alloc+0x36/0x290 [ 2265.926470][T15651] __kernfs_new_node+0xdb/0x6d0 [ 2265.931295][T15651] ? mutex_lock+0xa6/0x110 [ 2265.935689][T15651] ? kernfs_new_node+0x160/0x160 [ 2265.940607][T15651] ? kernfs_activate+0x3fc/0x420 [ 2265.945535][T15651] kernfs_new_node+0x95/0x160 [ 2265.950202][T15651] __kernfs_create_file+0x45/0x260 [ 2265.955290][T15651] sysfs_add_file_mode_ns+0x293/0x340 [ 2265.960642][T15651] internal_create_group+0x560/0xf10 [ 2265.965922][T15651] ? sysfs_create_group+0x20/0x20 [ 2265.970926][T15651] sysfs_create_groups+0x5d/0x130 [ 2265.975933][T15651] device_add+0xa51/0x18a0 [ 2265.980326][T15651] ? get_device+0x30/0x30 [ 2265.984632][T15651] ? mutex_lock+0xa6/0x110 [ 2265.989026][T15651] ? virtual_device_parent+0x50/0x50 [ 2265.994375][T15651] ? device_initialize+0x1d3/0x3e0 [ 2265.999465][T15651] rfkill_register+0x180/0x720 [ 2266.004209][T15651] hci_register_dev+0x398/0x710 [ 2266.009039][T15651] hci_uart_tty_ioctl+0x89e/0xa10 [ 2266.014036][T15651] ? hci_uart_tty_write+0x10/0x10 [ 2266.019035][T15651] tty_ioctl+0xf68/0x1710 [ 2266.023358][T15651] ? tty_do_resize+0x170/0x170 [ 2266.028099][T15651] ? avc_ss_reset+0x3a0/0x3a0 [ 2266.032751][T15651] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2266.038879][T15651] ? refcount_inc_checked+0x50/0x50 [ 2266.044073][T15651] ? proc_fail_nth_write+0x1d5/0x240 [ 2266.049334][T15651] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2266.054511][T15651] ? check_preemption_disabled+0x9e/0x330 [ 2266.060219][T15651] ? memset+0x1f/0x40 [ 2266.064177][T15651] ? fsnotify+0x1332/0x13f0 [ 2266.068653][T15651] ? tty_do_resize+0x170/0x170 [ 2266.073390][T15651] do_vfs_ioctl+0x76a/0x1720 [ 2266.077959][T15651] ? selinux_file_ioctl+0x72f/0x990 [ 2266.083134][T15651] ? ioctl_preallocate+0x250/0x250 [ 2266.088222][T15651] ? __fget+0x37b/0x3c0 [ 2266.092353][T15651] ? fget_many+0x20/0x20 [ 2266.096576][T15651] ? do_syscall_64+0x1e0/0x1e0 [ 2266.101317][T15651] ? security_file_ioctl+0x9d/0xb0 [ 2266.106402][T15651] __x64_sys_ioctl+0xd4/0x110 [ 2266.111056][T15651] do_syscall_64+0xcb/0x1e0 [ 2266.115534][T15651] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2266.121400][T15651] RIP: 0033:0x7f041403f739 [ 2266.125807][T15651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2266.145383][T15651] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2266.153854][T15651] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2266.161797][T15651] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2266.169741][T15651] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2266.177689][T15651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2266.185646][T15651] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 12:58:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000c902930b140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012806400010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2266.381857][T15650] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03000062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2266.462029][T15660] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b04000062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2266.572193][T15666] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2266.732518][T15673] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2268.271281][T32228] Bluetooth: hci0: command 0x1003 tx timeout [ 2268.277553][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2270.351218][T15524] Bluetooth: hci0: command 0x1001 tx timeout [ 2270.357259][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2272.431385][T15524] Bluetooth: hci0: command 0x1009 tx timeout 12:58:21 executing program 2 (fault-call:6 fault-nth:52): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:58:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:58:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:58:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000e51000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b56000062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000030c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2276.703952][T15688] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2276.712920][T15688] FAULT_INJECTION: forcing a failure. [ 2276.712920][T15688] name failslab, interval 1, probability 0, space 0, times 0 [ 2276.726007][T15688] CPU: 1 PID: 15688 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2276.737616][T15688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2276.747645][T15688] Call Trace: [ 2276.750911][T15688] dump_stack+0x1d8/0x24e [ 2276.755215][T15688] ? devkmsg_release+0x11c/0x11c [ 2276.760122][T15688] ? mutex_unlock+0x19/0x40 [ 2276.764595][T15688] ? show_regs_print_info+0x12/0x12 [ 2276.769771][T15688] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2276.775825][T15688] should_fail+0x6f6/0x860 [ 2276.780221][T15688] ? setup_fault_attr+0x3d0/0x3d0 [ 2276.785219][T15688] ? _raw_spin_lock+0xa3/0x1b0 [ 2276.789963][T15688] ? __kernfs_new_node+0xdb/0x6d0 [ 2276.794957][T15688] should_failslab+0x5/0x20 [ 2276.799431][T15688] kmem_cache_alloc+0x36/0x290 [ 2276.804173][T15688] __kernfs_new_node+0xdb/0x6d0 [ 2276.808999][T15688] ? mutex_lock+0xa6/0x110 [ 2276.813384][T15688] ? kernfs_new_node+0x160/0x160 [ 2276.818296][T15688] ? kernfs_activate+0x3fc/0x420 [ 2276.823209][T15688] kernfs_new_node+0x95/0x160 [ 2276.827859][T15688] __kernfs_create_file+0x45/0x260 [ 2276.832942][T15688] sysfs_add_file_mode_ns+0x293/0x340 [ 2276.838331][T15688] internal_create_group+0x560/0xf10 [ 2276.843588][T15688] ? sysfs_create_group+0x20/0x20 [ 2276.848594][T15688] sysfs_create_groups+0x5d/0x130 [ 2276.853734][T15688] device_add+0xa51/0x18a0 [ 2276.858126][T15688] ? get_device+0x30/0x30 [ 2276.862427][T15688] ? mutex_lock+0xa6/0x110 [ 2276.866815][T15688] ? virtual_device_parent+0x50/0x50 [ 2276.872075][T15688] ? device_initialize+0x1d3/0x3e0 [ 2276.877167][T15688] rfkill_register+0x180/0x720 [ 2276.881908][T15688] hci_register_dev+0x398/0x710 [ 2276.886747][T15688] hci_uart_tty_ioctl+0x89e/0xa10 [ 2276.891748][T15688] ? hci_uart_tty_write+0x10/0x10 [ 2276.896744][T15688] tty_ioctl+0xf68/0x1710 [ 2276.901044][T15688] ? tty_do_resize+0x170/0x170 [ 2276.905776][T15688] ? avc_ss_reset+0x3a0/0x3a0 [ 2276.910422][T15688] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2276.916543][T15688] ? refcount_inc_checked+0x50/0x50 [ 2276.921724][T15688] ? proc_fail_nth_write+0x1d5/0x240 [ 2276.926985][T15688] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2276.932157][T15688] ? check_preemption_disabled+0x9e/0x330 [ 2276.937845][T15688] ? memset+0x1f/0x40 [ 2276.941799][T15688] ? fsnotify+0x1332/0x13f0 [ 2276.946277][T15688] ? tty_do_resize+0x170/0x170 [ 2276.951021][T15688] do_vfs_ioctl+0x76a/0x1720 [ 2276.955602][T15688] ? selinux_file_ioctl+0x72f/0x990 [ 2276.960780][T15688] ? ioctl_preallocate+0x250/0x250 [ 2276.965880][T15688] ? __fget+0x37b/0x3c0 [ 2276.970010][T15688] ? fget_many+0x20/0x20 [ 2276.974226][T15688] ? do_syscall_64+0x1e0/0x1e0 [ 2276.978967][T15688] ? security_file_ioctl+0x9d/0xb0 [ 2276.984050][T15688] __x64_sys_ioctl+0xd4/0x110 [ 2276.988701][T15688] do_syscall_64+0xcb/0x1e0 [ 2276.993176][T15688] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2276.999038][T15688] RIP: 0033:0x7f041403f739 [ 2277.003431][T15688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2277.023012][T15688] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2277.031409][T15688] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2277.039358][T15688] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2277.047302][T15688] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2277.055255][T15688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2277.063207][T15688] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2277.073410][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 12:58:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b02010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2277.097888][T15682] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001100140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000d140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b04010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2277.231626][T15695] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2277.259236][T15698] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b05010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2277.421043][T15703] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2277.481257][T15706] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2279.150399][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2279.156435][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2281.230279][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2281.236393][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2283.310143][T18059] Bluetooth: hci0: command 0x1009 tx timeout 12:58:32 executing program 2 (fault-call:6 fault-nth:53): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:58:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b06010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7400, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:58:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:58:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b07010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2287.572240][T15713] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2287.591694][T15719] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2287.607506][T15719] FAULT_INJECTION: forcing a failure. [ 2287.607506][T15719] name failslab, interval 1, probability 0, space 0, times 0 [ 2287.624179][T15719] CPU: 0 PID: 15719 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2287.635880][T15719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2287.645914][T15719] Call Trace: [ 2287.649240][T15719] dump_stack+0x1d8/0x24e [ 2287.653559][T15719] ? devkmsg_release+0x11c/0x11c [ 2287.658475][T15719] ? show_regs_print_info+0x12/0x12 [ 2287.663648][T15719] should_fail+0x6f6/0x860 [ 2287.668040][T15719] ? setup_fault_attr+0x3d0/0x3d0 [ 2287.673038][T15719] ? security_kernfs_init_security+0x9a/0xb0 [ 2287.679045][T15719] ? __kernfs_new_node+0x50b/0x6d0 [ 2287.684128][T15719] ? __kernfs_new_node+0xdb/0x6d0 [ 2287.689134][T15719] should_failslab+0x5/0x20 [ 2287.693617][T15719] kmem_cache_alloc+0x36/0x290 [ 2287.698358][T15719] ? mutex_trylock+0xb0/0xb0 [ 2287.702930][T15719] __kernfs_new_node+0xdb/0x6d0 [ 2287.707792][T15719] ? kernfs_new_node+0x160/0x160 [ 2287.712709][T15719] ? mutex_unlock+0x19/0x40 [ 2287.717188][T15719] ? kernfs_add_one+0x49e/0x5c0 [ 2287.722016][T15719] ? __kernfs_create_file+0x1f1/0x260 [ 2287.727368][T15719] kernfs_new_node+0x95/0x160 [ 2287.732025][T15719] __kernfs_create_file+0x45/0x260 [ 2287.737111][T15719] sysfs_add_file_mode_ns+0x293/0x340 [ 2287.742458][T15719] sysfs_create_file_ns+0x18c/0x2b0 [ 2287.747631][T15719] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2287.753151][T15719] ? device_create_file+0xe2/0x1a0 [ 2287.758247][T15719] device_add+0xc44/0x18a0 [ 2287.762642][T15719] ? virtual_device_parent+0x50/0x50 [ 2287.767904][T15719] ? device_initialize+0x1d3/0x3e0 [ 2287.772999][T15719] rfkill_register+0x180/0x720 [ 2287.777741][T15719] hci_register_dev+0x398/0x710 [ 2287.782572][T15719] hci_uart_tty_ioctl+0x89e/0xa10 [ 2287.787574][T15719] ? hci_uart_tty_write+0x10/0x10 [ 2287.792596][T15719] tty_ioctl+0xf68/0x1710 [ 2287.796904][T15719] ? tty_do_resize+0x170/0x170 [ 2287.801648][T15719] ? avc_ss_reset+0x3a0/0x3a0 [ 2287.806300][T15719] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2287.812516][T15719] ? refcount_inc_checked+0x50/0x50 [ 2287.817694][T15719] ? proc_fail_nth_write+0x1d5/0x240 [ 2287.822957][T15719] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2287.828131][T15719] ? check_preemption_disabled+0x9e/0x330 [ 2287.833824][T15719] ? memset+0x1f/0x40 [ 2287.837784][T15719] ? fsnotify+0x1332/0x13f0 [ 2287.842262][T15719] ? tty_do_resize+0x170/0x170 [ 2287.847004][T15719] do_vfs_ioctl+0x76a/0x1720 [ 2287.851574][T15719] ? selinux_file_ioctl+0x72f/0x990 [ 2287.856750][T15719] ? ioctl_preallocate+0x250/0x250 [ 2287.861840][T15719] ? __fget+0x37b/0x3c0 [ 2287.865984][T15719] ? fget_many+0x20/0x20 [ 2287.870203][T15719] ? do_syscall_64+0x1e0/0x1e0 [ 2287.874941][T15719] ? security_file_ioctl+0x9d/0xb0 [ 2287.880030][T15719] __x64_sys_ioctl+0xd4/0x110 [ 2287.884681][T15719] do_syscall_64+0xcb/0x1e0 [ 2287.889250][T15719] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2287.895118][T15719] RIP: 0033:0x7f041403f739 [ 2287.899518][T15719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2287.919113][T15719] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2287.927501][T15719] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2287.935460][T15719] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2287.943409][T15719] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2287.951357][T15719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2287.959305][T15719] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 12:58:33 executing program 2 (fault-call:6 fault-nth:54): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2288.068093][T15733] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2288.076745][T15733] FAULT_INJECTION: forcing a failure. [ 2288.076745][T15733] name failslab, interval 1, probability 0, space 0, times 0 [ 2288.092460][T15733] CPU: 0 PID: 15733 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2288.104074][T15733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2288.114103][T15733] Call Trace: [ 2288.117374][T15733] dump_stack+0x1d8/0x24e [ 2288.121687][T15733] ? devkmsg_release+0x11c/0x11c [ 2288.126602][T15733] ? show_regs_print_info+0x12/0x12 [ 2288.131789][T15733] should_fail+0x6f6/0x860 [ 2288.136212][T15733] ? setup_fault_attr+0x3d0/0x3d0 [ 2288.141218][T15733] ? security_kernfs_init_security+0x9a/0xb0 [ 2288.147180][T15733] ? __kernfs_new_node+0x50b/0x6d0 [ 2288.152272][T15733] ? __kernfs_new_node+0xdb/0x6d0 [ 2288.157275][T15733] should_failslab+0x5/0x20 [ 2288.161756][T15733] kmem_cache_alloc+0x36/0x290 [ 2288.166514][T15733] ? mutex_trylock+0xb0/0xb0 [ 2288.171119][T15733] __kernfs_new_node+0xdb/0x6d0 [ 2288.175960][T15733] ? kernfs_new_node+0x160/0x160 [ 2288.180883][T15733] ? mutex_unlock+0x19/0x40 [ 2288.185368][T15733] ? kernfs_add_one+0x49e/0x5c0 [ 2288.190200][T15733] ? __kernfs_create_file+0x1f1/0x260 [ 2288.195550][T15733] kernfs_new_node+0x95/0x160 [ 2288.200327][T15733] __kernfs_create_file+0x45/0x260 [ 2288.205436][T15733] sysfs_add_file_mode_ns+0x293/0x340 [ 2288.210790][T15733] sysfs_create_file_ns+0x18c/0x2b0 [ 2288.215963][T15733] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2288.221483][T15733] ? device_create_file+0xe2/0x1a0 [ 2288.226574][T15733] device_add+0xc44/0x18a0 [ 2288.230966][T15733] ? virtual_device_parent+0x50/0x50 [ 2288.236219][T15733] ? device_initialize+0x1d3/0x3e0 [ 2288.241310][T15733] rfkill_register+0x180/0x720 [ 2288.246060][T15733] hci_register_dev+0x398/0x710 [ 2288.250891][T15733] hci_uart_tty_ioctl+0x89e/0xa10 [ 2288.255895][T15733] ? hci_uart_tty_write+0x10/0x10 [ 2288.260903][T15733] tty_ioctl+0xf68/0x1710 [ 2288.265212][T15733] ? tty_do_resize+0x170/0x170 [ 2288.269949][T15733] ? avc_ss_reset+0x3a0/0x3a0 [ 2288.274604][T15733] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2288.280729][T15733] ? refcount_inc_checked+0x50/0x50 [ 2288.285911][T15733] ? proc_fail_nth_write+0x1d5/0x240 [ 2288.291173][T15733] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2288.296348][T15733] ? check_preemption_disabled+0x9e/0x330 [ 2288.302049][T15733] ? memset+0x1f/0x40 [ 2288.306006][T15733] ? fsnotify+0x1332/0x13f0 [ 2288.310477][T15733] ? tty_do_resize+0x170/0x170 [ 2288.315218][T15733] do_vfs_ioctl+0x76a/0x1720 [ 2288.319786][T15733] ? selinux_file_ioctl+0x72f/0x990 [ 2288.324954][T15733] ? ioctl_preallocate+0x250/0x250 [ 2288.330034][T15733] ? __fget+0x37b/0x3c0 [ 2288.334167][T15733] ? fget_many+0x20/0x20 [ 2288.338393][T15733] ? do_syscall_64+0x1e0/0x1e0 [ 2288.343132][T15733] ? security_file_ioctl+0x9d/0xb0 [ 2288.348218][T15733] __x64_sys_ioctl+0xd4/0x110 [ 2288.352875][T15733] do_syscall_64+0xcb/0x1e0 [ 2288.357364][T15733] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2288.363232][T15733] RIP: 0033:0x7f041403f739 [ 2288.367617][T15733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2288.387194][T15733] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2288.395583][T15733] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2288.403530][T15733] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2288.411474][T15733] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 12:58:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b08010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2288.419425][T15733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2288.427374][T15733] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2288.436927][T15724] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2288.458448][ T7] Bluetooth: hci0: Frame reassembly failed (-84) 12:58:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b09010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a00, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2288.513309][T15747] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0a010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2288.620448][T15754] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000010140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0b010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2288.680594][T15758] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0c010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2288.780799][T15764] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2288.850541][T15767] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2290.509704][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2290.515759][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2292.589574][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2292.595629][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2294.669456][T18059] Bluetooth: hci0: command 0x1009 tx timeout 12:58:44 executing program 2 (fault-call:6 fault-nth:55): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:58:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000011140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0d010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8100, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:58:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:58:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0e010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2299.099815][T15779] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2299.110908][T15781] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2299.122541][T15781] FAULT_INJECTION: forcing a failure. [ 2299.122541][T15781] name failslab, interval 1, probability 0, space 0, times 0 [ 2299.135353][T15781] CPU: 0 PID: 15781 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2299.147023][T15781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2299.157067][T15781] Call Trace: [ 2299.160360][T15781] dump_stack+0x1d8/0x24e [ 2299.164683][T15781] ? devkmsg_release+0x11c/0x11c [ 2299.169609][T15781] ? show_regs_print_info+0x12/0x12 [ 2299.174794][T15781] ? mutex_unlock+0x19/0x40 [ 2299.179278][T15781] should_fail+0x6f6/0x860 [ 2299.183685][T15781] ? setup_fault_attr+0x3d0/0x3d0 [ 2299.188696][T15781] ? selinux_path_notify+0x6c0/0x6c0 [ 2299.193975][T15781] ? __kernfs_new_node+0xdb/0x6d0 [ 2299.198990][T15781] should_failslab+0x5/0x20 [ 2299.203501][T15781] kmem_cache_alloc+0x36/0x290 [ 2299.208275][T15781] ? _raw_spin_lock+0xa3/0x1b0 [ 2299.213034][T15781] __kernfs_new_node+0xdb/0x6d0 [ 2299.217870][T15781] ? kernfs_new_node+0x160/0x160 [ 2299.222790][T15781] ? mutex_lock+0xa6/0x110 [ 2299.227182][T15781] ? mutex_trylock+0xb0/0xb0 [ 2299.231750][T15781] ? kernfs_activate+0x3fc/0x420 [ 2299.236664][T15781] kernfs_new_node+0x95/0x160 [ 2299.241333][T15781] __kernfs_create_file+0x45/0x260 [ 2299.246421][T15781] sysfs_add_file_mode_ns+0x293/0x340 [ 2299.251767][T15781] sysfs_merge_group+0x204/0x440 [ 2299.256681][T15781] ? sysfs_remove_groups+0xb0/0xb0 [ 2299.261766][T15781] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2299.267287][T15781] ? bus_add_device+0x92/0x3f0 [ 2299.272025][T15781] dpm_sysfs_add+0xbd/0x260 [ 2299.276512][T15781] device_add+0xde7/0x18a0 [ 2299.280906][T15781] ? virtual_device_parent+0x50/0x50 [ 2299.286168][T15781] ? device_initialize+0x1d3/0x3e0 [ 2299.291258][T15781] rfkill_register+0x180/0x720 [ 2299.296002][T15781] hci_register_dev+0x398/0x710 [ 2299.300831][T15781] hci_uart_tty_ioctl+0x89e/0xa10 [ 2299.305833][T15781] ? hci_uart_tty_write+0x10/0x10 [ 2299.310833][T15781] tty_ioctl+0xf68/0x1710 [ 2299.315137][T15781] ? tty_do_resize+0x170/0x170 [ 2299.319876][T15781] ? avc_ss_reset+0x3a0/0x3a0 [ 2299.324528][T15781] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2299.330655][T15781] ? refcount_inc_checked+0x50/0x50 [ 2299.335831][T15781] ? proc_fail_nth_write+0x1d5/0x240 [ 2299.341090][T15781] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2299.346267][T15781] ? check_preemption_disabled+0x9e/0x330 [ 2299.351961][T15781] ? memset+0x1f/0x40 [ 2299.355917][T15781] ? fsnotify+0x1332/0x13f0 [ 2299.360394][T15781] ? tty_do_resize+0x170/0x170 [ 2299.365136][T15781] do_vfs_ioctl+0x76a/0x1720 [ 2299.369704][T15781] ? selinux_file_ioctl+0x72f/0x990 [ 2299.374878][T15781] ? ioctl_preallocate+0x250/0x250 [ 2299.379966][T15781] ? __fget+0x37b/0x3c0 [ 2299.384097][T15781] ? fget_many+0x20/0x20 [ 2299.388316][T15781] ? do_syscall_64+0x1e0/0x1e0 [ 2299.393078][T15781] ? security_file_ioctl+0x9d/0xb0 [ 2299.398179][T15781] __x64_sys_ioctl+0xd4/0x110 [ 2299.402836][T15781] do_syscall_64+0xcb/0x1e0 [ 2299.407319][T15781] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2299.413185][T15781] RIP: 0033:0x7f041403f739 [ 2299.417580][T15781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2299.437162][T15781] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2299.445549][T15781] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2299.453494][T15781] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2299.461439][T15781] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2299.469389][T15781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2299.477335][T15781] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2299.501145][ T7] Bluetooth: hci0: Frame reassembly failed (-84) 12:58:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000012140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0f010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b10010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2299.669788][T15786] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2299.709369][T15798] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b11010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2299.839825][T15802] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2299.919894][T15806] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2301.549112][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2301.555158][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2303.628971][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2303.635012][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2305.708919][T15793] Bluetooth: hci0: command 0x1009 tx timeout 12:58:55 executing program 2 (fault-call:6 fault-nth:56): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:58:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0), 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:58:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000001f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b12010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa603, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2309.983041][T15820] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2309.991871][T15820] FAULT_INJECTION: forcing a failure. [ 2309.991871][T15820] name failslab, interval 1, probability 0, space 0, times 0 [ 2310.005995][T15816] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2310.015444][T15820] CPU: 0 PID: 15820 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2310.027048][T15820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2310.037079][T15820] Call Trace: [ 2310.040356][T15820] dump_stack+0x1d8/0x24e [ 2310.044665][T15820] ? devkmsg_release+0x11c/0x11c [ 2310.049574][T15820] ? mutex_unlock+0x19/0x40 [ 2310.054055][T15820] ? show_regs_print_info+0x12/0x12 [ 2310.059228][T15820] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2310.065270][T15820] should_fail+0x6f6/0x860 [ 2310.069669][T15820] ? setup_fault_attr+0x3d0/0x3d0 [ 2310.074674][T15820] ? _raw_spin_lock+0xa3/0x1b0 [ 2310.079414][T15820] ? __kernfs_new_node+0xdb/0x6d0 [ 2310.084424][T15820] should_failslab+0x5/0x20 [ 2310.088925][T15820] kmem_cache_alloc+0x36/0x290 [ 2310.093674][T15820] __kernfs_new_node+0xdb/0x6d0 [ 2310.098504][T15820] ? mutex_lock+0xa6/0x110 [ 2310.102898][T15820] ? kernfs_new_node+0x160/0x160 [ 2310.107818][T15820] ? mutex_lock+0xa6/0x110 [ 2310.112208][T15820] ? kernfs_activate+0x3fc/0x420 [ 2310.117129][T15820] kernfs_new_node+0x95/0x160 [ 2310.121793][T15820] __kernfs_create_file+0x45/0x260 [ 2310.126892][T15820] sysfs_add_file_mode_ns+0x293/0x340 [ 2310.132250][T15820] sysfs_merge_group+0x204/0x440 [ 2310.137172][T15820] ? sysfs_remove_groups+0xb0/0xb0 [ 2310.142263][T15820] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2310.147785][T15820] ? bus_add_device+0x92/0x3f0 [ 2310.152528][T15820] dpm_sysfs_add+0xbd/0x260 [ 2310.157022][T15820] device_add+0xde7/0x18a0 [ 2310.161415][T15820] ? virtual_device_parent+0x50/0x50 [ 2310.166671][T15820] ? device_initialize+0x1d3/0x3e0 [ 2310.171768][T15820] rfkill_register+0x180/0x720 [ 2310.176513][T15820] hci_register_dev+0x398/0x710 [ 2310.181341][T15820] hci_uart_tty_ioctl+0x89e/0xa10 [ 2310.186350][T15820] ? hci_uart_tty_write+0x10/0x10 [ 2310.191362][T15820] tty_ioctl+0xf68/0x1710 [ 2310.195668][T15820] ? tty_do_resize+0x170/0x170 [ 2310.200416][T15820] ? avc_ss_reset+0x3a0/0x3a0 [ 2310.205065][T15820] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2310.211198][T15820] ? refcount_inc_checked+0x50/0x50 [ 2310.216383][T15820] ? proc_fail_nth_write+0x1d5/0x240 [ 2310.221654][T15820] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2310.226828][T15820] ? check_preemption_disabled+0x9e/0x330 [ 2310.232521][T15820] ? memset+0x1f/0x40 [ 2310.236478][T15820] ? fsnotify+0x1332/0x13f0 [ 2310.240954][T15820] ? tty_do_resize+0x170/0x170 [ 2310.245695][T15820] do_vfs_ioctl+0x76a/0x1720 [ 2310.250270][T15820] ? selinux_file_ioctl+0x72f/0x990 [ 2310.255456][T15820] ? ioctl_preallocate+0x250/0x250 [ 2310.260543][T15820] ? __fget+0x37b/0x3c0 [ 2310.264679][T15820] ? fget_many+0x20/0x20 [ 2310.268896][T15820] ? do_syscall_64+0x1e0/0x1e0 [ 2310.273631][T15820] ? security_file_ioctl+0x9d/0xb0 [ 2310.278714][T15820] __x64_sys_ioctl+0xd4/0x110 [ 2310.283367][T15820] do_syscall_64+0xcb/0x1e0 [ 2310.287857][T15820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2310.293740][T15820] RIP: 0033:0x7f041403f739 [ 2310.298139][T15820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2310.317718][T15820] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2310.326093][T15820] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 12:58:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b25010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2310.334034][T15820] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2310.341973][T15820] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2310.349920][T15820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2310.357870][T15820] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 12:58:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000020140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b2f010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2310.479180][T15827] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:58:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b38010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:58:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb603, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2310.659453][T15831] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2310.759180][T15834] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2312.428300][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2312.434356][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2314.508189][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2314.514224][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2316.588082][T15793] Bluetooth: hci0: command 0x1009 tx timeout 12:59:06 executing program 2 (fault-call:6 fault-nth:57): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:59:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b3a010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0), 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:59:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000025140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc603, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2320.856720][T15856] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2320.866180][T15856] FAULT_INJECTION: forcing a failure. [ 2320.866180][T15856] name failslab, interval 1, probability 0, space 0, times 0 [ 2320.879567][T15856] CPU: 1 PID: 15856 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2320.891175][T15856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2320.901213][T15856] Call Trace: [ 2320.904499][T15856] dump_stack+0x1d8/0x24e [ 2320.908815][T15856] ? devkmsg_release+0x11c/0x11c [ 2320.913733][T15856] ? mutex_unlock+0x19/0x40 [ 2320.918219][T15856] ? show_regs_print_info+0x12/0x12 [ 2320.923406][T15856] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2320.929462][T15856] should_fail+0x6f6/0x860 [ 2320.933862][T15856] ? setup_fault_attr+0x3d0/0x3d0 [ 2320.938864][T15856] ? _raw_spin_lock+0xa3/0x1b0 [ 2320.943614][T15856] ? __kernfs_new_node+0xdb/0x6d0 [ 2320.948629][T15856] should_failslab+0x5/0x20 [ 2320.953228][T15856] kmem_cache_alloc+0x36/0x290 [ 2320.957989][T15856] __kernfs_new_node+0xdb/0x6d0 [ 2320.962832][T15856] ? mutex_lock+0xa6/0x110 [ 2320.967234][T15856] ? kernfs_new_node+0x160/0x160 [ 2320.972154][T15856] ? mutex_lock+0xa6/0x110 [ 2320.976555][T15856] ? kernfs_activate+0x3fc/0x420 [ 2320.981465][T15856] kernfs_new_node+0x95/0x160 [ 2320.986123][T15856] __kernfs_create_file+0x45/0x260 [ 2320.991209][T15856] sysfs_add_file_mode_ns+0x293/0x340 [ 2320.996568][T15856] sysfs_merge_group+0x204/0x440 [ 2321.001489][T15856] ? sysfs_remove_groups+0xb0/0xb0 [ 2321.006577][T15856] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2321.012105][T15856] ? bus_add_device+0x92/0x3f0 [ 2321.016852][T15856] dpm_sysfs_add+0xbd/0x260 [ 2321.021342][T15856] device_add+0xde7/0x18a0 [ 2321.025747][T15856] ? virtual_device_parent+0x50/0x50 [ 2321.031015][T15856] ? device_initialize+0x1d3/0x3e0 [ 2321.036118][T15856] rfkill_register+0x180/0x720 [ 2321.040864][T15856] hci_register_dev+0x398/0x710 [ 2321.045699][T15856] hci_uart_tty_ioctl+0x89e/0xa10 [ 2321.050708][T15856] ? hci_uart_tty_write+0x10/0x10 [ 2321.055709][T15856] tty_ioctl+0xf68/0x1710 [ 2321.060022][T15856] ? tty_do_resize+0x170/0x170 [ 2321.064776][T15856] ? avc_ss_reset+0x3a0/0x3a0 [ 2321.069426][T15856] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2321.075559][T15856] ? refcount_inc_checked+0x50/0x50 [ 2321.080736][T15856] ? proc_fail_nth_write+0x1d5/0x240 [ 2321.085999][T15856] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2321.091180][T15856] ? check_preemption_disabled+0x9e/0x330 [ 2321.096880][T15856] ? memset+0x1f/0x40 [ 2321.100885][T15856] ? fsnotify+0x1332/0x13f0 [ 2321.105361][T15856] ? tty_do_resize+0x170/0x170 [ 2321.110101][T15856] do_vfs_ioctl+0x76a/0x1720 [ 2321.114689][T15856] ? selinux_file_ioctl+0x72f/0x990 [ 2321.119874][T15856] ? ioctl_preallocate+0x250/0x250 [ 2321.124961][T15856] ? __fget+0x37b/0x3c0 [ 2321.129208][T15856] ? fget_many+0x20/0x20 [ 2321.133442][T15856] ? do_syscall_64+0x1e0/0x1e0 [ 2321.138188][T15856] ? security_file_ioctl+0x9d/0xb0 [ 2321.143272][T15856] __x64_sys_ioctl+0xd4/0x110 [ 2321.147926][T15856] do_syscall_64+0xcb/0x1e0 [ 2321.152413][T15856] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2321.158293][T15856] RIP: 0033:0x7f041403f739 [ 2321.162694][T15856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2321.182285][T15856] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2321.190683][T15856] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2321.198636][T15856] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2321.206587][T15856] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2321.214541][T15856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2321.222492][T15856] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2321.233941][T15855] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b48010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2321.256564][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 12:59:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b4a010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2321.429625][T15865] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xda03, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:59:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000222c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b4c010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2321.588270][T15871] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2321.758212][T15877] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2323.307845][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2323.313869][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2325.388013][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2325.394043][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2327.467619][T11760] Bluetooth: hci0: command 0x1009 tx timeout 12:59:16 executing program 2 (fault-call:6 fault-nth:58): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:59:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0), 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:59:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b50010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000002f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe203, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2331.744466][T15895] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2331.753228][T15895] FAULT_INJECTION: forcing a failure. [ 2331.753228][T15895] name failslab, interval 1, probability 0, space 0, times 0 [ 2331.766695][T15895] CPU: 0 PID: 15895 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2331.778386][T15895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2331.788419][T15895] Call Trace: [ 2331.791693][T15895] dump_stack+0x1d8/0x24e [ 2331.796009][T15895] ? devkmsg_release+0x11c/0x11c [ 2331.800929][T15895] ? mutex_unlock+0x19/0x40 [ 2331.805405][T15895] ? show_regs_print_info+0x12/0x12 [ 2331.810574][T15895] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2331.816613][T15895] should_fail+0x6f6/0x860 [ 2331.821005][T15895] ? setup_fault_attr+0x3d0/0x3d0 [ 2331.825997][T15895] ? _raw_spin_lock+0xa3/0x1b0 [ 2331.830739][T15895] ? __kernfs_new_node+0xdb/0x6d0 [ 2331.835746][T15895] should_failslab+0x5/0x20 [ 2331.840227][T15895] kmem_cache_alloc+0x36/0x290 [ 2331.844973][T15895] __kernfs_new_node+0xdb/0x6d0 [ 2331.849809][T15895] ? mutex_lock+0xa6/0x110 [ 2331.854203][T15895] ? kernfs_new_node+0x160/0x160 [ 2331.859121][T15895] ? mutex_lock+0xa6/0x110 [ 2331.863518][T15895] ? kernfs_activate+0x3fc/0x420 [ 2331.868441][T15895] kernfs_new_node+0x95/0x160 [ 2331.873103][T15895] __kernfs_create_file+0x45/0x260 [ 2331.878191][T15895] sysfs_add_file_mode_ns+0x293/0x340 [ 2331.883546][T15895] sysfs_merge_group+0x204/0x440 [ 2331.888483][T15895] ? sysfs_remove_groups+0xb0/0xb0 [ 2331.893578][T15895] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2331.899108][T15895] ? bus_add_device+0x92/0x3f0 [ 2331.903850][T15895] dpm_sysfs_add+0xbd/0x260 [ 2331.908342][T15895] device_add+0xde7/0x18a0 [ 2331.912732][T15895] ? virtual_device_parent+0x50/0x50 [ 2331.917989][T15895] ? device_initialize+0x1d3/0x3e0 [ 2331.923077][T15895] rfkill_register+0x180/0x720 [ 2331.927822][T15895] hci_register_dev+0x398/0x710 [ 2331.932759][T15895] hci_uart_tty_ioctl+0x89e/0xa10 [ 2331.937758][T15895] ? hci_uart_tty_write+0x10/0x10 [ 2331.942760][T15895] tty_ioctl+0xf68/0x1710 [ 2331.947065][T15895] ? tty_do_resize+0x170/0x170 [ 2331.951818][T15895] ? avc_ss_reset+0x3a0/0x3a0 [ 2331.956470][T15895] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2331.962595][T15895] ? refcount_inc_checked+0x50/0x50 [ 2331.967767][T15895] ? proc_fail_nth_write+0x1d5/0x240 [ 2331.973026][T15895] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2331.978209][T15895] ? check_preemption_disabled+0x9e/0x330 [ 2331.983900][T15895] ? memset+0x1f/0x40 [ 2331.987853][T15895] ? fsnotify+0x1332/0x13f0 [ 2331.992334][T15895] ? tty_do_resize+0x170/0x170 [ 2331.997086][T15895] do_vfs_ioctl+0x76a/0x1720 [ 2332.001649][T15895] ? selinux_file_ioctl+0x72f/0x990 [ 2332.006831][T15895] ? ioctl_preallocate+0x250/0x250 [ 2332.011921][T15895] ? __fget+0x37b/0x3c0 [ 2332.016050][T15895] ? fget_many+0x20/0x20 [ 2332.020267][T15895] ? do_syscall_64+0x1e0/0x1e0 [ 2332.025007][T15895] ? security_file_ioctl+0x9d/0xb0 [ 2332.030097][T15895] __x64_sys_ioctl+0xd4/0x110 [ 2332.034750][T15895] do_syscall_64+0xcb/0x1e0 [ 2332.039228][T15895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2332.045090][T15895] RIP: 0033:0x7f041403f739 [ 2332.049484][T15895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2332.069060][T15895] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2332.077442][T15895] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2332.085383][T15895] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 12:59:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b68010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2332.093332][T15895] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2332.101277][T15895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2332.109227][T15895] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2332.134690][T15892] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b6c010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2332.268178][T15904] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b74010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2332.317860][T15909] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf403, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2332.378099][T15912] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2334.186921][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2334.192965][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2336.266807][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2336.272836][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2338.346693][T18059] Bluetooth: hci0: command 0x1009 tx timeout 12:59:27 executing program 2 (fault-call:6 fault-nth:59): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:59:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b7a010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8", 0xc) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:59:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2342.619282][T15930] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2342.628155][T15930] FAULT_INJECTION: forcing a failure. [ 2342.628155][T15930] name failslab, interval 1, probability 0, space 0, times 0 [ 2342.641915][T15930] CPU: 1 PID: 15930 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2342.653532][T15930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2342.663566][T15930] Call Trace: [ 2342.666843][T15930] dump_stack+0x1d8/0x24e [ 2342.671148][T15930] ? devkmsg_release+0x11c/0x11c [ 2342.676057][T15930] ? mutex_unlock+0x19/0x40 [ 2342.680532][T15930] ? show_regs_print_info+0x12/0x12 [ 2342.685698][T15930] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 2342.691739][T15930] should_fail+0x6f6/0x860 [ 2342.696132][T15930] ? setup_fault_attr+0x3d0/0x3d0 [ 2342.701155][T15930] ? _raw_spin_lock+0xa3/0x1b0 [ 2342.705901][T15930] ? __kernfs_new_node+0xdb/0x6d0 [ 2342.710905][T15930] should_failslab+0x5/0x20 [ 2342.715388][T15930] kmem_cache_alloc+0x36/0x290 [ 2342.720126][T15930] __kernfs_new_node+0xdb/0x6d0 [ 2342.724950][T15930] ? mutex_lock+0xa6/0x110 [ 2342.729362][T15930] ? kernfs_new_node+0x160/0x160 [ 2342.734283][T15930] ? mutex_lock+0xa6/0x110 [ 2342.738678][T15930] ? kernfs_activate+0x3fc/0x420 [ 2342.743612][T15930] kernfs_new_node+0x95/0x160 [ 2342.748282][T15930] __kernfs_create_file+0x45/0x260 [ 2342.753374][T15930] sysfs_add_file_mode_ns+0x293/0x340 [ 2342.758726][T15930] sysfs_merge_group+0x204/0x440 [ 2342.763632][T15930] ? sysfs_remove_groups+0xb0/0xb0 [ 2342.768718][T15930] ? sysfs_add_file_mode_ns+0x340/0x340 [ 2342.774234][T15930] ? bus_add_device+0x92/0x3f0 [ 2342.778966][T15930] dpm_sysfs_add+0xbd/0x260 [ 2342.783439][T15930] device_add+0xde7/0x18a0 [ 2342.787835][T15930] ? virtual_device_parent+0x50/0x50 [ 2342.793101][T15930] ? device_initialize+0x1d3/0x3e0 [ 2342.798190][T15930] rfkill_register+0x180/0x720 [ 2342.802929][T15930] hci_register_dev+0x398/0x710 [ 2342.807763][T15930] hci_uart_tty_ioctl+0x89e/0xa10 [ 2342.812776][T15930] ? hci_uart_tty_write+0x10/0x10 [ 2342.817783][T15930] tty_ioctl+0xf68/0x1710 [ 2342.822100][T15930] ? tty_do_resize+0x170/0x170 [ 2342.826847][T15930] ? avc_ss_reset+0x3a0/0x3a0 [ 2342.831499][T15930] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2342.837637][T15930] ? refcount_inc_checked+0x50/0x50 [ 2342.842811][T15930] ? proc_fail_nth_write+0x1d5/0x240 [ 2342.848069][T15930] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2342.853242][T15930] ? check_preemption_disabled+0x9e/0x330 [ 2342.858944][T15930] ? memset+0x1f/0x40 [ 2342.862904][T15930] ? fsnotify+0x1332/0x13f0 [ 2342.867383][T15930] ? tty_do_resize+0x170/0x170 [ 2342.872126][T15930] do_vfs_ioctl+0x76a/0x1720 [ 2342.876696][T15930] ? selinux_file_ioctl+0x72f/0x990 [ 2342.881873][T15930] ? ioctl_preallocate+0x250/0x250 [ 2342.886955][T15930] ? __fget+0x37b/0x3c0 [ 2342.891428][T15930] ? fget_many+0x20/0x20 [ 2342.895641][T15930] ? do_syscall_64+0x1e0/0x1e0 [ 2342.900391][T15930] ? security_file_ioctl+0x9d/0xb0 [ 2342.905491][T15930] __x64_sys_ioctl+0xd4/0x110 [ 2342.910147][T15930] do_syscall_64+0xcb/0x1e0 [ 2342.914629][T15930] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2342.920510][T15930] RIP: 0033:0x7f041403f739 [ 2342.924902][T15930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2342.944483][T15930] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2342.952876][T15930] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2342.960827][T15930] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 12:59:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800ba0010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2342.968781][T15930] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2342.976723][T15930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2342.984667][T15930] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2342.995372][T15927] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2342.995739][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 12:59:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800ba8010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2343.117216][T15944] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800be4010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff0f, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:59:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2343.237154][T15950] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2343.307280][T15958] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2345.066230][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2345.072605][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2347.146125][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2347.152159][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2349.226005][T11760] Bluetooth: hci0: command 0x1009 tx timeout 12:59:38 executing program 2 (fault-call:6 fault-nth:60): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:59:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800be6010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8", 0xc) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:59:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000035600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff7f, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2353.501389][T15973] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2353.510118][T15973] FAULT_INJECTION: forcing a failure. [ 2353.510118][T15973] name failslab, interval 1, probability 0, space 0, times 0 [ 2353.523549][T15973] CPU: 0 PID: 15973 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2353.535147][T15973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2353.545174][T15973] Call Trace: [ 2353.548438][T15973] dump_stack+0x1d8/0x24e [ 2353.552745][T15973] ? devkmsg_release+0x11c/0x11c [ 2353.557663][T15973] ? show_regs_print_info+0x12/0x12 [ 2353.562848][T15973] ? kernfs_add_one+0x49e/0x5c0 [ 2353.567685][T15973] should_fail+0x6f6/0x860 [ 2353.572085][T15973] ? setup_fault_attr+0x3d0/0x3d0 [ 2353.577087][T15973] ? kernfs_put+0x46/0x4b0 [ 2353.581472][T15973] ? sysfs_add_file_mode_ns+0x2b4/0x340 [ 2353.586991][T15973] ? kobject_uevent_env+0x252/0x1000 [ 2353.592253][T15973] should_failslab+0x5/0x20 [ 2353.596734][T15973] kmem_cache_alloc_trace+0x39/0x2b0 [ 2353.602000][T15973] kobject_uevent_env+0x252/0x1000 [ 2353.607090][T15973] device_add+0xf42/0x18a0 [ 2353.611482][T15973] ? virtual_device_parent+0x50/0x50 [ 2353.616740][T15973] ? device_initialize+0x1d3/0x3e0 [ 2353.621827][T15973] rfkill_register+0x180/0x720 [ 2353.626566][T15973] hci_register_dev+0x398/0x710 [ 2353.631392][T15973] hci_uart_tty_ioctl+0x89e/0xa10 [ 2353.636387][T15973] ? hci_uart_tty_write+0x10/0x10 [ 2353.641383][T15973] tty_ioctl+0xf68/0x1710 [ 2353.645684][T15973] ? tty_do_resize+0x170/0x170 [ 2353.650419][T15973] ? avc_ss_reset+0x3a0/0x3a0 [ 2353.655083][T15973] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2353.661208][T15973] ? refcount_inc_checked+0x50/0x50 [ 2353.666379][T15973] ? proc_fail_nth_write+0x1d5/0x240 [ 2353.671634][T15973] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2353.676802][T15973] ? check_preemption_disabled+0x9e/0x330 [ 2353.682493][T15973] ? memset+0x1f/0x40 [ 2353.686447][T15973] ? fsnotify+0x1332/0x13f0 [ 2353.690936][T15973] ? tty_do_resize+0x170/0x170 [ 2353.695673][T15973] do_vfs_ioctl+0x76a/0x1720 [ 2353.700236][T15973] ? selinux_file_ioctl+0x72f/0x990 [ 2353.705411][T15973] ? ioctl_preallocate+0x250/0x250 [ 2353.710496][T15973] ? __fget+0x37b/0x3c0 [ 2353.714636][T15973] ? fget_many+0x20/0x20 [ 2353.718849][T15973] ? do_syscall_64+0x1e0/0x1e0 [ 2353.723590][T15973] ? security_file_ioctl+0x9d/0xb0 [ 2353.728687][T15973] __x64_sys_ioctl+0xd4/0x110 [ 2353.733339][T15973] do_syscall_64+0xcb/0x1e0 [ 2353.737814][T15973] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2353.743679][T15973] RIP: 0033:0x7f041403f739 [ 2353.748070][T15973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2353.767741][T15973] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2353.776124][T15973] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2353.784078][T15973] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2353.792021][T15973] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2353.799965][T15973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2353.807906][T15973] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2353.837800][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 12:59:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800be8010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2353.866706][T15972] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000040140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800bea010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2353.926465][T15982] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800bec010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2354.036461][T15988] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2354.106278][T15992] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2355.865551][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2355.871579][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2357.945450][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2357.951489][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2360.025288][T15793] Bluetooth: hci0: command 0x1009 tx timeout 12:59:49 executing program 2 (fault-call:6 fault-nth:61): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:59:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800bee010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000048140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffe, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 12:59:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8", 0xc) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 12:59:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00030062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2364.372483][T16004] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2364.391396][T16010] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2364.402822][T16010] FAULT_INJECTION: forcing a failure. [ 2364.402822][T16010] name failslab, interval 1, probability 0, space 0, times 0 [ 2364.416428][T16010] CPU: 1 PID: 16010 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2364.428046][T16010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2364.438097][T16010] Call Trace: [ 2364.441376][T16010] dump_stack+0x1d8/0x24e [ 2364.445697][T16010] ? devkmsg_release+0x11c/0x11c [ 2364.450628][T16010] ? show_regs_print_info+0x12/0x12 [ 2364.455808][T16010] ? kernfs_add_one+0x49e/0x5c0 [ 2364.460641][T16010] should_fail+0x6f6/0x860 [ 2364.465057][T16010] ? setup_fault_attr+0x3d0/0x3d0 [ 2364.470077][T16010] ? kernfs_put+0x46/0x4b0 [ 2364.474468][T16010] ? sysfs_add_file_mode_ns+0x2b4/0x340 [ 2364.480011][T16010] ? kobject_uevent_env+0x252/0x1000 [ 2364.485283][T16010] should_failslab+0x5/0x20 [ 2364.489770][T16010] kmem_cache_alloc_trace+0x39/0x2b0 [ 2364.495042][T16010] kobject_uevent_env+0x252/0x1000 [ 2364.500166][T16010] device_add+0xf42/0x18a0 [ 2364.504558][T16010] ? virtual_device_parent+0x50/0x50 [ 2364.509848][T16010] ? device_initialize+0x1d3/0x3e0 [ 2364.514941][T16010] rfkill_register+0x180/0x720 [ 2364.519684][T16010] hci_register_dev+0x398/0x710 [ 2364.524511][T16010] hci_uart_tty_ioctl+0x89e/0xa10 [ 2364.529514][T16010] ? hci_uart_tty_write+0x10/0x10 [ 2364.534516][T16010] tty_ioctl+0xf68/0x1710 [ 2364.538822][T16010] ? tty_do_resize+0x170/0x170 [ 2364.543563][T16010] ? avc_ss_reset+0x3a0/0x3a0 [ 2364.548217][T16010] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2364.554344][T16010] ? refcount_inc_checked+0x50/0x50 [ 2364.559522][T16010] ? proc_fail_nth_write+0x1d5/0x240 [ 2364.564784][T16010] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2364.569958][T16010] ? check_preemption_disabled+0x9e/0x330 [ 2364.575650][T16010] ? memset+0x1f/0x40 [ 2364.579606][T16010] ? fsnotify+0x1332/0x13f0 [ 2364.584087][T16010] ? tty_do_resize+0x170/0x170 [ 2364.588844][T16010] do_vfs_ioctl+0x76a/0x1720 [ 2364.593411][T16010] ? selinux_file_ioctl+0x72f/0x990 [ 2364.598587][T16010] ? ioctl_preallocate+0x250/0x250 [ 2364.603675][T16010] ? __fget+0x37b/0x3c0 [ 2364.607809][T16010] ? fget_many+0x20/0x20 [ 2364.612026][T16010] ? do_syscall_64+0x1e0/0x1e0 [ 2364.616771][T16010] ? security_file_ioctl+0x9d/0xb0 [ 2364.621857][T16010] __x64_sys_ioctl+0xd4/0x110 [ 2364.626511][T16010] do_syscall_64+0xcb/0x1e0 [ 2364.630995][T16010] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2364.636863][T16010] RIP: 0033:0x7f041403f739 [ 2364.641256][T16010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2364.660851][T16010] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2364.669243][T16010] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2364.677300][T16010] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2364.685246][T16010] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2364.693192][T16010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2364.701138][T16010] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2364.723291][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 12:59:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03040062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000004a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 12:59:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00050062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2364.852197][T16023] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 12:59:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000004c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2366.744846][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2366.750919][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2368.824725][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2368.830960][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2370.904595][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:00:00 executing program 2 (fault-call:6 fault-nth:62): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:00:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x38000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000008100140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00060062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000356140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab", 0x12) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2375.262771][T16047] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2375.271624][T16047] FAULT_INJECTION: forcing a failure. [ 2375.271624][T16047] name failslab, interval 1, probability 0, space 0, times 0 [ 2375.284882][T16047] CPU: 0 PID: 16047 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2375.296504][T16047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.306536][T16047] Call Trace: [ 2375.309810][T16047] dump_stack+0x1d8/0x24e [ 2375.314121][T16047] ? devkmsg_release+0x11c/0x11c [ 2375.319041][T16047] ? show_regs_print_info+0x12/0x12 [ 2375.324286][T16047] ? vsnprintf+0x1cb4/0x1d60 [ 2375.328854][T16047] should_fail+0x6f6/0x860 [ 2375.333249][T16047] ? setup_fault_attr+0x3d0/0x3d0 [ 2375.338264][T16047] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 2375.344062][T16047] ? __alloc_skb+0x75/0x4d0 [ 2375.348547][T16047] should_failslab+0x5/0x20 [ 2375.353027][T16047] kmem_cache_alloc+0x36/0x290 [ 2375.357771][T16047] ? mutex_lock+0xa6/0x110 [ 2375.362162][T16047] __alloc_skb+0x75/0x4d0 [ 2375.366473][T16047] alloc_uevent_skb+0x73/0x220 [ 2375.371234][T16047] kobject_uevent_env+0xaee/0x1000 [ 2375.376332][T16047] device_add+0xf42/0x18a0 [ 2375.380735][T16047] ? virtual_device_parent+0x50/0x50 [ 2375.386007][T16047] ? device_initialize+0x1d3/0x3e0 [ 2375.391097][T16047] rfkill_register+0x180/0x720 [ 2375.395836][T16047] hci_register_dev+0x398/0x710 [ 2375.400671][T16047] hci_uart_tty_ioctl+0x89e/0xa10 [ 2375.405682][T16047] ? hci_uart_tty_write+0x10/0x10 [ 2375.410687][T16047] tty_ioctl+0xf68/0x1710 [ 2375.415009][T16047] ? tty_do_resize+0x170/0x170 [ 2375.419751][T16047] ? avc_ss_reset+0x3a0/0x3a0 [ 2375.424410][T16047] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2375.430548][T16047] ? refcount_inc_checked+0x50/0x50 [ 2375.435733][T16047] ? proc_fail_nth_write+0x1d5/0x240 [ 2375.441001][T16047] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2375.446187][T16047] ? check_preemption_disabled+0x9e/0x330 [ 2375.451891][T16047] ? memset+0x1f/0x40 [ 2375.455859][T16047] ? fsnotify+0x1332/0x13f0 [ 2375.460346][T16047] ? tty_do_resize+0x170/0x170 [ 2375.465088][T16047] do_vfs_ioctl+0x76a/0x1720 [ 2375.469841][T16047] ? selinux_file_ioctl+0x72f/0x990 [ 2375.475034][T16047] ? ioctl_preallocate+0x250/0x250 [ 2375.480125][T16047] ? __fget+0x37b/0x3c0 [ 2375.484262][T16047] ? fget_many+0x20/0x20 [ 2375.488498][T16047] ? do_syscall_64+0x1e0/0x1e0 [ 2375.493246][T16047] ? security_file_ioctl+0x9d/0xb0 [ 2375.498337][T16047] __x64_sys_ioctl+0xd4/0x110 [ 2375.502994][T16047] do_syscall_64+0xcb/0x1e0 [ 2375.507494][T16047] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2375.513379][T16047] RIP: 0033:0x7f041403f739 [ 2375.517774][T16047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2375.537360][T16047] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2375.545755][T16047] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2375.553705][T16047] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 13:00:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03060062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2375.561654][T16047] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2375.569606][T16047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2375.577560][T16047] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2375.588106][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:00:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00070062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000068140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2375.745003][T16054] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 13:00:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b02070062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000039600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3ffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2375.924946][T16061] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2377.624131][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2377.630177][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2379.704021][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2379.710124][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2381.783859][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:00:11 executing program 2 (fault-call:6 fault-nth:63): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:00:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03080062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab", 0x12) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:00:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000006c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000a000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x40000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2386.141152][T16082] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2386.150028][T16082] FAULT_INJECTION: forcing a failure. [ 2386.150028][T16082] name failslab, interval 1, probability 0, space 0, times 0 [ 2386.163329][T16082] CPU: 0 PID: 16082 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2386.174939][T16082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2386.184979][T16082] Call Trace: [ 2386.188255][T16082] dump_stack+0x1d8/0x24e [ 2386.192565][T16082] ? devkmsg_release+0x11c/0x11c [ 2386.197478][T16082] ? show_regs_print_info+0x12/0x12 [ 2386.202655][T16082] should_fail+0x6f6/0x860 [ 2386.207057][T16082] ? setup_fault_attr+0x3d0/0x3d0 [ 2386.212065][T16082] ? alloc_uevent_skb+0x73/0x220 [ 2386.216988][T16082] should_failslab+0x5/0x20 [ 2386.221473][T16082] __kmalloc_track_caller+0x5d/0x2e0 [ 2386.226743][T16082] ? kmem_cache_alloc+0x115/0x290 [ 2386.231747][T16082] ? mutex_lock+0xa6/0x110 [ 2386.236138][T16082] ? alloc_uevent_skb+0x73/0x220 [ 2386.241050][T16082] __alloc_skb+0xaf/0x4d0 [ 2386.245355][T16082] alloc_uevent_skb+0x73/0x220 [ 2386.250093][T16082] kobject_uevent_env+0xaee/0x1000 [ 2386.255178][T16082] device_add+0xf42/0x18a0 [ 2386.259571][T16082] ? virtual_device_parent+0x50/0x50 [ 2386.264832][T16082] ? device_initialize+0x1d3/0x3e0 [ 2386.269937][T16082] rfkill_register+0x180/0x720 [ 2386.274674][T16082] hci_register_dev+0x398/0x710 [ 2386.279499][T16082] hci_uart_tty_ioctl+0x89e/0xa10 [ 2386.284503][T16082] ? hci_uart_tty_write+0x10/0x10 [ 2386.289504][T16082] tty_ioctl+0xf68/0x1710 [ 2386.293810][T16082] ? tty_do_resize+0x170/0x170 [ 2386.298550][T16082] ? avc_ss_reset+0x3a0/0x3a0 [ 2386.303201][T16082] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2386.309327][T16082] ? refcount_inc_checked+0x50/0x50 [ 2386.314504][T16082] ? proc_fail_nth_write+0x1d5/0x240 [ 2386.319764][T16082] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2386.324939][T16082] ? check_preemption_disabled+0x9e/0x330 [ 2386.330629][T16082] ? memset+0x1f/0x40 [ 2386.334583][T16082] ? fsnotify+0x1332/0x13f0 [ 2386.339068][T16082] ? tty_do_resize+0x170/0x170 [ 2386.343802][T16082] do_vfs_ioctl+0x76a/0x1720 [ 2386.348364][T16082] ? selinux_file_ioctl+0x72f/0x990 [ 2386.353552][T16082] ? ioctl_preallocate+0x250/0x250 [ 2386.358639][T16082] ? __fget+0x37b/0x3c0 [ 2386.362772][T16082] ? fget_many+0x20/0x20 [ 2386.366987][T16082] ? do_syscall_64+0x1e0/0x1e0 [ 2386.371739][T16082] ? security_file_ioctl+0x9d/0xb0 [ 2386.376825][T16082] __x64_sys_ioctl+0xd4/0x110 [ 2386.381476][T16082] do_syscall_64+0xcb/0x1e0 [ 2386.385951][T16082] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2386.391818][T16082] RIP: 0033:0x7f041403f739 [ 2386.396211][T16082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2386.415798][T16082] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2386.424181][T16082] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2386.432137][T16082] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2386.440078][T16082] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2386.448021][T16082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2386.455974][T16082] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2386.482885][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:00:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00090062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2386.554431][T16079] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 13:00:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000a0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003b400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b030a0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000074140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000b0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2386.804155][T16097] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2388.503419][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2388.509479][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2390.583480][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2390.589528][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2392.663133][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:00:22 executing program 2 (fault-call:6 fault-nth:64): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:00:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x100000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003b600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000c0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000007a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab", 0x12) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:00:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b800e0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2397.021913][T16117] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2397.034263][T16117] FAULT_INJECTION: forcing a failure. [ 2397.034263][T16117] name failslab, interval 1, probability 0, space 0, times 0 [ 2397.047116][T16117] CPU: 1 PID: 16117 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2397.058734][T16117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2397.068779][T16117] Call Trace: [ 2397.072060][T16117] dump_stack+0x1d8/0x24e [ 2397.076373][T16117] ? devkmsg_release+0x11c/0x11c [ 2397.081299][T16117] ? show_regs_print_info+0x12/0x12 [ 2397.086482][T16117] ? vsnprintf+0x1d60/0x1d60 [ 2397.091061][T16117] should_fail+0x6f6/0x860 [ 2397.095466][T16117] ? setup_fault_attr+0x3d0/0x3d0 [ 2397.100469][T16117] ? vsnprintf+0x1cb4/0x1d60 [ 2397.105036][T16117] ? skb_clone+0x1b2/0x360 [ 2397.109437][T16117] should_failslab+0x5/0x20 [ 2397.113918][T16117] kmem_cache_alloc+0x36/0x290 [ 2397.118653][T16117] skb_clone+0x1b2/0x360 [ 2397.122894][T16117] netlink_broadcast_filtered+0x5d1/0x10a0 [ 2397.128706][T16117] netlink_broadcast+0x35/0x50 [ 2397.133453][T16117] kobject_uevent_env+0xb1f/0x1000 [ 2397.138546][T16117] device_add+0xf42/0x18a0 [ 2397.142951][T16117] ? virtual_device_parent+0x50/0x50 [ 2397.148390][T16117] ? device_initialize+0x1d3/0x3e0 [ 2397.153473][T16117] rfkill_register+0x180/0x720 [ 2397.158218][T16117] hci_register_dev+0x398/0x710 [ 2397.163056][T16117] hci_uart_tty_ioctl+0x89e/0xa10 [ 2397.168069][T16117] ? hci_uart_tty_write+0x10/0x10 [ 2397.173075][T16117] tty_ioctl+0xf68/0x1710 [ 2397.177380][T16117] ? tty_do_resize+0x170/0x170 [ 2397.182124][T16117] ? avc_ss_reset+0x3a0/0x3a0 [ 2397.186784][T16117] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2397.192927][T16117] ? refcount_inc_checked+0x50/0x50 [ 2397.198104][T16117] ? proc_fail_nth_write+0x1d5/0x240 [ 2397.203368][T16117] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2397.208544][T16117] ? check_preemption_disabled+0x9e/0x330 [ 2397.214239][T16117] ? memset+0x1f/0x40 [ 2397.218199][T16117] ? fsnotify+0x1332/0x13f0 [ 2397.222679][T16117] ? tty_do_resize+0x170/0x170 [ 2397.227420][T16117] do_vfs_ioctl+0x76a/0x1720 [ 2397.232000][T16117] ? selinux_file_ioctl+0x72f/0x990 [ 2397.237278][T16117] ? ioctl_preallocate+0x250/0x250 [ 2397.242366][T16117] ? __fget+0x37b/0x3c0 [ 2397.246500][T16117] ? fget_many+0x20/0x20 [ 2397.250746][T16117] ? do_syscall_64+0x1e0/0x1e0 [ 2397.255492][T16117] ? security_file_ioctl+0x9d/0xb0 [ 2397.260577][T16117] __x64_sys_ioctl+0xd4/0x110 [ 2397.265232][T16117] do_syscall_64+0xcb/0x1e0 [ 2397.269726][T16117] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2397.275597][T16117] RIP: 0033:0x7f041403f739 [ 2397.279986][T16117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2397.299572][T16117] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2397.307971][T16117] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2397.315924][T16117] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2397.323872][T16117] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2397.331824][T16117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2397.339867][T16117] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2397.357962][T11944] Bluetooth: hci0: sending frame failed (-49) 13:00:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000ba00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000081140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000f0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2397.513740][T16121] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 13:00:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000ffffff81140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b01100062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2397.796232][T16132] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2399.382711][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2399.388773][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2401.462563][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2401.468857][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2403.542440][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:00:33 executing program 2 (fault-call:6 fault-nth:65): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:00:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x800300, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00130062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e82", 0x15) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:00:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003c000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000085140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2407.885044][T16140] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2407.897320][T16140] FAULT_INJECTION: forcing a failure. [ 2407.897320][T16140] name failslab, interval 1, probability 0, space 0, times 0 [ 2407.911232][T16140] CPU: 0 PID: 16140 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2407.923014][T16140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2407.933042][T16140] Call Trace: [ 2407.936328][T16140] dump_stack+0x1d8/0x24e [ 2407.940636][T16140] ? devkmsg_release+0x11c/0x11c [ 2407.945543][T16140] ? vsnprintf+0x1cb4/0x1d60 [ 2407.950107][T16140] ? show_regs_print_info+0x12/0x12 [ 2407.955300][T16140] should_fail+0x6f6/0x860 [ 2407.959699][T16140] ? setup_fault_attr+0x3d0/0x3d0 [ 2407.964707][T16140] ? add_uevent_var+0x1c2/0x360 [ 2407.969541][T16140] ? call_usermodehelper_setup+0x91/0x200 [ 2407.975238][T16140] should_failslab+0x5/0x20 [ 2407.979731][T16140] kmem_cache_alloc_trace+0x39/0x2b0 [ 2407.984997][T16140] call_usermodehelper_setup+0x91/0x200 [ 2407.990518][T16140] ? add_uevent_var+0x360/0x360 [ 2407.995341][T16140] kobject_uevent_env+0xdd6/0x1000 [ 2408.000433][T16140] device_add+0xf42/0x18a0 [ 2408.004837][T16140] ? virtual_device_parent+0x50/0x50 [ 2408.010111][T16140] ? device_initialize+0x1d3/0x3e0 [ 2408.015207][T16140] rfkill_register+0x180/0x720 [ 2408.019948][T16140] hci_register_dev+0x398/0x710 [ 2408.024782][T16140] hci_uart_tty_ioctl+0x89e/0xa10 [ 2408.029787][T16140] ? hci_uart_tty_write+0x10/0x10 [ 2408.034792][T16140] tty_ioctl+0xf68/0x1710 [ 2408.039101][T16140] ? tty_do_resize+0x170/0x170 [ 2408.043848][T16140] ? avc_ss_reset+0x3a0/0x3a0 [ 2408.048504][T16140] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2408.054635][T16140] ? refcount_inc_checked+0x50/0x50 [ 2408.059806][T16140] ? proc_fail_nth_write+0x1d5/0x240 [ 2408.065075][T16140] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2408.070312][T16140] ? check_preemption_disabled+0x9e/0x330 [ 2408.076056][T16140] ? memset+0x1f/0x40 [ 2408.080011][T16140] ? fsnotify+0x1332/0x13f0 [ 2408.084498][T16140] ? tty_do_resize+0x170/0x170 [ 2408.089239][T16140] do_vfs_ioctl+0x76a/0x1720 [ 2408.093813][T16140] ? selinux_file_ioctl+0x72f/0x990 [ 2408.098997][T16140] ? ioctl_preallocate+0x250/0x250 [ 2408.104087][T16140] ? __fget+0x37b/0x3c0 [ 2408.108220][T16140] ? fget_many+0x20/0x20 [ 2408.112439][T16140] ? do_syscall_64+0x1e0/0x1e0 [ 2408.117183][T16140] ? security_file_ioctl+0x9d/0xb0 [ 2408.122356][T16140] __x64_sys_ioctl+0xd4/0x110 [ 2408.127018][T16140] do_syscall_64+0xcb/0x1e0 [ 2408.131501][T16140] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2408.137371][T16140] RIP: 0033:0x7f041403f739 [ 2408.141771][T16140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2408.161395][T16140] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2408.169781][T16140] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2408.177729][T16140] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 13:00:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00140062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2408.185682][T16140] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2408.193632][T16140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2408.201575][T16140] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2408.211562][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:00:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000396140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00150062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00160062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003c200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2410.262063][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2410.268132][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2412.341933][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2412.348151][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2414.421822][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:00:43 executing program 2 (fault-call:6 fault-nth:66): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:00:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00180062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000ffffff9e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e82", 0x15) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:00:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003c400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2418.774036][T16185] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2418.783776][T16185] FAULT_INJECTION: forcing a failure. [ 2418.783776][T16185] name failslab, interval 1, probability 0, space 0, times 0 [ 2418.797017][T16185] CPU: 0 PID: 16185 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2418.808628][T16185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2418.818654][T16185] Call Trace: [ 2418.821921][T16185] dump_stack+0x1d8/0x24e [ 2418.826225][T16185] ? devkmsg_release+0x11c/0x11c [ 2418.831135][T16185] ? show_regs_print_info+0x12/0x12 [ 2418.836304][T16185] should_fail+0x6f6/0x860 [ 2418.840692][T16185] ? setup_fault_attr+0x3d0/0x3d0 [ 2418.845686][T16185] ? _raw_spin_unlock+0x5b/0x60 [ 2418.850509][T16185] ? __rcu_read_lock+0x50/0x50 [ 2418.855253][T16185] ? rfkill_send_events+0xae/0x3f0 [ 2418.860341][T16185] should_failslab+0x5/0x20 [ 2418.864820][T16185] kmem_cache_alloc_trace+0x39/0x2b0 [ 2418.870077][T16185] rfkill_send_events+0xae/0x3f0 [ 2418.874994][T16185] rfkill_register+0x6ad/0x720 [ 2418.879734][T16185] hci_register_dev+0x398/0x710 [ 2418.884561][T16185] hci_uart_tty_ioctl+0x89e/0xa10 [ 2418.889562][T16185] ? hci_uart_tty_write+0x10/0x10 [ 2418.894561][T16185] tty_ioctl+0xf68/0x1710 [ 2418.898867][T16185] ? tty_do_resize+0x170/0x170 [ 2418.903608][T16185] ? avc_ss_reset+0x3a0/0x3a0 [ 2418.908263][T16185] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2418.914390][T16185] ? refcount_inc_checked+0x50/0x50 [ 2418.919571][T16185] ? proc_fail_nth_write+0x1d5/0x240 [ 2418.924833][T16185] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2418.930012][T16185] ? check_preemption_disabled+0x9e/0x330 [ 2418.935703][T16185] ? memset+0x1f/0x40 [ 2418.939658][T16185] ? fsnotify+0x1332/0x13f0 [ 2418.944137][T16185] ? tty_do_resize+0x170/0x170 [ 2418.948874][T16185] do_vfs_ioctl+0x76a/0x1720 [ 2418.953448][T16185] ? selinux_file_ioctl+0x72f/0x990 [ 2418.958616][T16185] ? ioctl_preallocate+0x250/0x250 [ 2418.963701][T16185] ? __fget+0x37b/0x3c0 [ 2418.967847][T16185] ? fget_many+0x20/0x20 [ 2418.972069][T16185] ? do_syscall_64+0x1e0/0x1e0 [ 2418.976801][T16185] ? security_file_ioctl+0x9d/0xb0 [ 2418.981882][T16185] __x64_sys_ioctl+0xd4/0x110 [ 2418.986539][T16185] do_syscall_64+0xcb/0x1e0 [ 2418.991028][T16185] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2418.996888][T16185] RIP: 0033:0x7f041403f739 [ 2419.001282][T16185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2419.020857][T16185] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2419.029250][T16185] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2419.037193][T16185] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2419.045143][T16185] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2419.053093][T16185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2419.061033][T16185] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2419.089757][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:00:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003da00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b001c0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b001f0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000a0140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00200062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2421.141256][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2421.147290][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2423.221146][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2423.227199][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2425.300977][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:00:54 executing program 2 (fault-call:6 fault-nth:67): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:00:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003e200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03370062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e82", 0x15) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:00:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:00:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003b4140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2429.655521][T16218] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2429.664504][T16218] FAULT_INJECTION: forcing a failure. [ 2429.664504][T16218] name failslab, interval 1, probability 0, space 0, times 0 [ 2429.678593][T16218] CPU: 0 PID: 16218 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2429.690202][T16218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2429.700233][T16218] Call Trace: [ 2429.703504][T16218] dump_stack+0x1d8/0x24e [ 2429.707809][T16218] ? devkmsg_release+0x11c/0x11c [ 2429.712726][T16218] ? show_regs_print_info+0x12/0x12 [ 2429.717897][T16218] should_fail+0x6f6/0x860 [ 2429.722294][T16218] ? setup_fault_attr+0x3d0/0x3d0 [ 2429.727301][T16218] ? remove_wait_queue+0x120/0x120 [ 2429.732391][T16218] ? rfkill_send_events+0xae/0x3f0 [ 2429.737486][T16218] should_failslab+0x5/0x20 [ 2429.741979][T16218] kmem_cache_alloc_trace+0x39/0x2b0 [ 2429.747254][T16218] rfkill_send_events+0xae/0x3f0 [ 2429.752178][T16218] rfkill_register+0x6ad/0x720 [ 2429.756924][T16218] hci_register_dev+0x398/0x710 [ 2429.761762][T16218] hci_uart_tty_ioctl+0x89e/0xa10 [ 2429.766769][T16218] ? hci_uart_tty_write+0x10/0x10 [ 2429.771771][T16218] tty_ioctl+0xf68/0x1710 [ 2429.776074][T16218] ? tty_do_resize+0x170/0x170 [ 2429.780814][T16218] ? avc_ss_reset+0x3a0/0x3a0 [ 2429.785464][T16218] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2429.791590][T16218] ? refcount_inc_checked+0x50/0x50 [ 2429.796774][T16218] ? proc_fail_nth_write+0x1d5/0x240 [ 2429.802033][T16218] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2429.807203][T16218] ? check_preemption_disabled+0x9e/0x330 [ 2429.812891][T16218] ? memset+0x1f/0x40 [ 2429.816844][T16218] ? fsnotify+0x1332/0x13f0 [ 2429.821320][T16218] ? tty_do_resize+0x170/0x170 [ 2429.826059][T16218] do_vfs_ioctl+0x76a/0x1720 [ 2429.830623][T16218] ? selinux_file_ioctl+0x72f/0x990 [ 2429.835799][T16218] ? ioctl_preallocate+0x250/0x250 [ 2429.840885][T16218] ? __fget+0x37b/0x3c0 [ 2429.845014][T16218] ? fget_many+0x20/0x20 [ 2429.849232][T16218] ? do_syscall_64+0x1e0/0x1e0 [ 2429.853970][T16218] ? security_file_ioctl+0x9d/0xb0 [ 2429.859058][T16218] __x64_sys_ioctl+0xd4/0x110 [ 2429.863707][T16218] do_syscall_64+0xcb/0x1e0 [ 2429.868188][T16218] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2429.874057][T16218] RIP: 0033:0x7f041403f739 [ 2429.878448][T16218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2429.898200][T16218] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2429.906588][T16218] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2429.914536][T16218] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2429.922481][T16218] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2429.930426][T16218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2429.938371][T16218] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2429.963709][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:00:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000ba140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000010e500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b03390062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2430.111151][T16216] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 13:00:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000fffe00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:00:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b003f0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2430.251420][T16232] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 13:00:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2432.020802][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2432.026841][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2434.101061][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2434.107093][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2436.180520][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:01:05 executing program 2 (fault-call:6 fault-nth:68): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:01:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003c0140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00400062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dab", 0x17) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:01:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003ff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2440.528724][T16254] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2440.539732][T16254] FAULT_INJECTION: forcing a failure. [ 2440.539732][T16254] name failslab, interval 1, probability 0, space 0, times 0 [ 2440.552709][T16254] CPU: 1 PID: 16254 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2440.564351][T16254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2440.574375][T16254] Call Trace: [ 2440.577639][T16254] dump_stack+0x1d8/0x24e [ 2440.581987][T16254] ? devkmsg_release+0x11c/0x11c [ 2440.586903][T16254] ? show_regs_print_info+0x12/0x12 [ 2440.592078][T16254] should_fail+0x6f6/0x860 [ 2440.596466][T16254] ? setup_fault_attr+0x3d0/0x3d0 [ 2440.601479][T16254] ? remove_wait_queue+0x120/0x120 [ 2440.606561][T16254] ? rfkill_send_events+0xae/0x3f0 [ 2440.611646][T16254] should_failslab+0x5/0x20 [ 2440.616142][T16254] kmem_cache_alloc_trace+0x39/0x2b0 [ 2440.621405][T16254] rfkill_send_events+0xae/0x3f0 [ 2440.626311][T16254] rfkill_register+0x6ad/0x720 [ 2440.631058][T16254] hci_register_dev+0x398/0x710 [ 2440.635895][T16254] hci_uart_tty_ioctl+0x89e/0xa10 [ 2440.640895][T16254] ? hci_uart_tty_write+0x10/0x10 [ 2440.645889][T16254] tty_ioctl+0xf68/0x1710 [ 2440.650196][T16254] ? tty_do_resize+0x170/0x170 [ 2440.654976][T16254] ? avc_ss_reset+0x3a0/0x3a0 [ 2440.659624][T16254] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2440.665748][T16254] ? refcount_inc_checked+0x50/0x50 [ 2440.670934][T16254] ? proc_fail_nth_write+0x1d5/0x240 [ 2440.676202][T16254] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2440.681372][T16254] ? check_preemption_disabled+0x9e/0x330 [ 2440.687062][T16254] ? memset+0x1f/0x40 [ 2440.691022][T16254] ? fsnotify+0x1332/0x13f0 [ 2440.695550][T16254] ? tty_do_resize+0x170/0x170 [ 2440.700291][T16254] do_vfs_ioctl+0x76a/0x1720 [ 2440.704866][T16254] ? selinux_file_ioctl+0x72f/0x990 [ 2440.710038][T16254] ? ioctl_preallocate+0x250/0x250 [ 2440.715118][T16254] ? __fget+0x37b/0x3c0 [ 2440.719255][T16254] ? fget_many+0x20/0x20 [ 2440.723470][T16254] ? do_syscall_64+0x1e0/0x1e0 [ 2440.728213][T16254] ? security_file_ioctl+0x9d/0xb0 [ 2440.733297][T16254] __x64_sys_ioctl+0xd4/0x110 [ 2440.737947][T16254] do_syscall_64+0xcb/0x1e0 [ 2440.742424][T16254] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2440.748291][T16254] RIP: 0033:0x7f041403f739 [ 2440.752681][T16254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2440.772272][T16254] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2440.780748][T16254] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2440.788689][T16254] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2440.796722][T16254] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2440.804697][T16254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2440.812639][T16254] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2440.822483][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:01:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000fff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b024e0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003c2140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00640062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2441.040979][T16266] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 13:01:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b007c0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2442.899787][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2442.905852][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2444.979676][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2444.985714][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2447.059518][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:01:16 executing program 2 (fault-call:6 fault-nth:69): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:01:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b7fff0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000007fff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000ffffffc3140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:01:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dab", 0x17) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:01:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00020062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2451.405937][T16288] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2451.412474][T16298] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2451.431361][T16298] FAULT_INJECTION: forcing a failure. [ 2451.431361][T16298] name failslab, interval 1, probability 0, space 0, times 0 [ 2451.445139][T16298] CPU: 0 PID: 16298 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2451.456753][T16298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2451.466791][T16298] Call Trace: [ 2451.470063][T16298] dump_stack+0x1d8/0x24e [ 2451.474373][T16298] ? devkmsg_release+0x11c/0x11c [ 2451.479331][T16298] ? show_regs_print_info+0x12/0x12 [ 2451.484507][T16298] should_fail+0x6f6/0x860 [ 2451.488897][T16298] ? setup_fault_attr+0x3d0/0x3d0 [ 2451.493898][T16298] ? remove_wait_queue+0x120/0x120 [ 2451.498994][T16298] ? rfkill_send_events+0xae/0x3f0 [ 2451.504085][T16298] should_failslab+0x5/0x20 [ 2451.508564][T16298] kmem_cache_alloc_trace+0x39/0x2b0 [ 2451.513833][T16298] rfkill_send_events+0xae/0x3f0 [ 2451.518748][T16298] rfkill_register+0x6ad/0x720 [ 2451.523487][T16298] hci_register_dev+0x398/0x710 [ 2451.528316][T16298] hci_uart_tty_ioctl+0x89e/0xa10 [ 2451.533314][T16298] ? hci_uart_tty_write+0x10/0x10 [ 2451.538312][T16298] tty_ioctl+0xf68/0x1710 [ 2451.542612][T16298] ? tty_do_resize+0x170/0x170 [ 2451.547349][T16298] ? avc_ss_reset+0x3a0/0x3a0 [ 2451.552003][T16298] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2451.558125][T16298] ? refcount_inc_checked+0x50/0x50 [ 2451.563298][T16298] ? proc_fail_nth_write+0x1d5/0x240 [ 2451.568555][T16298] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2451.573725][T16298] ? check_preemption_disabled+0x9e/0x330 [ 2451.579414][T16298] ? memset+0x1f/0x40 [ 2451.583366][T16298] ? fsnotify+0x1332/0x13f0 [ 2451.587845][T16298] ? tty_do_resize+0x170/0x170 [ 2451.592585][T16298] do_vfs_ioctl+0x76a/0x1720 [ 2451.597150][T16298] ? selinux_file_ioctl+0x72f/0x990 [ 2451.602323][T16298] ? ioctl_preallocate+0x250/0x250 [ 2451.607409][T16298] ? __fget+0x37b/0x3c0 [ 2451.611539][T16298] ? fget_many+0x20/0x20 [ 2451.615755][T16298] ? do_syscall_64+0x1e0/0x1e0 [ 2451.620494][T16298] ? security_file_ioctl+0x9d/0xb0 [ 2451.625579][T16298] __x64_sys_ioctl+0xd4/0x110 [ 2451.630231][T16298] do_syscall_64+0xcb/0x1e0 [ 2451.634709][T16298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2451.640572][T16298] RIP: 0033:0x7f041403f739 [ 2451.644966][T16298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2451.664557][T16298] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2451.672948][T16298] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2451.680895][T16298] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2451.688840][T16298] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2451.696781][T16298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2451.704726][T16298] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2451.730410][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:01:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000feff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00030062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00040062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:01:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000b9302c9140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2453.779066][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2453.785138][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2455.858942][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2455.864982][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2457.938805][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:01:27 executing program 2 (fault-call:6 fault-nth:70): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:01:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00050062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000170012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dab", 0x17) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:01:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:01:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003da140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2462.290800][T16337] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2462.294893][T16338] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2462.303855][T16337] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2462.312593][T16338] FAULT_INJECTION: forcing a failure. [ 2462.312593][T16338] name failslab, interval 1, probability 0, space 0, times 0 [ 2462.330961][T16338] CPU: 0 PID: 16338 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2462.342570][T16338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2462.352601][T16338] Call Trace: [ 2462.355871][T16338] dump_stack+0x1d8/0x24e [ 2462.360177][T16338] ? devkmsg_release+0x11c/0x11c [ 2462.365090][T16338] ? show_regs_print_info+0x12/0x12 [ 2462.370268][T16338] should_fail+0x6f6/0x860 [ 2462.374657][T16338] ? setup_fault_attr+0x3d0/0x3d0 [ 2462.379659][T16338] ? remove_wait_queue+0x120/0x120 [ 2462.384753][T16338] ? rfkill_send_events+0xae/0x3f0 [ 2462.389836][T16338] should_failslab+0x5/0x20 [ 2462.394313][T16338] kmem_cache_alloc_trace+0x39/0x2b0 [ 2462.399573][T16338] rfkill_send_events+0xae/0x3f0 [ 2462.404572][T16338] rfkill_register+0x6ad/0x720 [ 2462.409309][T16338] hci_register_dev+0x398/0x710 [ 2462.414149][T16338] hci_uart_tty_ioctl+0x89e/0xa10 [ 2462.419145][T16338] ? hci_uart_tty_write+0x10/0x10 [ 2462.424140][T16338] tty_ioctl+0xf68/0x1710 [ 2462.428441][T16338] ? tty_do_resize+0x170/0x170 [ 2462.433176][T16338] ? avc_ss_reset+0x3a0/0x3a0 [ 2462.437823][T16338] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2462.443947][T16338] ? refcount_inc_checked+0x50/0x50 [ 2462.449122][T16338] ? proc_fail_nth_write+0x1d5/0x240 [ 2462.454380][T16338] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2462.459551][T16338] ? check_preemption_disabled+0x9e/0x330 [ 2462.465242][T16338] ? memset+0x1f/0x40 [ 2462.469200][T16338] ? fsnotify+0x1332/0x13f0 [ 2462.473680][T16338] ? tty_do_resize+0x170/0x170 [ 2462.478427][T16338] do_vfs_ioctl+0x76a/0x1720 [ 2462.482992][T16338] ? selinux_file_ioctl+0x72f/0x990 [ 2462.488161][T16338] ? ioctl_preallocate+0x250/0x250 [ 2462.493248][T16338] ? __fget+0x37b/0x3c0 [ 2462.497375][T16338] ? fget_many+0x20/0x20 [ 2462.501588][T16338] ? do_syscall_64+0x1e0/0x1e0 [ 2462.506335][T16338] ? security_file_ioctl+0x9d/0xb0 [ 2462.511417][T16338] __x64_sys_ioctl+0xd4/0x110 [ 2462.516069][T16338] do_syscall_64+0xcb/0x1e0 [ 2462.520547][T16338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2462.526422][T16338] RIP: 0033:0x7f041403f739 [ 2462.530811][T16338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2462.550398][T16338] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2462.558780][T16338] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2462.566726][T16338] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2462.574683][T16338] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2462.582631][T16338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 13:01:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00060062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2462.590588][T16338] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2462.623681][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:01:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00070062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000200012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000006280012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00080062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2462.769190][T16353] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2462.829263][T16356] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2464.658313][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2464.664351][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2466.738200][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2466.744245][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2468.818049][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:01:38 executing program 2 (fault-call:6 fault-nth:71): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:01:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003e2140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000003f0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00090062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:01:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:01:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000a0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2473.175047][T16373] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2473.189480][T16373] FAULT_INJECTION: forcing a failure. [ 2473.189480][T16373] name failslab, interval 1, probability 0, space 0, times 0 [ 2473.203152][T16373] CPU: 1 PID: 16373 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2473.214774][T16373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2473.224808][T16373] Call Trace: [ 2473.228190][T16373] dump_stack+0x1d8/0x24e [ 2473.232509][T16373] ? devkmsg_release+0x11c/0x11c [ 2473.237427][T16373] ? show_regs_print_info+0x12/0x12 [ 2473.242665][T16373] should_fail+0x6f6/0x860 [ 2473.247067][T16373] ? setup_fault_attr+0x3d0/0x3d0 [ 2473.252073][T16373] ? remove_wait_queue+0x120/0x120 [ 2473.257187][T16373] ? rfkill_send_events+0xae/0x3f0 [ 2473.262291][T16373] should_failslab+0x5/0x20 [ 2473.266782][T16373] kmem_cache_alloc_trace+0x39/0x2b0 [ 2473.272101][T16373] rfkill_send_events+0xae/0x3f0 [ 2473.277031][T16373] rfkill_register+0x6ad/0x720 [ 2473.281822][T16373] hci_register_dev+0x398/0x710 [ 2473.286647][T16373] hci_uart_tty_ioctl+0x89e/0xa10 [ 2473.291646][T16373] ? hci_uart_tty_write+0x10/0x10 [ 2473.296656][T16373] tty_ioctl+0xf68/0x1710 [ 2473.300980][T16373] ? tty_do_resize+0x170/0x170 [ 2473.305729][T16373] ? avc_ss_reset+0x3a0/0x3a0 [ 2473.310379][T16373] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2473.316525][T16373] ? refcount_inc_checked+0x50/0x50 [ 2473.321707][T16373] ? proc_fail_nth_write+0x1d5/0x240 [ 2473.326963][T16373] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2473.332186][T16373] ? check_preemption_disabled+0x9e/0x330 [ 2473.337884][T16373] ? memset+0x1f/0x40 [ 2473.341846][T16373] ? fsnotify+0x1332/0x13f0 [ 2473.346329][T16373] ? tty_do_resize+0x170/0x170 [ 2473.351066][T16373] do_vfs_ioctl+0x76a/0x1720 [ 2473.355627][T16373] ? selinux_file_ioctl+0x72f/0x990 [ 2473.360803][T16373] ? ioctl_preallocate+0x250/0x250 [ 2473.365898][T16373] ? __fget+0x37b/0x3c0 [ 2473.370033][T16373] ? fget_many+0x20/0x20 [ 2473.374246][T16373] ? do_syscall_64+0x1e0/0x1e0 [ 2473.378987][T16373] ? security_file_ioctl+0x9d/0xb0 [ 2473.384071][T16373] __x64_sys_ioctl+0xd4/0x110 [ 2473.388718][T16373] do_syscall_64+0xcb/0x1e0 [ 2473.393192][T16373] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2473.399056][T16373] RIP: 0033:0x7f041403f739 [ 2473.403453][T16373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2473.423027][T16373] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2473.431416][T16373] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2473.439361][T16373] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2473.447308][T16373] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2473.455257][T16373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2473.463217][T16373] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2473.482467][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:01:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000b0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000400012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2473.536678][T16372] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:01:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a400012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000c0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000ffffffea140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2473.598600][T16385] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2473.679126][T16391] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2475.537570][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2475.543949][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2477.617455][T24421] Bluetooth: hci0: command 0x1001 tx timeout [ 2477.623569][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2479.697303][T24421] Bluetooth: hci0: command 0x1009 tx timeout 13:01:49 executing program 2 (fault-call:6 fault-nth:72): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:01:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb9302c9, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:01:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000f0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000540012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000ffffffef140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:01:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00100062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2484.057381][T16404] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2484.071511][T16404] FAULT_INJECTION: forcing a failure. [ 2484.071511][T16404] name failslab, interval 1, probability 0, space 0, times 0 [ 2484.084519][T16404] CPU: 0 PID: 16404 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2484.096132][T16404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2484.106175][T16404] Call Trace: [ 2484.109451][T16404] dump_stack+0x1d8/0x24e [ 2484.113761][T16404] ? devkmsg_release+0x11c/0x11c [ 2484.118680][T16404] ? show_regs_print_info+0x12/0x12 [ 2484.123873][T16404] should_fail+0x6f6/0x860 [ 2484.128277][T16404] ? setup_fault_attr+0x3d0/0x3d0 [ 2484.133337][T16404] ? remove_wait_queue+0x120/0x120 [ 2484.138427][T16404] ? rfkill_send_events+0xae/0x3f0 [ 2484.143526][T16404] should_failslab+0x5/0x20 [ 2484.148020][T16404] kmem_cache_alloc_trace+0x39/0x2b0 [ 2484.153286][T16404] rfkill_send_events+0xae/0x3f0 [ 2484.158222][T16404] rfkill_register+0x6ad/0x720 [ 2484.162977][T16404] hci_register_dev+0x398/0x710 [ 2484.167813][T16404] hci_uart_tty_ioctl+0x89e/0xa10 [ 2484.172827][T16404] ? hci_uart_tty_write+0x10/0x10 [ 2484.177832][T16404] tty_ioctl+0xf68/0x1710 [ 2484.182148][T16404] ? tty_do_resize+0x170/0x170 [ 2484.186897][T16404] ? avc_ss_reset+0x3a0/0x3a0 [ 2484.191561][T16404] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2484.197693][T16404] ? refcount_inc_checked+0x50/0x50 [ 2484.202871][T16404] ? proc_fail_nth_write+0x1d5/0x240 [ 2484.208136][T16404] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2484.213320][T16404] ? check_preemption_disabled+0x9e/0x330 [ 2484.219020][T16404] ? memset+0x1f/0x40 [ 2484.222985][T16404] ? fsnotify+0x1332/0x13f0 [ 2484.227465][T16404] ? tty_do_resize+0x170/0x170 [ 2484.232227][T16404] do_vfs_ioctl+0x76a/0x1720 [ 2484.236802][T16404] ? selinux_file_ioctl+0x72f/0x990 [ 2484.241982][T16404] ? ioctl_preallocate+0x250/0x250 [ 2484.247080][T16404] ? __fget+0x37b/0x3c0 [ 2484.251227][T16404] ? fget_many+0x20/0x20 [ 2484.255451][T16404] ? do_syscall_64+0x1e0/0x1e0 [ 2484.260193][T16404] ? security_file_ioctl+0x9d/0xb0 [ 2484.265287][T16404] __x64_sys_ioctl+0xd4/0x110 [ 2484.269941][T16404] do_syscall_64+0xcb/0x1e0 [ 2484.274422][T16404] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2484.280288][T16404] RIP: 0033:0x7f041403f739 [ 2484.284684][T16404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2484.304272][T16404] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2484.312673][T16404] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2484.320639][T16404] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2484.328596][T16404] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2484.336549][T16404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2484.344588][T16404] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 13:01:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000fffffff0140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00130062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000025c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2484.398224][T16405] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:01:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00140062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:01:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000640012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2484.507739][T16419] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2484.558102][T16424] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2486.416966][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2486.423043][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2488.496801][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2488.502877][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2490.576668][T24421] Bluetooth: hci0: command 0x1009 tx timeout 13:02:00 executing program 2 (fault-call:6 fault-nth:73): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:02:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000f2140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00150062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000680012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:00 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:02:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:02:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003e40012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00160062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2494.926353][T16435] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2494.931784][T16439] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2494.954387][T16439] FAULT_INJECTION: forcing a failure. [ 2494.954387][T16439] name failslab, interval 1, probability 0, space 0, times 0 [ 2494.974508][T16439] CPU: 0 PID: 16439 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2494.986127][T16439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2494.996158][T16439] Call Trace: [ 2494.999478][T16439] dump_stack+0x1d8/0x24e [ 2495.003792][T16439] ? devkmsg_release+0x11c/0x11c [ 2495.008729][T16439] ? show_regs_print_info+0x12/0x12 [ 2495.013900][T16439] should_fail+0x6f6/0x860 [ 2495.018296][T16439] ? setup_fault_attr+0x3d0/0x3d0 [ 2495.023385][T16439] ? remove_wait_queue+0x120/0x120 [ 2495.028487][T16439] ? rfkill_send_events+0xae/0x3f0 [ 2495.033650][T16439] should_failslab+0x5/0x20 [ 2495.038144][T16439] kmem_cache_alloc_trace+0x39/0x2b0 [ 2495.043411][T16439] rfkill_send_events+0xae/0x3f0 [ 2495.048383][T16439] rfkill_register+0x6ad/0x720 [ 2495.053125][T16439] hci_register_dev+0x398/0x710 [ 2495.057950][T16439] hci_uart_tty_ioctl+0x89e/0xa10 [ 2495.062948][T16439] ? hci_uart_tty_write+0x10/0x10 [ 2495.067945][T16439] tty_ioctl+0xf68/0x1710 [ 2495.072249][T16439] ? tty_do_resize+0x170/0x170 [ 2495.076991][T16439] ? avc_ss_reset+0x3a0/0x3a0 [ 2495.081649][T16439] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2495.087785][T16439] ? refcount_inc_checked+0x50/0x50 [ 2495.092965][T16439] ? proc_fail_nth_write+0x1d5/0x240 [ 2495.098230][T16439] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2495.103406][T16439] ? check_preemption_disabled+0x9e/0x330 [ 2495.109101][T16439] ? memset+0x1f/0x40 [ 2495.113061][T16439] ? fsnotify+0x1332/0x13f0 [ 2495.117541][T16439] ? tty_do_resize+0x170/0x170 [ 2495.122284][T16439] do_vfs_ioctl+0x76a/0x1720 [ 2495.126854][T16439] ? selinux_file_ioctl+0x72f/0x990 [ 2495.132046][T16439] ? ioctl_preallocate+0x250/0x250 [ 2495.137135][T16439] ? __fget+0x37b/0x3c0 [ 2495.141269][T16439] ? fget_many+0x20/0x20 [ 2495.145488][T16439] ? do_syscall_64+0x1e0/0x1e0 [ 2495.150228][T16439] ? security_file_ioctl+0x9d/0xb0 [ 2495.155314][T16439] __x64_sys_ioctl+0xd4/0x110 [ 2495.159967][T16439] do_syscall_64+0xcb/0x1e0 [ 2495.164464][T16439] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2495.170331][T16439] RIP: 0033:0x7f041403f739 [ 2495.174721][T16439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2495.194296][T16439] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2495.202678][T16439] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2495.210624][T16439] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2495.218569][T16439] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2495.226514][T16439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2495.234459][T16439] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2495.256756][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:02:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000007fc0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00180062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2495.307351][T16446] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:02:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000fffe140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b001c0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2495.376811][T16453] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2497.296105][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2497.302149][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2499.375961][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2499.381995][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2501.455801][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:02:10 executing program 2 (fault-call:6 fault-nth:74): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:02:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000007fff0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00640062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:02:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000fffffffe140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:02:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b007c0062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000005f5e0ff0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2505.807638][T16471] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2505.813280][T16474] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2505.834600][T16474] FAULT_INJECTION: forcing a failure. [ 2505.834600][T16474] name failslab, interval 1, probability 0, space 0, times 0 [ 2505.850989][T16474] CPU: 0 PID: 16474 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2505.862664][T16474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.872689][T16474] Call Trace: [ 2505.875955][T16474] dump_stack+0x1d8/0x24e [ 2505.880262][T16474] ? devkmsg_release+0x11c/0x11c [ 2505.885191][T16474] ? show_regs_print_info+0x12/0x12 [ 2505.890372][T16474] should_fail+0x6f6/0x860 [ 2505.894764][T16474] ? setup_fault_attr+0x3d0/0x3d0 [ 2505.899760][T16474] ? remove_wait_queue+0x120/0x120 [ 2505.904846][T16474] ? rfkill_send_events+0xae/0x3f0 [ 2505.909937][T16474] should_failslab+0x5/0x20 [ 2505.914423][T16474] kmem_cache_alloc_trace+0x39/0x2b0 [ 2505.919684][T16474] rfkill_send_events+0xae/0x3f0 [ 2505.924595][T16474] rfkill_register+0x6ad/0x720 [ 2505.929334][T16474] hci_register_dev+0x398/0x710 [ 2505.934169][T16474] hci_uart_tty_ioctl+0x89e/0xa10 [ 2505.939175][T16474] ? hci_uart_tty_write+0x10/0x10 [ 2505.944179][T16474] tty_ioctl+0xf68/0x1710 [ 2505.948486][T16474] ? tty_do_resize+0x170/0x170 [ 2505.953228][T16474] ? avc_ss_reset+0x3a0/0x3a0 [ 2505.957886][T16474] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2505.964017][T16474] ? refcount_inc_checked+0x50/0x50 [ 2505.969214][T16474] ? proc_fail_nth_write+0x1d5/0x240 [ 2505.974557][T16474] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2505.979735][T16474] ? check_preemption_disabled+0x9e/0x330 [ 2505.985430][T16474] ? memset+0x1f/0x40 [ 2505.989391][T16474] ? fsnotify+0x1332/0x13f0 [ 2505.993869][T16474] ? tty_do_resize+0x170/0x170 [ 2505.998611][T16474] do_vfs_ioctl+0x76a/0x1720 [ 2506.003173][T16474] ? selinux_file_ioctl+0x72f/0x990 [ 2506.008344][T16474] ? ioctl_preallocate+0x250/0x250 [ 2506.013436][T16474] ? __fget+0x37b/0x3c0 [ 2506.017575][T16474] ? fget_many+0x20/0x20 [ 2506.021795][T16474] ? do_syscall_64+0x1e0/0x1e0 [ 2506.026538][T16474] ? security_file_ioctl+0x9d/0xb0 [ 2506.031630][T16474] __x64_sys_ioctl+0xd4/0x110 [ 2506.036281][T16474] do_syscall_64+0xcb/0x1e0 [ 2506.040759][T16474] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2506.046625][T16474] RIP: 0033:0x7f041403f739 [ 2506.051017][T16474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2506.070606][T16474] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2506.078996][T16474] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2506.086948][T16474] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2506.094893][T16474] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2506.102838][T16474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2506.110826][T16474] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2506.126412][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:02:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00100162726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003ff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2506.183765][T16481] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:02:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00070262726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2508.175591][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2508.181642][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2510.255768][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2510.261812][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2512.335314][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:02:21 executing program 2 (fault-call:6 fault-nth:75): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:02:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:02:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000fff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b004e0262726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:02:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00000362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2516.686463][T16499] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2516.700537][T16499] FAULT_INJECTION: forcing a failure. [ 2516.700537][T16499] name failslab, interval 1, probability 0, space 0, times 0 [ 2516.714628][T16499] CPU: 0 PID: 16499 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2516.726242][T16499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2516.736270][T16499] Call Trace: [ 2516.739577][T16499] dump_stack+0x1d8/0x24e [ 2516.743881][T16499] ? devkmsg_release+0x11c/0x11c [ 2516.748802][T16499] ? show_regs_print_info+0x12/0x12 [ 2516.753977][T16499] should_fail+0x6f6/0x860 [ 2516.758383][T16499] ? setup_fault_attr+0x3d0/0x3d0 [ 2516.763380][T16499] ? remove_wait_queue+0x120/0x120 [ 2516.768467][T16499] ? rfkill_send_events+0xae/0x3f0 [ 2516.773556][T16499] should_failslab+0x5/0x20 [ 2516.778123][T16499] kmem_cache_alloc_trace+0x39/0x2b0 [ 2516.783382][T16499] rfkill_send_events+0xae/0x3f0 [ 2516.788337][T16499] rfkill_register+0x6ad/0x720 [ 2516.793077][T16499] hci_register_dev+0x398/0x710 [ 2516.797900][T16499] hci_uart_tty_ioctl+0x89e/0xa10 [ 2516.802897][T16499] ? hci_uart_tty_write+0x10/0x10 [ 2516.807891][T16499] tty_ioctl+0xf68/0x1710 [ 2516.812192][T16499] ? tty_do_resize+0x170/0x170 [ 2516.816927][T16499] ? avc_ss_reset+0x3a0/0x3a0 [ 2516.821570][T16499] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2516.827694][T16499] ? refcount_inc_checked+0x50/0x50 [ 2516.832864][T16499] ? proc_fail_nth_write+0x1d5/0x240 [ 2516.838115][T16499] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2516.843285][T16499] ? check_preemption_disabled+0x9e/0x330 [ 2516.848972][T16499] ? memset+0x1f/0x40 [ 2516.852923][T16499] ? fsnotify+0x1332/0x13f0 [ 2516.857393][T16499] ? tty_do_resize+0x170/0x170 [ 2516.862133][T16499] do_vfs_ioctl+0x76a/0x1720 [ 2516.866703][T16499] ? selinux_file_ioctl+0x72f/0x990 [ 2516.871876][T16499] ? ioctl_preallocate+0x250/0x250 [ 2516.876964][T16499] ? __fget+0x37b/0x3c0 [ 2516.881088][T16499] ? fget_many+0x20/0x20 [ 2516.885300][T16499] ? do_syscall_64+0x1e0/0x1e0 [ 2516.890036][T16499] ? security_file_ioctl+0x9d/0xb0 [ 2516.895136][T16499] __x64_sys_ioctl+0xd4/0x110 [ 2516.899784][T16499] do_syscall_64+0xcb/0x1e0 [ 2516.904260][T16499] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2516.910124][T16499] RIP: 0033:0x7f041403f739 [ 2516.914508][T16499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2516.934088][T16499] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2516.942481][T16499] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2516.950429][T16499] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2516.958373][T16499] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2516.966355][T16499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2516.974309][T16499] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2516.988837][T11944] Bluetooth: hci0: sending frame failed (-49) 13:02:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007fff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00040362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00060362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x10000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2519.054572][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2519.060636][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2521.134918][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2521.140934][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2523.214297][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:02:32 executing program 2 (fault-call:6 fault-nth:76): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:02:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00080362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003ffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:02:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x11000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2527.569749][T16543] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2527.579247][T16543] FAULT_INJECTION: forcing a failure. [ 2527.579247][T16543] name failslab, interval 1, probability 0, space 0, times 0 [ 2527.592719][T16543] CPU: 0 PID: 16543 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2527.604334][T16543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2527.614366][T16543] Call Trace: [ 2527.617636][T16543] dump_stack+0x1d8/0x24e [ 2527.621946][T16543] ? devkmsg_release+0x11c/0x11c [ 2527.626877][T16543] ? show_regs_print_info+0x12/0x12 [ 2527.632052][T16543] should_fail+0x6f6/0x860 [ 2527.636450][T16543] ? setup_fault_attr+0x3d0/0x3d0 [ 2527.641456][T16543] ? remove_wait_queue+0x120/0x120 [ 2527.646543][T16543] ? rfkill_send_events+0xae/0x3f0 [ 2527.651632][T16543] should_failslab+0x5/0x20 [ 2527.656129][T16543] kmem_cache_alloc_trace+0x39/0x2b0 [ 2527.661389][T16543] rfkill_send_events+0xae/0x3f0 [ 2527.666297][T16543] rfkill_register+0x6ad/0x720 [ 2527.671034][T16543] hci_register_dev+0x398/0x710 [ 2527.675861][T16543] hci_uart_tty_ioctl+0x89e/0xa10 [ 2527.680864][T16543] ? hci_uart_tty_write+0x10/0x10 [ 2527.685871][T16543] tty_ioctl+0xf68/0x1710 [ 2527.690207][T16543] ? tty_do_resize+0x170/0x170 [ 2527.694953][T16543] ? avc_ss_reset+0x3a0/0x3a0 [ 2527.699603][T16543] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2527.705750][T16543] ? refcount_inc_checked+0x50/0x50 [ 2527.710930][T16543] ? proc_fail_nth_write+0x1d5/0x240 [ 2527.716207][T16543] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2527.721383][T16543] ? check_preemption_disabled+0x9e/0x330 [ 2527.727081][T16543] ? memset+0x1f/0x40 [ 2527.731039][T16543] ? fsnotify+0x1332/0x13f0 [ 2527.735520][T16543] ? tty_do_resize+0x170/0x170 [ 2527.740260][T16543] do_vfs_ioctl+0x76a/0x1720 [ 2527.744827][T16543] ? selinux_file_ioctl+0x72f/0x990 [ 2527.750017][T16543] ? ioctl_preallocate+0x250/0x250 [ 2527.755116][T16543] ? __fget+0x37b/0x3c0 [ 2527.759257][T16543] ? fget_many+0x20/0x20 [ 2527.763475][T16543] ? do_syscall_64+0x1e0/0x1e0 [ 2527.768219][T16543] ? security_file_ioctl+0x9d/0xb0 [ 2527.773308][T16543] __x64_sys_ioctl+0xd4/0x110 [ 2527.777965][T16543] do_syscall_64+0xcb/0x1e0 [ 2527.782464][T16543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2527.788335][T16543] RIP: 0033:0x7f041403f739 [ 2527.792727][T16543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2527.812318][T16543] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2527.820704][T16543] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2527.828652][T16543] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2527.836598][T16543] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2527.844544][T16543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2527.852488][T16543] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 13:02:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000a0362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2527.873294][T11944] Bluetooth: hci0: sending frame failed (-49) 13:02:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00370362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800007fffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x12000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:02:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00390362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2529.933899][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 2529.940143][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2532.014006][T32228] Bluetooth: hci0: command 0x1001 tx timeout [ 2532.020223][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2534.093548][T32228] Bluetooth: hci0: command 0x1009 tx timeout 13:02:43 executing program 2 (fault-call:6 fault-nth:77): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:02:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00005662726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000081ffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x0, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:02:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1f000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2538.448927][T16581] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2538.458099][T16581] FAULT_INJECTION: forcing a failure. [ 2538.458099][T16581] name failslab, interval 1, probability 0, space 0, times 0 [ 2538.471522][T16581] CPU: 1 PID: 16581 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2538.483136][T16581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2538.493168][T16581] Call Trace: [ 2538.496441][T16581] dump_stack+0x1d8/0x24e [ 2538.500746][T16581] ? devkmsg_release+0x11c/0x11c [ 2538.505661][T16581] ? show_regs_print_info+0x12/0x12 [ 2538.510835][T16581] should_fail+0x6f6/0x860 [ 2538.515225][T16581] ? setup_fault_attr+0x3d0/0x3d0 [ 2538.520222][T16581] ? remove_wait_queue+0x120/0x120 [ 2538.525312][T16581] ? rfkill_send_events+0xae/0x3f0 [ 2538.530396][T16581] should_failslab+0x5/0x20 [ 2538.534878][T16581] kmem_cache_alloc_trace+0x39/0x2b0 [ 2538.540163][T16581] rfkill_send_events+0xae/0x3f0 [ 2538.545078][T16581] rfkill_register+0x6ad/0x720 [ 2538.549813][T16581] hci_register_dev+0x398/0x710 [ 2538.554636][T16581] hci_uart_tty_ioctl+0x89e/0xa10 [ 2538.559640][T16581] ? hci_uart_tty_write+0x10/0x10 [ 2538.564643][T16581] tty_ioctl+0xf68/0x1710 [ 2538.568951][T16581] ? tty_do_resize+0x170/0x170 [ 2538.573696][T16581] ? avc_ss_reset+0x3a0/0x3a0 [ 2538.578365][T16581] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2538.584497][T16581] ? refcount_inc_checked+0x50/0x50 [ 2538.589679][T16581] ? proc_fail_nth_write+0x1d5/0x240 [ 2538.594936][T16581] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2538.600111][T16581] ? check_preemption_disabled+0x9e/0x330 [ 2538.605807][T16581] ? memset+0x1f/0x40 [ 2538.609768][T16581] ? fsnotify+0x1332/0x13f0 [ 2538.614262][T16581] ? tty_do_resize+0x170/0x170 [ 2538.619002][T16581] do_vfs_ioctl+0x76a/0x1720 [ 2538.623569][T16581] ? selinux_file_ioctl+0x72f/0x990 [ 2538.628736][T16581] ? ioctl_preallocate+0x250/0x250 [ 2538.633840][T16581] ? __fget+0x37b/0x3c0 [ 2538.637985][T16581] ? fget_many+0x20/0x20 [ 2538.642200][T16581] ? do_syscall_64+0x1e0/0x1e0 [ 2538.646938][T16581] ? security_file_ioctl+0x9d/0xb0 [ 2538.652023][T16581] __x64_sys_ioctl+0xd4/0x110 [ 2538.656672][T16581] do_syscall_64+0xcb/0x1e0 [ 2538.661150][T16581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2538.667021][T16581] RIP: 0033:0x7f041403f739 [ 2538.671418][T16581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2538.691003][T16581] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2538.699394][T16581] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2538.707337][T16581] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2538.715278][T16581] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2538.723229][T16581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2538.731183][T16581] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2538.747768][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:02:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000e8062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000700140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010025726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x20000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:02:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800009effffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001002f726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2540.813139][T32228] Bluetooth: hci0: command 0x1003 tx timeout [ 2540.819169][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2542.892935][T32228] Bluetooth: hci0: command 0x1001 tx timeout [ 2542.898983][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2544.972784][T32228] Bluetooth: hci0: command 0x1009 tx timeout 13:02:54 executing program 2 (fault-call:6 fault-nth:78): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:02:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001003a726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x0, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:02:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000c3ffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x25000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2549.331200][T16617] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2549.341830][T16617] FAULT_INJECTION: forcing a failure. [ 2549.341830][T16617] name failslab, interval 1, probability 0, space 0, times 0 [ 2549.355180][T16617] CPU: 1 PID: 16617 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2549.366795][T16617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2549.376837][T16617] Call Trace: [ 2549.380122][T16617] dump_stack+0x1d8/0x24e [ 2549.384439][T16617] ? devkmsg_release+0x11c/0x11c [ 2549.389400][T16617] ? show_regs_print_info+0x12/0x12 [ 2549.394628][T16617] should_fail+0x6f6/0x860 [ 2549.399026][T16617] ? setup_fault_attr+0x3d0/0x3d0 [ 2549.404024][T16617] ? remove_wait_queue+0x120/0x120 [ 2549.409115][T16617] ? rfkill_send_events+0xae/0x3f0 [ 2549.414211][T16617] should_failslab+0x5/0x20 [ 2549.418704][T16617] kmem_cache_alloc_trace+0x39/0x2b0 [ 2549.423973][T16617] rfkill_send_events+0xae/0x3f0 [ 2549.428889][T16617] rfkill_register+0x6ad/0x720 [ 2549.433637][T16617] hci_register_dev+0x398/0x710 [ 2549.438478][T16617] hci_uart_tty_ioctl+0x89e/0xa10 [ 2549.443500][T16617] ? hci_uart_tty_write+0x10/0x10 [ 2549.448501][T16617] tty_ioctl+0xf68/0x1710 [ 2549.452806][T16617] ? tty_do_resize+0x170/0x170 [ 2549.457547][T16617] ? avc_ss_reset+0x3a0/0x3a0 [ 2549.462200][T16617] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2549.468326][T16617] ? refcount_inc_checked+0x50/0x50 [ 2549.473505][T16617] ? proc_fail_nth_write+0x1d5/0x240 [ 2549.478764][T16617] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2549.484027][T16617] ? check_preemption_disabled+0x9e/0x330 [ 2549.489718][T16617] ? memset+0x1f/0x40 [ 2549.493674][T16617] ? fsnotify+0x1332/0x13f0 [ 2549.498168][T16617] ? tty_do_resize+0x170/0x170 [ 2549.502909][T16617] do_vfs_ioctl+0x76a/0x1720 [ 2549.507478][T16617] ? selinux_file_ioctl+0x72f/0x990 [ 2549.512649][T16617] ? ioctl_preallocate+0x250/0x250 [ 2549.517738][T16617] ? __fget+0x37b/0x3c0 [ 2549.521870][T16617] ? fget_many+0x20/0x20 [ 2549.526089][T16617] ? do_syscall_64+0x1e0/0x1e0 [ 2549.530835][T16617] ? security_file_ioctl+0x9d/0xb0 [ 2549.535925][T16617] __x64_sys_ioctl+0xd4/0x110 [ 2549.540581][T16617] do_syscall_64+0xcb/0x1e0 [ 2549.545060][T16617] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2549.550925][T16617] RIP: 0033:0x7f041403f739 [ 2549.555320][T16617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2549.574913][T16617] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2549.583296][T16617] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2549.591252][T16617] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2549.599201][T16617] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2549.607149][T16617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2549.615097][T16617] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2549.647125][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:02:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010262726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000eaffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010362726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x28020000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:02:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000900140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:02:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010462726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2551.692299][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2551.698350][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2553.772448][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2553.778478][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2555.852008][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:03:05 executing program 2 (fault-call:6 fault-nth:79): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:03:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000efffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010562726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:03:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x0, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2560.205165][T16658] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2560.214753][T16658] FAULT_INJECTION: forcing a failure. [ 2560.214753][T16658] name failslab, interval 1, probability 0, space 0, times 0 [ 2560.227975][T16658] CPU: 1 PID: 16658 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2560.239584][T16658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2560.249609][T16658] Call Trace: [ 2560.252889][T16658] dump_stack+0x1d8/0x24e [ 2560.257205][T16658] ? devkmsg_release+0x11c/0x11c [ 2560.262123][T16658] ? show_regs_print_info+0x12/0x12 [ 2560.267305][T16658] should_fail+0x6f6/0x860 [ 2560.271697][T16658] ? setup_fault_attr+0x3d0/0x3d0 [ 2560.276694][T16658] ? remove_wait_queue+0x120/0x120 [ 2560.281784][T16658] ? rfkill_send_events+0xae/0x3f0 [ 2560.286882][T16658] should_failslab+0x5/0x20 [ 2560.291360][T16658] kmem_cache_alloc_trace+0x39/0x2b0 [ 2560.296664][T16658] rfkill_send_events+0xae/0x3f0 [ 2560.301583][T16658] rfkill_register+0x6ad/0x720 [ 2560.306324][T16658] hci_register_dev+0x398/0x710 [ 2560.311160][T16658] hci_uart_tty_ioctl+0x89e/0xa10 [ 2560.316166][T16658] ? hci_uart_tty_write+0x10/0x10 [ 2560.321167][T16658] tty_ioctl+0xf68/0x1710 [ 2560.325477][T16658] ? tty_do_resize+0x170/0x170 [ 2560.330215][T16658] ? avc_ss_reset+0x3a0/0x3a0 [ 2560.334866][T16658] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2560.340991][T16658] ? refcount_inc_checked+0x50/0x50 [ 2560.346178][T16658] ? proc_fail_nth_write+0x1d5/0x240 [ 2560.351436][T16658] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2560.356606][T16658] ? check_preemption_disabled+0x9e/0x330 [ 2560.362301][T16658] ? memset+0x1f/0x40 [ 2560.366256][T16658] ? fsnotify+0x1332/0x13f0 [ 2560.370736][T16658] ? tty_do_resize+0x170/0x170 [ 2560.375494][T16658] do_vfs_ioctl+0x76a/0x1720 [ 2560.380058][T16658] ? selinux_file_ioctl+0x72f/0x990 [ 2560.385232][T16658] ? ioctl_preallocate+0x250/0x250 [ 2560.390319][T16658] ? __fget+0x37b/0x3c0 [ 2560.394452][T16658] ? fget_many+0x20/0x20 [ 2560.398681][T16658] ? do_syscall_64+0x1e0/0x1e0 [ 2560.403422][T16658] ? security_file_ioctl+0x9d/0xb0 [ 2560.408517][T16658] __x64_sys_ioctl+0xd4/0x110 [ 2560.413173][T16658] do_syscall_64+0xcb/0x1e0 [ 2560.417662][T16658] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2560.423619][T16658] RIP: 0033:0x7f041403f739 [ 2560.428010][T16658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2560.447596][T16658] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:03:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010662726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2560.455986][T16658] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2560.463933][T16658] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2560.471881][T16658] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2560.479823][T16658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2560.487766][T16658] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2560.515533][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:03:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010762726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000b00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010862726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010962726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x39000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2562.571637][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2562.577672][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2564.651490][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2564.657564][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2566.731378][T24421] Bluetooth: hci0: command 0x1009 tx timeout 13:03:16 executing program 2 (fault-call:6 fault-nth:80): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:03:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010a62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000f0ffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:03:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2571.090089][T16695] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2571.099314][T16695] FAULT_INJECTION: forcing a failure. [ 2571.099314][T16695] name failslab, interval 1, probability 0, space 0, times 0 [ 2571.112704][T16695] CPU: 0 PID: 16695 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2571.124312][T16695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2571.134343][T16695] Call Trace: [ 2571.137617][T16695] dump_stack+0x1d8/0x24e [ 2571.141920][T16695] ? devkmsg_release+0x11c/0x11c [ 2571.146830][T16695] ? show_regs_print_info+0x12/0x12 [ 2571.152001][T16695] should_fail+0x6f6/0x860 [ 2571.156387][T16695] ? setup_fault_attr+0x3d0/0x3d0 [ 2571.161380][T16695] ? remove_wait_queue+0x120/0x120 [ 2571.166460][T16695] ? rfkill_send_events+0xae/0x3f0 [ 2571.171552][T16695] should_failslab+0x5/0x20 [ 2571.176026][T16695] kmem_cache_alloc_trace+0x39/0x2b0 [ 2571.181284][T16695] rfkill_send_events+0xae/0x3f0 [ 2571.186195][T16695] rfkill_register+0x6ad/0x720 [ 2571.190934][T16695] hci_register_dev+0x398/0x710 [ 2571.195768][T16695] hci_uart_tty_ioctl+0x89e/0xa10 [ 2571.200765][T16695] ? hci_uart_tty_write+0x10/0x10 [ 2571.205939][T16695] tty_ioctl+0xf68/0x1710 [ 2571.210244][T16695] ? tty_do_resize+0x170/0x170 [ 2571.214984][T16695] ? avc_ss_reset+0x3a0/0x3a0 [ 2571.219643][T16695] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2571.225771][T16695] ? refcount_inc_checked+0x50/0x50 [ 2571.230942][T16695] ? proc_fail_nth_write+0x1d5/0x240 [ 2571.236235][T16695] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2571.241440][T16695] ? check_preemption_disabled+0x9e/0x330 [ 2571.247128][T16695] ? memset+0x1f/0x40 [ 2571.251086][T16695] ? fsnotify+0x1332/0x13f0 [ 2571.255574][T16695] ? tty_do_resize+0x170/0x170 [ 2571.260334][T16695] do_vfs_ioctl+0x76a/0x1720 [ 2571.264897][T16695] ? selinux_file_ioctl+0x72f/0x990 [ 2571.270065][T16695] ? ioctl_preallocate+0x250/0x250 [ 2571.275146][T16695] ? __fget+0x37b/0x3c0 [ 2571.279273][T16695] ? fget_many+0x20/0x20 [ 2571.283486][T16695] ? do_syscall_64+0x1e0/0x1e0 [ 2571.288238][T16695] ? security_file_ioctl+0x9d/0xb0 [ 2571.293319][T16695] __x64_sys_ioctl+0xd4/0x110 [ 2571.297969][T16695] do_syscall_64+0xcb/0x1e0 [ 2571.302489][T16695] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2571.308349][T16695] RIP: 0033:0x7f041403f739 [ 2571.312736][T16695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2571.332307][T16695] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2571.340696][T16695] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2571.348637][T16695] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2571.356576][T16695] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2571.364518][T16695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2571.372459][T16695] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2571.381571][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:03:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010b62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000d00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000feffffff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010c62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010d62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2573.450756][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 2573.456801][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2575.530641][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 2575.536703][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2577.610485][ T5] Bluetooth: hci0: command 0x1009 tx timeout 13:03:27 executing program 2 (fault-call:6 fault-nth:81): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:03:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3c000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:03:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010e62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000008000012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:03:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000010012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010f62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2581.959424][T16730] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2581.969253][T16735] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2581.989424][T16735] FAULT_INJECTION: forcing a failure. [ 2581.989424][T16735] name failslab, interval 1, probability 0, space 0, times 0 [ 2582.003661][T16735] CPU: 0 PID: 16735 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2582.015273][T16735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2582.025299][T16735] Call Trace: [ 2582.028565][T16735] dump_stack+0x1d8/0x24e [ 2582.032873][T16735] ? devkmsg_release+0x11c/0x11c [ 2582.037791][T16735] ? show_regs_print_info+0x12/0x12 [ 2582.042967][T16735] should_fail+0x6f6/0x860 [ 2582.047364][T16735] ? setup_fault_attr+0x3d0/0x3d0 [ 2582.052372][T16735] ? remove_wait_queue+0x120/0x120 [ 2582.057467][T16735] ? rfkill_send_events+0xae/0x3f0 [ 2582.062556][T16735] should_failslab+0x5/0x20 [ 2582.067039][T16735] kmem_cache_alloc_trace+0x39/0x2b0 [ 2582.072303][T16735] rfkill_send_events+0xae/0x3f0 [ 2582.077224][T16735] rfkill_register+0x6ad/0x720 [ 2582.081967][T16735] hci_register_dev+0x398/0x710 [ 2582.086793][T16735] hci_uart_tty_ioctl+0x89e/0xa10 [ 2582.091790][T16735] ? hci_uart_tty_write+0x10/0x10 [ 2582.096788][T16735] tty_ioctl+0xf68/0x1710 [ 2582.101090][T16735] ? tty_do_resize+0x170/0x170 [ 2582.105826][T16735] ? avc_ss_reset+0x3a0/0x3a0 [ 2582.110476][T16735] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2582.116598][T16735] ? refcount_inc_checked+0x50/0x50 [ 2582.121770][T16735] ? proc_fail_nth_write+0x1d5/0x240 [ 2582.127025][T16735] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2582.132195][T16735] ? check_preemption_disabled+0x9e/0x330 [ 2582.137891][T16735] ? memset+0x1f/0x40 [ 2582.141844][T16735] ? fsnotify+0x1332/0x13f0 [ 2582.146326][T16735] ? tty_do_resize+0x170/0x170 [ 2582.151062][T16735] do_vfs_ioctl+0x76a/0x1720 [ 2582.155629][T16735] ? selinux_file_ioctl+0x72f/0x990 [ 2582.160800][T16735] ? ioctl_preallocate+0x250/0x250 [ 2582.165885][T16735] ? __fget+0x37b/0x3c0 [ 2582.170015][T16735] ? fget_many+0x20/0x20 [ 2582.174231][T16735] ? do_syscall_64+0x1e0/0x1e0 [ 2582.178967][T16735] ? security_file_ioctl+0x9d/0xb0 [ 2582.184051][T16735] __x64_sys_ioctl+0xd4/0x110 [ 2582.188699][T16735] do_syscall_64+0xcb/0x1e0 [ 2582.193186][T16735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2582.199051][T16735] RIP: 0033:0x7f041403f739 [ 2582.203442][T16735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2582.223020][T16735] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2582.231403][T16735] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2582.239346][T16735] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2582.247290][T16735] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2582.255254][T16735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2582.263198][T16735] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2582.290689][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:03:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00011062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000030012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2582.320910][T16740] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 13:03:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00011162726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001100140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2582.381177][T16753] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2584.330050][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2584.336151][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2586.410383][T11760] Bluetooth: hci0: command 0x1001 tx timeout [ 2586.416423][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2588.489723][T11760] Bluetooth: hci0: command 0x1009 tx timeout 13:03:38 executing program 2 (fault-call:6 fault-nth:82): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:03:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000040012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00011262726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:03:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:03:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2592.844165][T16776] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2592.853227][T16776] FAULT_INJECTION: forcing a failure. [ 2592.853227][T16776] name failslab, interval 1, probability 0, space 0, times 0 [ 2592.867897][T16776] CPU: 1 PID: 16776 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2592.879508][T16776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2592.889540][T16776] Call Trace: [ 2592.892819][T16776] dump_stack+0x1d8/0x24e [ 2592.897141][T16776] ? devkmsg_release+0x11c/0x11c [ 2592.902075][T16776] ? show_regs_print_info+0x12/0x12 [ 2592.907261][T16776] should_fail+0x6f6/0x860 [ 2592.911665][T16776] ? setup_fault_attr+0x3d0/0x3d0 [ 2592.916680][T16776] ? remove_wait_queue+0x120/0x120 [ 2592.921792][T16776] ? rfkill_send_events+0xae/0x3f0 [ 2592.926907][T16776] should_failslab+0x5/0x20 [ 2592.931396][T16776] kmem_cache_alloc_trace+0x39/0x2b0 [ 2592.936676][T16776] rfkill_send_events+0xae/0x3f0 [ 2592.941599][T16776] rfkill_register+0x6ad/0x720 [ 2592.946351][T16776] hci_register_dev+0x398/0x710 [ 2592.951197][T16776] hci_uart_tty_ioctl+0x89e/0xa10 [ 2592.956211][T16776] ? hci_uart_tty_write+0x10/0x10 [ 2592.961245][T16776] tty_ioctl+0xf68/0x1710 [ 2592.965564][T16776] ? tty_do_resize+0x170/0x170 [ 2592.970312][T16776] ? avc_ss_reset+0x3a0/0x3a0 [ 2592.974976][T16776] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2592.981118][T16776] ? refcount_inc_checked+0x50/0x50 [ 2592.986315][T16776] ? proc_fail_nth_write+0x1d5/0x240 [ 2592.991597][T16776] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2592.996780][T16776] ? check_preemption_disabled+0x9e/0x330 [ 2593.002487][T16776] ? memset+0x1f/0x40 [ 2593.006456][T16776] ? fsnotify+0x1332/0x13f0 [ 2593.010948][T16776] ? tty_do_resize+0x170/0x170 [ 2593.015697][T16776] do_vfs_ioctl+0x76a/0x1720 [ 2593.020616][T16776] ? selinux_file_ioctl+0x72f/0x990 [ 2593.025853][T16776] ? ioctl_preallocate+0x250/0x250 [ 2593.030946][T16776] ? __fget+0x37b/0x3c0 [ 2593.035081][T16776] ? fget_many+0x20/0x20 [ 2593.039310][T16776] ? do_syscall_64+0x1e0/0x1e0 [ 2593.044072][T16776] ? security_file_ioctl+0x9d/0xb0 [ 2593.049168][T16776] __x64_sys_ioctl+0xd4/0x110 [ 2593.053850][T16776] do_syscall_64+0xcb/0x1e0 [ 2593.058425][T16776] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2593.064312][T16776] RIP: 0033:0x7f041403f739 [ 2593.068712][T16776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2593.088298][T16776] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2593.096692][T16776] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2593.104645][T16776] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2593.112602][T16776] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2593.120579][T16776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2593.128539][T16776] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2593.139435][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:03:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00012562726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000050012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00012f62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000060012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x40000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2595.209198][T11760] Bluetooth: hci0: command 0x1003 tx timeout [ 2595.215229][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2597.289094][T24421] Bluetooth: hci0: command 0x1001 tx timeout [ 2597.295127][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2599.368928][T24421] Bluetooth: hci0: command 0x1009 tx timeout 13:03:48 executing program 2 (fault-call:6 fault-nth:83): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:03:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00013862726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000080012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x48000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:03:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:03:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00013a62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2603.725821][T16809] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2603.736434][T16809] FAULT_INJECTION: forcing a failure. [ 2603.736434][T16809] name failslab, interval 1, probability 0, space 0, times 0 [ 2603.750366][T16809] CPU: 0 PID: 16809 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2603.761980][T16809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2603.772007][T16809] Call Trace: [ 2603.775287][T16809] dump_stack+0x1d8/0x24e [ 2603.779602][T16809] ? devkmsg_release+0x11c/0x11c [ 2603.784570][T16809] ? show_regs_print_info+0x12/0x12 [ 2603.789836][T16809] should_fail+0x6f6/0x860 [ 2603.794238][T16809] ? setup_fault_attr+0x3d0/0x3d0 [ 2603.799289][T16809] ? remove_wait_queue+0x120/0x120 [ 2603.804370][T16809] ? rfkill_send_events+0xae/0x3f0 [ 2603.809545][T16809] should_failslab+0x5/0x20 [ 2603.814040][T16809] kmem_cache_alloc_trace+0x39/0x2b0 [ 2603.819315][T16809] rfkill_send_events+0xae/0x3f0 [ 2603.824232][T16809] rfkill_register+0x6ad/0x720 [ 2603.828971][T16809] hci_register_dev+0x398/0x710 [ 2603.833810][T16809] hci_uart_tty_ioctl+0x89e/0xa10 [ 2603.838827][T16809] ? hci_uart_tty_write+0x10/0x10 [ 2603.843972][T16809] tty_ioctl+0xf68/0x1710 [ 2603.848288][T16809] ? tty_do_resize+0x170/0x170 [ 2603.853045][T16809] ? avc_ss_reset+0x3a0/0x3a0 [ 2603.857696][T16809] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2603.863820][T16809] ? refcount_inc_checked+0x50/0x50 [ 2603.869003][T16809] ? proc_fail_nth_write+0x1d5/0x240 [ 2603.874271][T16809] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2603.879445][T16809] ? check_preemption_disabled+0x9e/0x330 [ 2603.885138][T16809] ? memset+0x1f/0x40 [ 2603.889186][T16809] ? fsnotify+0x1332/0x13f0 [ 2603.893663][T16809] ? tty_do_resize+0x170/0x170 [ 2603.898444][T16809] do_vfs_ioctl+0x76a/0x1720 [ 2603.903019][T16809] ? selinux_file_ioctl+0x72f/0x990 [ 2603.908211][T16809] ? ioctl_preallocate+0x250/0x250 [ 2603.913316][T16809] ? __fget+0x37b/0x3c0 [ 2603.917457][T16809] ? fget_many+0x20/0x20 [ 2603.921698][T16809] ? do_syscall_64+0x1e0/0x1e0 [ 2603.926443][T16809] ? security_file_ioctl+0x9d/0xb0 [ 2603.931529][T16809] __x64_sys_ioctl+0xd4/0x110 [ 2603.936190][T16809] do_syscall_64+0xcb/0x1e0 [ 2603.940678][T16809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2603.946550][T16809] RIP: 0033:0x7f041403f739 [ 2603.950965][T16809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2603.970547][T16809] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2603.979283][T16809] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2603.987247][T16809] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2603.995221][T16809] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2604.003180][T16809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2604.011135][T16809] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2604.029437][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:03:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00014862726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000090012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2604.099255][T16810] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2604.108743][T16810] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 13:03:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00014a62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4a000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2604.249347][T16833] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2604.263934][T16833] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2606.088633][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2606.094673][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2608.168618][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2608.174662][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2610.248330][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:03:59 executing program 2 (fault-call:6 fault-nth:84): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:03:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00014c62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000b0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:03:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:03:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2614.594126][T16845] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2614.605861][T16845] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2614.608466][T16854] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2614.625432][T16854] FAULT_INJECTION: forcing a failure. [ 2614.625432][T16854] name failslab, interval 1, probability 0, space 0, times 0 13:03:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2614.639033][T16854] CPU: 1 PID: 16854 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2614.650647][T16854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2614.660679][T16854] Call Trace: [ 2614.663947][T16854] dump_stack+0x1d8/0x24e [ 2614.668258][T16854] ? devkmsg_release+0x11c/0x11c [ 2614.673179][T16854] ? show_regs_print_info+0x12/0x12 [ 2614.678361][T16854] should_fail+0x6f6/0x860 [ 2614.682756][T16854] ? setup_fault_attr+0x3d0/0x3d0 [ 2614.687759][T16854] ? remove_wait_queue+0x120/0x120 [ 2614.692852][T16854] ? rfkill_send_events+0xae/0x3f0 [ 2614.697951][T16854] should_failslab+0x5/0x20 [ 2614.702435][T16854] kmem_cache_alloc_trace+0x39/0x2b0 [ 2614.707778][T16854] rfkill_send_events+0xae/0x3f0 [ 2614.712699][T16854] rfkill_register+0x6ad/0x720 [ 2614.717449][T16854] hci_register_dev+0x398/0x710 [ 2614.722280][T16854] hci_uart_tty_ioctl+0x89e/0xa10 [ 2614.727284][T16854] ? hci_uart_tty_write+0x10/0x10 [ 2614.732295][T16854] tty_ioctl+0xf68/0x1710 [ 2614.736603][T16854] ? tty_do_resize+0x170/0x170 [ 2614.741347][T16854] ? avc_ss_reset+0x3a0/0x3a0 [ 2614.746009][T16854] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2614.752143][T16854] ? refcount_inc_checked+0x50/0x50 [ 2614.757331][T16854] ? proc_fail_nth_write+0x1d5/0x240 [ 2614.762606][T16854] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2614.767814][T16854] ? check_preemption_disabled+0x9e/0x330 [ 2614.773513][T16854] ? memset+0x1f/0x40 [ 2614.777480][T16854] ? fsnotify+0x1332/0x13f0 [ 2614.781954][T16854] ? tty_do_resize+0x170/0x170 [ 2614.786791][T16854] do_vfs_ioctl+0x76a/0x1720 [ 2614.791371][T16854] ? selinux_file_ioctl+0x72f/0x990 [ 2614.796556][T16854] ? ioctl_preallocate+0x250/0x250 [ 2614.801663][T16854] ? __fget+0x37b/0x3c0 [ 2614.805805][T16854] ? fget_many+0x20/0x20 [ 2614.810022][T16854] ? do_syscall_64+0x1e0/0x1e0 [ 2614.814766][T16854] ? security_file_ioctl+0x9d/0xb0 [ 2614.819882][T16854] __x64_sys_ioctl+0xd4/0x110 [ 2614.824539][T16854] do_syscall_64+0xcb/0x1e0 [ 2614.829030][T16854] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2614.834901][T16854] RIP: 0033:0x7f041403f739 [ 2614.839377][T16854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2614.859044][T16854] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2614.867438][T16854] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2614.875381][T16854] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2614.883325][T16854] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2614.891268][T16854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2614.899212][T16854] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2614.909844][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:04:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00015062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00016862726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000d0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2614.968529][T16858] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2614.983225][T16858] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 13:04:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00016c62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2615.047492][T16868] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2616.967672][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2616.973705][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2619.047535][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2619.053601][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2621.127378][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:04:10 executing program 2 (fault-call:6 fault-nth:85): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:04:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000e0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5c000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:04:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00017462726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:04:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00017a62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000f0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2625.475246][T16887] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2625.481197][T16889] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2625.500887][T16889] FAULT_INJECTION: forcing a failure. [ 2625.500887][T16889] name failslab, interval 1, probability 0, space 0, times 0 [ 2625.519900][T16889] CPU: 0 PID: 16889 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2625.531507][T16889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2625.541544][T16889] Call Trace: [ 2625.544824][T16889] dump_stack+0x1d8/0x24e [ 2625.549133][T16889] ? devkmsg_release+0x11c/0x11c [ 2625.554055][T16889] ? show_regs_print_info+0x12/0x12 [ 2625.559237][T16889] should_fail+0x6f6/0x860 [ 2625.563632][T16889] ? setup_fault_attr+0x3d0/0x3d0 [ 2625.568627][T16889] ? remove_wait_queue+0x120/0x120 [ 2625.573713][T16889] ? rfkill_send_events+0xae/0x3f0 [ 2625.578803][T16889] should_failslab+0x5/0x20 [ 2625.583288][T16889] kmem_cache_alloc_trace+0x39/0x2b0 [ 2625.588558][T16889] rfkill_send_events+0xae/0x3f0 [ 2625.593480][T16889] rfkill_register+0x6ad/0x720 [ 2625.598223][T16889] hci_register_dev+0x398/0x710 [ 2625.603095][T16889] hci_uart_tty_ioctl+0x89e/0xa10 [ 2625.608102][T16889] ? hci_uart_tty_write+0x10/0x10 [ 2625.613112][T16889] tty_ioctl+0xf68/0x1710 [ 2625.617417][T16889] ? tty_do_resize+0x170/0x170 [ 2625.622160][T16889] ? avc_ss_reset+0x3a0/0x3a0 [ 2625.626818][T16889] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2625.632950][T16889] ? refcount_inc_checked+0x50/0x50 [ 2625.638140][T16889] ? proc_fail_nth_write+0x1d5/0x240 [ 2625.643402][T16889] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2625.648570][T16889] ? check_preemption_disabled+0x9e/0x330 [ 2625.654257][T16889] ? memset+0x1f/0x40 [ 2625.658211][T16889] ? fsnotify+0x1332/0x13f0 [ 2625.662696][T16889] ? tty_do_resize+0x170/0x170 [ 2625.667438][T16889] do_vfs_ioctl+0x76a/0x1720 [ 2625.672014][T16889] ? selinux_file_ioctl+0x72f/0x990 [ 2625.677195][T16889] ? ioctl_preallocate+0x250/0x250 [ 2625.682288][T16889] ? __fget+0x37b/0x3c0 [ 2625.686436][T16889] ? fget_many+0x20/0x20 [ 2625.690662][T16889] ? do_syscall_64+0x1e0/0x1e0 [ 2625.695470][T16889] ? security_file_ioctl+0x9d/0xb0 [ 2625.700563][T16889] __x64_sys_ioctl+0xd4/0x110 [ 2625.705219][T16889] do_syscall_64+0xcb/0x1e0 [ 2625.709694][T16889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2625.715559][T16889] RIP: 0033:0x7f041403f739 [ 2625.719956][T16889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2625.739538][T16889] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2625.747923][T16889] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2625.755877][T16889] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2625.763831][T16889] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2625.771785][T16889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2625.779829][T16889] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2625.789272][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:04:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001a062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001a862726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5f2b0000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2627.846871][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2627.852918][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2629.926734][T24421] Bluetooth: hci0: command 0x1001 tx timeout [ 2629.932775][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2632.006623][T24421] Bluetooth: hci0: command 0x1009 tx timeout 13:04:21 executing program 2 (fault-call:6 fault-nth:86): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:04:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000100012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001e462726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:04:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x64030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:04:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001e662726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2636.372182][T16922] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2636.381311][T16922] FAULT_INJECTION: forcing a failure. [ 2636.381311][T16922] name failslab, interval 1, probability 0, space 0, times 0 [ 2636.397422][T16922] CPU: 0 PID: 16922 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2636.409137][T16922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2636.419350][T16922] Call Trace: [ 2636.422634][T16922] dump_stack+0x1d8/0x24e [ 2636.426956][T16922] ? devkmsg_release+0x11c/0x11c [ 2636.431873][T16922] ? show_regs_print_info+0x12/0x12 [ 2636.437044][T16922] should_fail+0x6f6/0x860 [ 2636.441435][T16922] ? setup_fault_attr+0x3d0/0x3d0 [ 2636.446435][T16922] ? remove_wait_queue+0x120/0x120 [ 2636.451525][T16922] ? rfkill_send_events+0xae/0x3f0 [ 2636.456609][T16922] should_failslab+0x5/0x20 [ 2636.461089][T16922] kmem_cache_alloc_trace+0x39/0x2b0 [ 2636.466350][T16922] rfkill_send_events+0xae/0x3f0 [ 2636.471270][T16922] rfkill_register+0x6ad/0x720 [ 2636.476038][T16922] hci_register_dev+0x398/0x710 [ 2636.480870][T16922] hci_uart_tty_ioctl+0x89e/0xa10 [ 2636.485885][T16922] ? hci_uart_tty_write+0x10/0x10 [ 2636.490884][T16922] tty_ioctl+0xf68/0x1710 [ 2636.495204][T16922] ? tty_do_resize+0x170/0x170 [ 2636.499946][T16922] ? avc_ss_reset+0x3a0/0x3a0 [ 2636.504599][T16922] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2636.511161][T16922] ? refcount_inc_checked+0x50/0x50 [ 2636.516344][T16922] ? proc_fail_nth_write+0x1d5/0x240 [ 2636.521607][T16922] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2636.526781][T16922] ? check_preemption_disabled+0x9e/0x330 [ 2636.532478][T16922] ? memset+0x1f/0x40 [ 2636.536433][T16922] ? fsnotify+0x1332/0x13f0 [ 2636.540912][T16922] ? tty_do_resize+0x170/0x170 [ 2636.545652][T16922] do_vfs_ioctl+0x76a/0x1720 [ 2636.550222][T16922] ? selinux_file_ioctl+0x72f/0x990 [ 2636.555396][T16922] ? ioctl_preallocate+0x250/0x250 [ 2636.560486][T16922] ? __fget+0x37b/0x3c0 [ 2636.564627][T16922] ? fget_many+0x20/0x20 [ 2636.569020][T16922] ? do_syscall_64+0x1e0/0x1e0 [ 2636.573762][T16922] ? security_file_ioctl+0x9d/0xb0 [ 2636.578850][T16922] __x64_sys_ioctl+0xd4/0x110 [ 2636.583511][T16922] do_syscall_64+0xcb/0x1e0 [ 2636.588008][T16922] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2636.593877][T16922] RIP: 0033:0x7f041403f739 [ 2636.598269][T16922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2636.617937][T16922] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2636.626319][T16922] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2636.634264][T16922] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2636.642211][T16922] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2636.650158][T16922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2636.658103][T16922] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2636.667527][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:04:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001e862726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001ea62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001ec62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2638.726165][T32228] Bluetooth: hci0: command 0x1003 tx timeout [ 2638.732230][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2640.806433][T24421] Bluetooth: hci0: command 0x1001 tx timeout [ 2640.812519][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2642.885918][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:04:32 executing program 2 (fault-call:6 fault-nth:87): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:04:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001ee62726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x68000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:04:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000110012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2647.244389][T16965] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2647.253533][T16954] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2647.256690][T16965] FAULT_INJECTION: forcing a failure. [ 2647.256690][T16965] name failslab, interval 1, probability 0, space 0, times 0 [ 2647.275857][T16965] CPU: 1 PID: 16965 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2647.287470][T16965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2647.297503][T16965] Call Trace: [ 2647.300777][T16965] dump_stack+0x1d8/0x24e [ 2647.305099][T16965] ? devkmsg_release+0x11c/0x11c [ 2647.310026][T16965] ? show_regs_print_info+0x12/0x12 [ 2647.315228][T16965] should_fail+0x6f6/0x860 [ 2647.319629][T16965] ? setup_fault_attr+0x3d0/0x3d0 [ 2647.324640][T16965] ? remove_wait_queue+0x120/0x120 [ 2647.329737][T16965] ? rfkill_send_events+0xae/0x3f0 [ 2647.334829][T16965] should_failslab+0x5/0x20 [ 2647.339318][T16965] kmem_cache_alloc_trace+0x39/0x2b0 [ 2647.344590][T16965] rfkill_send_events+0xae/0x3f0 [ 2647.349508][T16965] rfkill_register+0x6ad/0x720 [ 2647.354259][T16965] hci_register_dev+0x398/0x710 [ 2647.359093][T16965] hci_uart_tty_ioctl+0x89e/0xa10 [ 2647.364099][T16965] ? hci_uart_tty_write+0x10/0x10 [ 2647.369112][T16965] tty_ioctl+0xf68/0x1710 [ 2647.373422][T16965] ? tty_do_resize+0x170/0x170 [ 2647.378165][T16965] ? avc_ss_reset+0x3a0/0x3a0 [ 2647.382825][T16965] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2647.388948][T16965] ? refcount_inc_checked+0x50/0x50 [ 2647.394130][T16965] ? proc_fail_nth_write+0x1d5/0x240 [ 2647.399395][T16965] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2647.404580][T16965] ? check_preemption_disabled+0x9e/0x330 [ 2647.410283][T16965] ? memset+0x1f/0x40 [ 2647.414261][T16965] ? fsnotify+0x1332/0x13f0 [ 2647.418743][T16965] ? tty_do_resize+0x170/0x170 [ 2647.423488][T16965] do_vfs_ioctl+0x76a/0x1720 [ 2647.428056][T16965] ? selinux_file_ioctl+0x72f/0x990 [ 2647.433235][T16965] ? ioctl_preallocate+0x250/0x250 [ 2647.438389][T16965] ? __fget+0x37b/0x3c0 [ 2647.442655][T16965] ? fget_many+0x20/0x20 [ 2647.446880][T16965] ? do_syscall_64+0x1e0/0x1e0 [ 2647.451803][T16965] ? security_file_ioctl+0x9d/0xb0 [ 2647.456906][T16965] __x64_sys_ioctl+0xd4/0x110 [ 2647.461605][T16965] do_syscall_64+0xcb/0x1e0 [ 2647.466097][T16965] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2647.471966][T16965] RIP: 0033:0x7f041403f739 [ 2647.476362][T16965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2647.495942][T16965] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2647.504335][T16965] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2647.512371][T16965] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2647.520323][T16965] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2647.528363][T16965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2647.536321][T16965] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2647.546345][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:04:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010064726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010065726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:04:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010067726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000a000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2649.605302][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2649.611345][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2651.685169][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2651.691378][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2653.765015][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:04:43 executing program 2 (fault-call:6 fault-nth:88): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:04:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010068726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000120012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000ba00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:04:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x74000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2658.114873][T17004] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2658.127119][T17004] FAULT_INJECTION: forcing a failure. [ 2658.127119][T17004] name failslab, interval 1, probability 0, space 0, times 0 [ 2658.140077][T17004] CPU: 0 PID: 17004 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2658.151765][T17004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2658.161796][T17004] Call Trace: [ 2658.165071][T17004] dump_stack+0x1d8/0x24e [ 2658.169390][T17004] ? devkmsg_release+0x11c/0x11c [ 2658.174303][T17004] ? show_regs_print_info+0x12/0x12 [ 2658.179479][T17004] should_fail+0x6f6/0x860 [ 2658.183876][T17004] ? setup_fault_attr+0x3d0/0x3d0 [ 2658.188873][T17004] ? remove_wait_queue+0x120/0x120 [ 2658.193967][T17004] ? rfkill_send_events+0xae/0x3f0 [ 2658.199062][T17004] should_failslab+0x5/0x20 [ 2658.203551][T17004] kmem_cache_alloc_trace+0x39/0x2b0 [ 2658.208817][T17004] rfkill_send_events+0xae/0x3f0 [ 2658.213733][T17004] rfkill_register+0x6ad/0x720 [ 2658.218479][T17004] hci_register_dev+0x398/0x710 [ 2658.223313][T17004] hci_uart_tty_ioctl+0x89e/0xa10 [ 2658.228312][T17004] ? hci_uart_tty_write+0x10/0x10 [ 2658.233318][T17004] tty_ioctl+0xf68/0x1710 [ 2658.237619][T17004] ? tty_do_resize+0x170/0x170 [ 2658.242357][T17004] ? avc_ss_reset+0x3a0/0x3a0 [ 2658.247006][T17004] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2658.253129][T17004] ? refcount_inc_checked+0x50/0x50 [ 2658.258300][T17004] ? proc_fail_nth_write+0x1d5/0x240 [ 2658.263555][T17004] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2658.268725][T17004] ? check_preemption_disabled+0x9e/0x330 [ 2658.274418][T17004] ? memset+0x1f/0x40 [ 2658.278374][T17004] ? fsnotify+0x1332/0x13f0 [ 2658.282848][T17004] ? tty_do_resize+0x170/0x170 [ 2658.287582][T17004] do_vfs_ioctl+0x76a/0x1720 [ 2658.292145][T17004] ? selinux_file_ioctl+0x72f/0x990 [ 2658.297318][T17004] ? ioctl_preallocate+0x250/0x250 [ 2658.302401][T17004] ? __fget+0x37b/0x3c0 [ 2658.306535][T17004] ? fget_many+0x20/0x20 [ 2658.310753][T17004] ? do_syscall_64+0x1e0/0x1e0 [ 2658.315496][T17004] ? security_file_ioctl+0x9d/0xb0 [ 2658.320579][T17004] __x64_sys_ioctl+0xd4/0x110 [ 2658.325232][T17004] do_syscall_64+0xcb/0x1e0 [ 2658.329712][T17004] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2658.335577][T17004] RIP: 0033:0x7f041403f739 [ 2658.339970][T17004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2658.359548][T17004] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2658.367941][T17004] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2658.375883][T17004] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2658.383825][T17004] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2658.391768][T17004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2658.399726][T17004] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2658.415102][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2658.465561][T17005] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. 13:04:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010069726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:04:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006c726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2658.698616][T17005] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. 13:04:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000130012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000c03140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2658.895981][T17028] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2660.484542][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2660.490689][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2662.564409][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2662.570455][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2664.644221][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:04:54 executing program 2 (fault-call:6 fault-nth:89): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:04:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010073726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:04:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000005603140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x81000000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:04:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000020000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2668.997816][T17048] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2669.008504][T17048] FAULT_INJECTION: forcing a failure. [ 2669.008504][T17048] name failslab, interval 1, probability 0, space 0, times 0 [ 2669.021256][T17048] CPU: 0 PID: 17048 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2669.032857][T17048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2669.042883][T17048] Call Trace: [ 2669.046161][T17048] dump_stack+0x1d8/0x24e [ 2669.050481][T17048] ? devkmsg_release+0x11c/0x11c [ 2669.055400][T17048] ? show_regs_print_info+0x12/0x12 [ 2669.060580][T17048] should_fail+0x6f6/0x860 [ 2669.064970][T17048] ? setup_fault_attr+0x3d0/0x3d0 [ 2669.069981][T17048] ? remove_wait_queue+0x120/0x120 [ 2669.075075][T17048] ? rfkill_send_events+0xae/0x3f0 [ 2669.080165][T17048] should_failslab+0x5/0x20 [ 2669.084656][T17048] kmem_cache_alloc_trace+0x39/0x2b0 [ 2669.089929][T17048] rfkill_send_events+0xae/0x3f0 [ 2669.094936][T17048] rfkill_register+0x6ad/0x720 [ 2669.099679][T17048] hci_register_dev+0x398/0x710 [ 2669.104505][T17048] hci_uart_tty_ioctl+0x89e/0xa10 [ 2669.109506][T17048] ? hci_uart_tty_write+0x10/0x10 [ 2669.114508][T17048] tty_ioctl+0xf68/0x1710 [ 2669.118846][T17048] ? tty_do_resize+0x170/0x170 [ 2669.123592][T17048] ? avc_ss_reset+0x3a0/0x3a0 [ 2669.128247][T17048] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2669.134373][T17048] ? refcount_inc_checked+0x50/0x50 [ 2669.139546][T17048] ? proc_fail_nth_write+0x1d5/0x240 [ 2669.144800][T17048] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2669.149971][T17048] ? check_preemption_disabled+0x9e/0x330 [ 2669.155664][T17048] ? memset+0x1f/0x40 [ 2669.159618][T17048] ? fsnotify+0x1332/0x13f0 [ 2669.164095][T17048] ? tty_do_resize+0x170/0x170 [ 2669.168833][T17048] do_vfs_ioctl+0x76a/0x1720 [ 2669.173399][T17048] ? selinux_file_ioctl+0x72f/0x990 [ 2669.178573][T17048] ? ioctl_preallocate+0x250/0x250 [ 2669.183664][T17048] ? __fget+0x37b/0x3c0 [ 2669.187796][T17048] ? fget_many+0x20/0x20 [ 2669.192011][T17048] ? do_syscall_64+0x1e0/0x1e0 [ 2669.196747][T17048] ? security_file_ioctl+0x9d/0xb0 [ 2669.201831][T17048] __x64_sys_ioctl+0xd4/0x110 [ 2669.206480][T17048] do_syscall_64+0xcb/0x1e0 [ 2669.210958][T17048] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2669.216831][T17048] RIP: 0033:0x7f041403f739 [ 2669.221219][T17048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2669.240827][T17048] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2669.249206][T17048] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2669.257151][T17048] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2669.265093][T17048] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2669.273040][T17048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2669.280982][T17048] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2669.303578][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:04:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010074726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010076726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000030000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010077726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000009603140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:04:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x81ffffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2671.363736][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2671.369791][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2673.443625][T24421] Bluetooth: hci0: command 0x1001 tx timeout [ 2673.449682][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2675.523449][T24421] Bluetooth: hci0: command 0x1009 tx timeout 13:05:05 executing program 2 (fault-call:6 fault-nth:90): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:05:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000040000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010078726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000b403140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:05:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9effffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2679.879353][T17088] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2679.889071][T17088] FAULT_INJECTION: forcing a failure. [ 2679.889071][T17088] name failslab, interval 1, probability 0, space 0, times 0 [ 2679.906069][T17088] CPU: 0 PID: 17088 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2679.917684][T17088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2679.927714][T17088] Call Trace: [ 2679.931068][T17088] dump_stack+0x1d8/0x24e [ 2679.935494][T17088] ? devkmsg_release+0x11c/0x11c [ 2679.940420][T17088] ? show_regs_print_info+0x12/0x12 [ 2679.945610][T17088] should_fail+0x6f6/0x860 [ 2679.950133][T17088] ? setup_fault_attr+0x3d0/0x3d0 [ 2679.955142][T17088] ? remove_wait_queue+0x120/0x120 [ 2679.960241][T17088] ? rfkill_send_events+0xae/0x3f0 [ 2679.965339][T17088] should_failslab+0x5/0x20 [ 2679.969824][T17088] kmem_cache_alloc_trace+0x39/0x2b0 [ 2679.975095][T17088] rfkill_send_events+0xae/0x3f0 [ 2679.980015][T17088] rfkill_register+0x6ad/0x720 [ 2679.984759][T17088] hci_register_dev+0x398/0x710 [ 2679.989591][T17088] hci_uart_tty_ioctl+0x89e/0xa10 [ 2679.994593][T17088] ? hci_uart_tty_write+0x10/0x10 [ 2679.999597][T17088] tty_ioctl+0xf68/0x1710 [ 2680.003904][T17088] ? tty_do_resize+0x170/0x170 [ 2680.008668][T17088] ? avc_ss_reset+0x3a0/0x3a0 [ 2680.013340][T17088] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2680.019471][T17088] ? refcount_inc_checked+0x50/0x50 [ 2680.024651][T17088] ? proc_fail_nth_write+0x1d5/0x240 [ 2680.029915][T17088] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2680.035114][T17088] ? check_preemption_disabled+0x9e/0x330 [ 2680.040812][T17088] ? memset+0x1f/0x40 [ 2680.044779][T17088] ? fsnotify+0x1332/0x13f0 [ 2680.049263][T17088] ? tty_do_resize+0x170/0x170 [ 2680.054009][T17088] do_vfs_ioctl+0x76a/0x1720 [ 2680.058581][T17088] ? selinux_file_ioctl+0x72f/0x990 [ 2680.063763][T17088] ? ioctl_preallocate+0x250/0x250 [ 2680.068854][T17088] ? __fget+0x37b/0x3c0 [ 2680.072991][T17088] ? fget_many+0x20/0x20 [ 2680.077236][T17088] ? do_syscall_64+0x1e0/0x1e0 [ 2680.081981][T17088] ? security_file_ioctl+0x9d/0xb0 [ 2680.087072][T17088] __x64_sys_ioctl+0xd4/0x110 [ 2680.091730][T17088] do_syscall_64+0xcb/0x1e0 [ 2680.096225][T17088] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2680.102159][T17088] RIP: 0033:0x7f041403f739 [ 2680.106557][T17088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 13:05:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010025726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2680.126143][T17088] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2680.134533][T17088] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2680.142485][T17088] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2680.150435][T17088] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2680.158385][T17088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2680.166336][T17088] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2680.193185][T11944] Bluetooth: hci0: sending frame failed (-49) 13:05:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000050000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000b603140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001002f726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000060000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001003a726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2682.243036][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2682.249072][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2684.322814][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2684.328838][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2686.402660][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:05:15 executing program 2 (fault-call:6 fault-nth:91): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:05:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010064726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa6030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000c003140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000070000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2690.754022][T17129] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2690.763571][T17129] FAULT_INJECTION: forcing a failure. [ 2690.763571][T17129] name failslab, interval 1, probability 0, space 0, times 0 [ 2690.777143][T17129] CPU: 0 PID: 17129 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2690.788758][T17129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2690.798792][T17129] Call Trace: [ 2690.802077][T17129] dump_stack+0x1d8/0x24e [ 2690.806403][T17129] ? devkmsg_release+0x11c/0x11c [ 2690.811414][T17129] ? show_regs_print_info+0x12/0x12 [ 2690.816590][T17129] should_fail+0x6f6/0x860 [ 2690.820980][T17129] ? setup_fault_attr+0x3d0/0x3d0 [ 2690.825985][T17129] ? remove_wait_queue+0x120/0x120 [ 2690.831078][T17129] ? rfkill_send_events+0xae/0x3f0 [ 2690.836188][T17129] should_failslab+0x5/0x20 [ 2690.840679][T17129] kmem_cache_alloc_trace+0x39/0x2b0 [ 2690.846409][T17129] rfkill_send_events+0xae/0x3f0 [ 2690.851331][T17129] rfkill_register+0x6ad/0x720 [ 2690.856087][T17129] hci_register_dev+0x398/0x710 [ 2690.860917][T17129] hci_uart_tty_ioctl+0x89e/0xa10 [ 2690.865933][T17129] ? hci_uart_tty_write+0x10/0x10 [ 2690.870932][T17129] tty_ioctl+0xf68/0x1710 [ 2690.875239][T17129] ? tty_do_resize+0x170/0x170 [ 2690.879982][T17129] ? avc_ss_reset+0x3a0/0x3a0 [ 2690.884633][T17129] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2690.890766][T17129] ? refcount_inc_checked+0x50/0x50 [ 2690.895942][T17129] ? proc_fail_nth_write+0x1d5/0x240 [ 2690.901222][T17129] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2690.906485][T17129] ? check_preemption_disabled+0x9e/0x330 [ 2690.912180][T17129] ? memset+0x1f/0x40 [ 2690.916137][T17129] ? fsnotify+0x1332/0x13f0 [ 2690.920661][T17129] ? tty_do_resize+0x170/0x170 [ 2690.925424][T17129] do_vfs_ioctl+0x76a/0x1720 [ 2690.929994][T17129] ? selinux_file_ioctl+0x72f/0x990 [ 2690.935174][T17129] ? ioctl_preallocate+0x250/0x250 [ 2690.940281][T17129] ? __fget+0x37b/0x3c0 [ 2690.944426][T17129] ? fget_many+0x20/0x20 [ 2690.948648][T17129] ? do_syscall_64+0x1e0/0x1e0 [ 2690.953388][T17129] ? security_file_ioctl+0x9d/0xb0 [ 2690.958476][T17129] __x64_sys_ioctl+0xd4/0x110 [ 2690.963126][T17129] do_syscall_64+0xcb/0x1e0 [ 2690.967609][T17129] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2690.973474][T17129] RIP: 0033:0x7f041403f739 [ 2690.977869][T17129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2690.997453][T17129] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2691.005838][T17129] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2691.013795][T17129] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2691.021749][T17129] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2691.029705][T17129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2691.037660][T17129] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2691.053620][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:05:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010065726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000c203140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010067726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000080000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010068726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000c403140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2693.122171][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2693.128390][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2695.202399][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 2695.208419][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2697.281838][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:05:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010069726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000da03140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb6030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:05:26 executing program 2 (fault-call:6 fault-nth:92): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:05:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000090000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2701.639605][T17170] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2701.649244][T17170] FAULT_INJECTION: forcing a failure. [ 2701.649244][T17170] name failslab, interval 1, probability 0, space 0, times 0 [ 2701.662347][T17170] CPU: 1 PID: 17170 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2701.673965][T17170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2701.683999][T17170] Call Trace: [ 2701.687273][T17170] dump_stack+0x1d8/0x24e [ 2701.691585][T17170] ? devkmsg_release+0x11c/0x11c [ 2701.696508][T17170] ? show_regs_print_info+0x12/0x12 [ 2701.701694][T17170] should_fail+0x6f6/0x860 [ 2701.706092][T17170] ? setup_fault_attr+0x3d0/0x3d0 [ 2701.711091][T17170] ? remove_wait_queue+0x120/0x120 [ 2701.716176][T17170] ? rfkill_send_events+0xae/0x3f0 [ 2701.721263][T17170] should_failslab+0x5/0x20 [ 2701.725740][T17170] kmem_cache_alloc_trace+0x39/0x2b0 [ 2701.731000][T17170] rfkill_send_events+0xae/0x3f0 [ 2701.735925][T17170] rfkill_register+0x6ad/0x720 [ 2701.740670][T17170] hci_register_dev+0x398/0x710 [ 2701.745592][T17170] hci_uart_tty_ioctl+0x89e/0xa10 [ 2701.750591][T17170] ? hci_uart_tty_write+0x10/0x10 [ 2701.755678][T17170] tty_ioctl+0xf68/0x1710 [ 2701.759984][T17170] ? tty_do_resize+0x170/0x170 [ 2701.764723][T17170] ? avc_ss_reset+0x3a0/0x3a0 [ 2701.769377][T17170] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2701.775507][T17170] ? refcount_inc_checked+0x50/0x50 [ 2701.780685][T17170] ? proc_fail_nth_write+0x1d5/0x240 [ 2701.785951][T17170] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2701.791127][T17170] ? check_preemption_disabled+0x9e/0x330 [ 2701.796820][T17170] ? memset+0x1f/0x40 [ 2701.800777][T17170] ? fsnotify+0x1332/0x13f0 [ 2701.805256][T17170] ? tty_do_resize+0x170/0x170 [ 2701.810009][T17170] do_vfs_ioctl+0x76a/0x1720 [ 2701.814574][T17170] ? selinux_file_ioctl+0x72f/0x990 [ 2701.819762][T17170] ? ioctl_preallocate+0x250/0x250 [ 2701.824848][T17170] ? __fget+0x37b/0x3c0 [ 2701.828982][T17170] ? fget_many+0x20/0x20 [ 2701.833215][T17170] ? do_syscall_64+0x1e0/0x1e0 [ 2701.837958][T17170] ? security_file_ioctl+0x9d/0xb0 [ 2701.843046][T17170] __x64_sys_ioctl+0xd4/0x110 [ 2701.847696][T17170] do_syscall_64+0xcb/0x1e0 [ 2701.852175][T17170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2701.858055][T17170] RIP: 0033:0x7f041403f739 [ 2701.862445][T17170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2701.882023][T17170] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2701.890410][T17170] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2701.898373][T17170] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2701.906318][T17170] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2701.914262][T17170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2701.922209][T17170] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2701.932786][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:05:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000a0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006c726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010073726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc6030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000e203140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010074726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2704.001345][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2704.007371][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2706.081508][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 2706.087607][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2708.161033][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:05:37 executing program 2 (fault-call:6 fault-nth:93): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:05:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:05:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010076726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc902930b, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000b0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000005140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010077726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2712.524851][T17209] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2712.536450][T17209] FAULT_INJECTION: forcing a failure. [ 2712.536450][T17209] name failslab, interval 1, probability 0, space 0, times 0 [ 2712.549718][T17209] CPU: 0 PID: 17209 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2712.561339][T17209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2712.571384][T17209] Call Trace: [ 2712.574674][T17209] dump_stack+0x1d8/0x24e [ 2712.579063][T17209] ? devkmsg_release+0x11c/0x11c [ 2712.584090][T17209] ? show_regs_print_info+0x12/0x12 [ 2712.589275][T17209] should_fail+0x6f6/0x860 [ 2712.593679][T17209] ? setup_fault_attr+0x3d0/0x3d0 [ 2712.598701][T17209] ? remove_wait_queue+0x120/0x120 [ 2712.603802][T17209] ? rfkill_send_events+0xae/0x3f0 [ 2712.608898][T17209] should_failslab+0x5/0x20 [ 2712.613393][T17209] kmem_cache_alloc_trace+0x39/0x2b0 [ 2712.618665][T17209] rfkill_send_events+0xae/0x3f0 [ 2712.623586][T17209] rfkill_register+0x6ad/0x720 [ 2712.628327][T17209] hci_register_dev+0x398/0x710 [ 2712.633162][T17209] hci_uart_tty_ioctl+0x89e/0xa10 [ 2712.638167][T17209] ? hci_uart_tty_write+0x10/0x10 [ 2712.643170][T17209] tty_ioctl+0xf68/0x1710 [ 2712.647500][T17209] ? tty_do_resize+0x170/0x170 [ 2712.652242][T17209] ? avc_ss_reset+0x3a0/0x3a0 [ 2712.656894][T17209] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2712.663024][T17209] ? refcount_inc_checked+0x50/0x50 [ 2712.668213][T17209] ? proc_fail_nth_write+0x1d5/0x240 [ 2712.673483][T17209] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2712.678662][T17209] ? check_preemption_disabled+0x9e/0x330 [ 2712.684362][T17209] ? memset+0x1f/0x40 [ 2712.688321][T17209] ? fsnotify+0x1332/0x13f0 [ 2712.692807][T17209] ? tty_do_resize+0x170/0x170 [ 2712.697557][T17209] do_vfs_ioctl+0x76a/0x1720 [ 2712.702129][T17209] ? selinux_file_ioctl+0x72f/0x990 [ 2712.707305][T17209] ? ioctl_preallocate+0x250/0x250 [ 2712.712397][T17209] ? __fget+0x37b/0x3c0 [ 2712.716538][T17209] ? fget_many+0x20/0x20 [ 2712.720765][T17209] ? do_syscall_64+0x1e0/0x1e0 [ 2712.725514][T17209] ? security_file_ioctl+0x9d/0xb0 [ 2712.730611][T17209] __x64_sys_ioctl+0xd4/0x110 [ 2712.735274][T17209] do_syscall_64+0xcb/0x1e0 [ 2712.739814][T17209] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2712.745694][T17209] RIP: 0033:0x7f041403f739 [ 2712.750089][T17209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2712.769679][T17209] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2712.778069][T17209] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2712.786053][T17209] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2712.794176][T17209] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2712.802129][T17209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2712.810082][T17209] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2712.824937][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:05:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010078726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000006140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000c0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xda030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062256964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2714.880626][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2714.886884][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2716.960681][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2716.966709][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2719.040257][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:05:48 executing program 2 (fault-call:6 fault-nth:94): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:05:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:05:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000007140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100622f6964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000d0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:48 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe2030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100623a6964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2723.402758][T17243] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2723.411808][T17243] FAULT_INJECTION: forcing a failure. [ 2723.411808][T17243] name failslab, interval 1, probability 0, space 0, times 0 [ 2723.425086][T17243] CPU: 1 PID: 17243 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2723.436727][T17243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2723.446767][T17243] Call Trace: [ 2723.450042][T17243] dump_stack+0x1d8/0x24e [ 2723.454361][T17243] ? devkmsg_release+0x11c/0x11c [ 2723.459293][T17243] ? show_regs_print_info+0x12/0x12 [ 2723.464483][T17243] should_fail+0x6f6/0x860 [ 2723.468889][T17243] ? setup_fault_attr+0x3d0/0x3d0 [ 2723.473899][T17243] ? remove_wait_queue+0x120/0x120 [ 2723.479006][T17243] ? rfkill_send_events+0xae/0x3f0 [ 2723.484110][T17243] should_failslab+0x5/0x20 [ 2723.488590][T17243] kmem_cache_alloc_trace+0x39/0x2b0 [ 2723.493858][T17243] rfkill_send_events+0xae/0x3f0 [ 2723.498785][T17243] rfkill_register+0x6ad/0x720 [ 2723.503533][T17243] hci_register_dev+0x398/0x710 [ 2723.508362][T17243] hci_uart_tty_ioctl+0x89e/0xa10 [ 2723.513362][T17243] ? hci_uart_tty_write+0x10/0x10 [ 2723.518363][T17243] tty_ioctl+0xf68/0x1710 [ 2723.522667][T17243] ? tty_do_resize+0x170/0x170 [ 2723.527407][T17243] ? avc_ss_reset+0x3a0/0x3a0 [ 2723.532062][T17243] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2723.538191][T17243] ? refcount_inc_checked+0x50/0x50 [ 2723.543369][T17243] ? proc_fail_nth_write+0x1d5/0x240 [ 2723.548632][T17243] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2723.553805][T17243] ? check_preemption_disabled+0x9e/0x330 [ 2723.559508][T17243] ? memset+0x1f/0x40 [ 2723.563464][T17243] ? fsnotify+0x1332/0x13f0 [ 2723.567945][T17243] ? tty_do_resize+0x170/0x170 [ 2723.572686][T17243] do_vfs_ioctl+0x76a/0x1720 [ 2723.577253][T17243] ? selinux_file_ioctl+0x72f/0x990 [ 2723.582426][T17243] ? ioctl_preallocate+0x250/0x250 [ 2723.587515][T17243] ? __fget+0x37b/0x3c0 [ 2723.591647][T17243] ? fget_many+0x20/0x20 [ 2723.595865][T17243] ? do_syscall_64+0x1e0/0x1e0 [ 2723.600605][T17243] ? security_file_ioctl+0x9d/0xb0 [ 2723.605693][T17243] __x64_sys_ioctl+0xd4/0x110 [ 2723.610344][T17243] do_syscall_64+0xcb/0x1e0 [ 2723.614825][T17243] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2723.620693][T17243] RIP: 0033:0x7f041403f739 [ 2723.625088][T17243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2723.644668][T17243] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2723.653054][T17243] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2723.661010][T17243] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2723.668955][T17243] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2723.676903][T17243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2723.684864][T17243] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2723.705737][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:05:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000e0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062616964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xeaffffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000009140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100626f6964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2725.759764][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2725.766044][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2727.839986][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2727.846016][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2729.919425][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:05:59 executing program 2 (fault-call:6 fault-nth:95): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:05:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062722564676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000f0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xefffffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:05:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:05:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062722f64676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2734.282931][T17279] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2734.294645][T17279] FAULT_INJECTION: forcing a failure. [ 2734.294645][T17279] name failslab, interval 1, probability 0, space 0, times 0 [ 2734.308496][T17279] CPU: 1 PID: 17279 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2734.320114][T17279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2734.330151][T17279] Call Trace: [ 2734.333440][T17279] dump_stack+0x1d8/0x24e [ 2734.337769][T17279] ? devkmsg_release+0x11c/0x11c [ 2734.342698][T17279] ? show_regs_print_info+0x12/0x12 [ 2734.347875][T17279] should_fail+0x6f6/0x860 [ 2734.352278][T17279] ? setup_fault_attr+0x3d0/0x3d0 [ 2734.357292][T17279] ? remove_wait_queue+0x120/0x120 [ 2734.362390][T17279] ? rfkill_send_events+0xae/0x3f0 [ 2734.367486][T17279] should_failslab+0x5/0x20 [ 2734.371964][T17279] kmem_cache_alloc_trace+0x39/0x2b0 [ 2734.377228][T17279] rfkill_send_events+0xae/0x3f0 [ 2734.382144][T17279] rfkill_register+0x6ad/0x720 [ 2734.386889][T17279] hci_register_dev+0x398/0x710 [ 2734.391715][T17279] hci_uart_tty_ioctl+0x89e/0xa10 [ 2734.396745][T17279] ? hci_uart_tty_write+0x10/0x10 [ 2734.401758][T17279] tty_ioctl+0xf68/0x1710 [ 2734.406073][T17279] ? tty_do_resize+0x170/0x170 [ 2734.410955][T17279] ? avc_ss_reset+0x3a0/0x3a0 [ 2734.415604][T17279] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2734.421726][T17279] ? refcount_inc_checked+0x50/0x50 [ 2734.426908][T17279] ? proc_fail_nth_write+0x1d5/0x240 [ 2734.432172][T17279] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2734.437350][T17279] ? check_preemption_disabled+0x9e/0x330 [ 2734.443040][T17279] ? memset+0x1f/0x40 [ 2734.446993][T17279] ? fsnotify+0x1332/0x13f0 [ 2734.451480][T17279] ? tty_do_resize+0x170/0x170 [ 2734.456237][T17279] do_vfs_ioctl+0x76a/0x1720 [ 2734.460810][T17279] ? selinux_file_ioctl+0x72f/0x990 [ 2734.465986][T17279] ? ioctl_preallocate+0x250/0x250 [ 2734.471081][T17279] ? __fget+0x37b/0x3c0 [ 2734.475208][T17279] ? fget_many+0x20/0x20 [ 2734.479428][T17279] ? do_syscall_64+0x1e0/0x1e0 [ 2734.484166][T17279] ? security_file_ioctl+0x9d/0xb0 [ 2734.489249][T17279] __x64_sys_ioctl+0xd4/0x110 [ 2734.493904][T17279] do_syscall_64+0xcb/0x1e0 [ 2734.498394][T17279] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2734.504270][T17279] RIP: 0033:0x7f041403f739 [ 2734.508664][T17279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2734.528243][T17279] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2734.536636][T17279] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2734.544578][T17279] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2734.552693][T17279] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2734.560637][T17279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2734.568577][T17279] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2734.578332][T15880] Bluetooth: hci0: Frame reassembly failed (-84) 13:05:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000b140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000100000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:05:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062723a64676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:00 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726264676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2736.638934][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2736.644972][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2738.718806][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2738.724863][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2740.798640][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:06:10 executing program 2 (fault-call:6 fault-nth:96): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:06:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000110000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726908676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0ffffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000030c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2745.147988][T17306] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2745.160572][T17306] FAULT_INJECTION: forcing a failure. [ 2745.160572][T17306] name failslab, interval 1, probability 0, space 0, times 0 [ 2745.173456][T17306] CPU: 1 PID: 17306 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2745.185063][T17306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2745.195094][T17306] Call Trace: [ 2745.198401][T17306] dump_stack+0x1d8/0x24e [ 2745.202711][T17306] ? devkmsg_release+0x11c/0x11c [ 2745.207633][T17306] ? show_regs_print_info+0x12/0x12 [ 2745.212817][T17306] should_fail+0x6f6/0x860 [ 2745.217216][T17306] ? setup_fault_attr+0x3d0/0x3d0 [ 2745.222222][T17306] ? remove_wait_queue+0x120/0x120 [ 2745.227323][T17306] ? rfkill_send_events+0xae/0x3f0 [ 2745.232423][T17306] should_failslab+0x5/0x20 [ 2745.236913][T17306] kmem_cache_alloc_trace+0x39/0x2b0 [ 2745.242185][T17306] rfkill_send_events+0xae/0x3f0 [ 2745.247119][T17306] rfkill_register+0x6ad/0x720 [ 2745.251866][T17306] hci_register_dev+0x398/0x710 [ 2745.256695][T17306] hci_uart_tty_ioctl+0x89e/0xa10 [ 2745.261692][T17306] ? hci_uart_tty_write+0x10/0x10 [ 2745.266698][T17306] tty_ioctl+0xf68/0x1710 [ 2745.271006][T17306] ? tty_do_resize+0x170/0x170 [ 2745.275746][T17306] ? avc_ss_reset+0x3a0/0x3a0 [ 2745.280409][T17306] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2745.286535][T17306] ? refcount_inc_checked+0x50/0x50 [ 2745.291719][T17306] ? proc_fail_nth_write+0x1d5/0x240 [ 2745.296984][T17306] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2745.302161][T17306] ? check_preemption_disabled+0x9e/0x330 [ 2745.307851][T17306] ? memset+0x1f/0x40 [ 2745.311810][T17306] ? fsnotify+0x1332/0x13f0 [ 2745.316299][T17306] ? tty_do_resize+0x170/0x170 [ 2745.321050][T17306] do_vfs_ioctl+0x76a/0x1720 [ 2745.325625][T17306] ? selinux_file_ioctl+0x72f/0x990 [ 2745.330801][T17306] ? ioctl_preallocate+0x250/0x250 [ 2745.335895][T17306] ? __fget+0x37b/0x3c0 [ 2745.340040][T17306] ? fget_many+0x20/0x20 [ 2745.344356][T17306] ? do_syscall_64+0x1e0/0x1e0 [ 2745.349108][T17306] ? security_file_ioctl+0x9d/0xb0 [ 2745.354204][T17306] __x64_sys_ioctl+0xd4/0x110 [ 2745.358864][T17306] do_syscall_64+0xcb/0x1e0 [ 2745.363348][T17306] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2745.369222][T17306] RIP: 0033:0x7f041403f739 [ 2745.373627][T17306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2745.393232][T17306] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2745.401630][T17306] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2745.409581][T17306] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2745.417526][T17306] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2745.425474][T17306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2745.433428][T17306] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2745.443415][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:06:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726923676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726925676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000d140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272692a676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000120000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf4030000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2747.518108][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2747.524182][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2749.597980][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2749.604023][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2751.677817][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:06:21 executing program 2 (fault-call:6 fault-nth:97): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:06:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272692b676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000250000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:06:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeff0000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272692d676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2756.042149][T17352] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2756.053321][T17352] FAULT_INJECTION: forcing a failure. [ 2756.053321][T17352] name failslab, interval 1, probability 0, space 0, times 0 [ 2756.066679][T17352] CPU: 0 PID: 17352 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2756.078288][T17352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2756.088324][T17352] Call Trace: [ 2756.091602][T17352] dump_stack+0x1d8/0x24e [ 2756.095915][T17352] ? devkmsg_release+0x11c/0x11c [ 2756.100830][T17352] ? show_regs_print_info+0x12/0x12 [ 2756.106007][T17352] should_fail+0x6f6/0x860 [ 2756.110398][T17352] ? setup_fault_attr+0x3d0/0x3d0 [ 2756.115394][T17352] ? remove_wait_queue+0x120/0x120 [ 2756.120494][T17352] ? rfkill_send_events+0xae/0x3f0 [ 2756.125587][T17352] should_failslab+0x5/0x20 [ 2756.130069][T17352] kmem_cache_alloc_trace+0x39/0x2b0 [ 2756.135338][T17352] rfkill_send_events+0xae/0x3f0 [ 2756.140263][T17352] rfkill_register+0x6ad/0x720 [ 2756.145010][T17352] hci_register_dev+0x398/0x710 [ 2756.149843][T17352] hci_uart_tty_ioctl+0x89e/0xa10 [ 2756.154842][T17352] ? hci_uart_tty_write+0x10/0x10 [ 2756.159839][T17352] tty_ioctl+0xf68/0x1710 [ 2756.164144][T17352] ? tty_do_resize+0x170/0x170 [ 2756.168884][T17352] ? avc_ss_reset+0x3a0/0x3a0 [ 2756.173534][T17352] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2756.179659][T17352] ? refcount_inc_checked+0x50/0x50 [ 2756.184833][T17352] ? proc_fail_nth_write+0x1d5/0x240 [ 2756.190090][T17352] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2756.195262][T17352] ? check_preemption_disabled+0x9e/0x330 [ 2756.200955][T17352] ? memset+0x1f/0x40 [ 2756.204910][T17352] ? fsnotify+0x1332/0x13f0 [ 2756.209387][T17352] ? tty_do_resize+0x170/0x170 [ 2756.214125][T17352] do_vfs_ioctl+0x76a/0x1720 [ 2756.218690][T17352] ? selinux_file_ioctl+0x72f/0x990 [ 2756.223861][T17352] ? ioctl_preallocate+0x250/0x250 [ 2756.228949][T17352] ? __fget+0x37b/0x3c0 [ 2756.233086][T17352] ? fget_many+0x20/0x20 [ 2756.237302][T17352] ? do_syscall_64+0x1e0/0x1e0 [ 2756.242040][T17352] ? security_file_ioctl+0x9d/0xb0 [ 2756.247125][T17352] __x64_sys_ioctl+0xd4/0x110 [ 2756.251775][T17352] do_syscall_64+0xcb/0x1e0 [ 2756.256259][T17352] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2756.262125][T17352] RIP: 0033:0x7f041403f739 [ 2756.266518][T17352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2756.286097][T17352] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2756.294479][T17352] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2756.302423][T17352] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2756.310368][T17352] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2756.318315][T17352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2756.326261][T17352] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2756.346214][T17298] Bluetooth: hci0: Frame reassembly failed (-84) 13:06:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000e510140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272692e676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272692f676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeffffff, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000002f0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2758.397585][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2758.403643][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2760.477798][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2760.483831][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2762.557546][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:06:32 executing program 2 (fault-call:6 fault-nth:98): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:06:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726930676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000011140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000003a0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:06:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff0f0000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2766.912016][T17387] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2766.921563][T17387] FAULT_INJECTION: forcing a failure. [ 2766.921563][T17387] name failslab, interval 1, probability 0, space 0, times 0 [ 2766.934784][T17387] CPU: 1 PID: 17387 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2766.946395][T17387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2766.956426][T17387] Call Trace: [ 2766.959697][T17387] dump_stack+0x1d8/0x24e [ 2766.964005][T17387] ? devkmsg_release+0x11c/0x11c [ 2766.968920][T17387] ? show_regs_print_info+0x12/0x12 [ 2766.974091][T17387] should_fail+0x6f6/0x860 [ 2766.978496][T17387] ? setup_fault_attr+0x3d0/0x3d0 [ 2766.983512][T17387] ? remove_wait_queue+0x120/0x120 [ 2766.988654][T17387] ? rfkill_send_events+0xae/0x3f0 [ 2766.993739][T17387] should_failslab+0x5/0x20 [ 2766.998215][T17387] kmem_cache_alloc_trace+0x39/0x2b0 [ 2767.003473][T17387] rfkill_send_events+0xae/0x3f0 [ 2767.008390][T17387] rfkill_register+0x6ad/0x720 [ 2767.013135][T17387] hci_register_dev+0x398/0x710 [ 2767.017962][T17387] hci_uart_tty_ioctl+0x89e/0xa10 [ 2767.022961][T17387] ? hci_uart_tty_write+0x10/0x10 [ 2767.027958][T17387] tty_ioctl+0xf68/0x1710 [ 2767.032271][T17387] ? tty_do_resize+0x170/0x170 [ 2767.037015][T17387] ? avc_ss_reset+0x3a0/0x3a0 [ 2767.041686][T17387] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2767.047818][T17387] ? refcount_inc_checked+0x50/0x50 [ 2767.053007][T17387] ? proc_fail_nth_write+0x1d5/0x240 [ 2767.058269][T17387] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2767.063448][T17387] ? check_preemption_disabled+0x9e/0x330 [ 2767.069173][T17387] ? memset+0x1f/0x40 [ 2767.073137][T17387] ? fsnotify+0x1332/0x13f0 [ 2767.077616][T17387] ? tty_do_resize+0x170/0x170 [ 2767.082364][T17387] do_vfs_ioctl+0x76a/0x1720 [ 2767.086936][T17387] ? selinux_file_ioctl+0x72f/0x990 [ 2767.092111][T17387] ? ioctl_preallocate+0x250/0x250 [ 2767.097245][T17387] ? __fget+0x37b/0x3c0 [ 2767.101380][T17387] ? fget_many+0x20/0x20 [ 2767.105603][T17387] ? do_syscall_64+0x1e0/0x1e0 [ 2767.110342][T17387] ? security_file_ioctl+0x9d/0xb0 [ 2767.115428][T17387] __x64_sys_ioctl+0xd4/0x110 [ 2767.120078][T17387] do_syscall_64+0xcb/0x1e0 [ 2767.124559][T17387] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2767.130425][T17387] RIP: 0033:0x7f041403f739 [ 2767.134815][T17387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2767.154398][T17387] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2767.162781][T17387] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2767.170725][T17387] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2767.178671][T17387] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2767.186616][T17387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2767.194564][T17387] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 13:06:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272693a676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2767.209384][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:06:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000012140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272694c676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff7f0000, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726958676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000003c0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2769.276517][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2769.282562][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2771.356362][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2771.362408][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2773.436199][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:06:42 executing program 2 (fault-call:6 fault-nth:99): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:06:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000001f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272695b676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000003e0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffff0300, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:06:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726962676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2777.800616][T17425] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2777.811526][T17425] FAULT_INJECTION: forcing a failure. [ 2777.811526][T17425] name failslab, interval 1, probability 0, space 0, times 0 [ 2777.824612][T17425] CPU: 0 PID: 17425 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 2777.836210][T17425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2777.846240][T17425] Call Trace: [ 2777.849509][T17425] dump_stack+0x1d8/0x24e [ 2777.853821][T17425] ? devkmsg_release+0x11c/0x11c [ 2777.858731][T17425] ? show_regs_print_info+0x12/0x12 [ 2777.863902][T17425] should_fail+0x6f6/0x860 [ 2777.868396][T17425] ? setup_fault_attr+0x3d0/0x3d0 [ 2777.873446][T17425] ? remove_wait_queue+0x120/0x120 [ 2777.878537][T17425] ? rfkill_send_events+0xae/0x3f0 [ 2777.883638][T17425] should_failslab+0x5/0x20 [ 2777.888129][T17425] kmem_cache_alloc_trace+0x39/0x2b0 [ 2777.893392][T17425] ? __list_add_valid+0x58/0xc0 [ 2777.898224][T17425] rfkill_send_events+0xae/0x3f0 [ 2777.903140][T17425] rfkill_register+0x6ad/0x720 [ 2777.907879][T17425] hci_register_dev+0x398/0x710 [ 2777.912719][T17425] hci_uart_tty_ioctl+0x89e/0xa10 [ 2777.917730][T17425] ? hci_uart_tty_write+0x10/0x10 [ 2777.922732][T17425] tty_ioctl+0xf68/0x1710 [ 2777.927039][T17425] ? tty_do_resize+0x170/0x170 [ 2777.931780][T17425] ? avc_ss_reset+0x3a0/0x3a0 [ 2777.936436][T17425] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 2777.942565][T17425] ? refcount_inc_checked+0x50/0x50 [ 2777.947740][T17425] ? proc_fail_nth_write+0x1d5/0x240 [ 2777.953020][T17425] ? proc_fail_nth_read+0x1c0/0x1c0 [ 2777.958194][T17425] ? check_preemption_disabled+0x9e/0x330 [ 2777.963893][T17425] ? memset+0x1f/0x40 [ 2777.967851][T17425] ? fsnotify+0x1332/0x13f0 [ 2777.972328][T17425] ? tty_do_resize+0x170/0x170 [ 2777.977067][T17425] do_vfs_ioctl+0x76a/0x1720 [ 2777.981635][T17425] ? selinux_file_ioctl+0x72f/0x990 [ 2777.986816][T17425] ? ioctl_preallocate+0x250/0x250 [ 2777.991908][T17425] ? __fget+0x37b/0x3c0 [ 2777.996042][T17425] ? fget_many+0x20/0x20 [ 2778.000278][T17425] ? do_syscall_64+0x1e0/0x1e0 [ 2778.005024][T17425] ? security_file_ioctl+0x9d/0xb0 [ 2778.010112][T17425] __x64_sys_ioctl+0xd4/0x110 [ 2778.014767][T17425] do_syscall_64+0xcb/0x1e0 [ 2778.019247][T17425] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2778.025115][T17425] RIP: 0033:0x7f041403f739 [ 2778.029505][T17425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2778.049084][T17425] RSP: 002b:00007f0411db7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2778.057470][T17425] RAX: ffffffffffffffda RBX: 00007f0414143f80 RCX: 00007f041403f739 [ 2778.065418][T17425] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 2778.073366][T17425] RBP: 00007f0411db71d0 R08: 0000000000000000 R09: 0000000000000000 [ 2778.081312][T17425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2778.089257][T17425] R13: 00007ffd175614af R14: 00007f0411db7300 R15: 0000000000022000 [ 2778.106142][T17298] Bluetooth: hci0: Frame reassembly failed (-84) 13:06:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726963676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000480000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000020140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726968676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000025140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2780.155685][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2780.161752][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2782.235573][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2782.241612][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2784.315411][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:06:53 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:06:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726969676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffff7f, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000004a0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:06:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000002f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2788.668926][T17460] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2788.678495][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:06:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696c676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696e676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:54 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffff81, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:06:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000004c0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:06:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696f676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2790.715082][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2790.721163][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2792.794915][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2792.800971][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2794.874737][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726970676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000680000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffff9e, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x4b47, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x4b49, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5409, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x540b, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x540c, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000006c0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726973676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x540d, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x540e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffffea, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726974676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x540f, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000740000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffffef, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5410, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5412, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5413, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5414, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5415, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726975676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5416, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726978676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000040140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000007a0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffffff0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5417, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5418, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x541b, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x541d, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x541e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x541e, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000850000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5420, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272697a676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000048140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffffffe, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5421, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5422, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5423, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5424, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5425, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5427, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000a00000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5428, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000004a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964256500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5429, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x2, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000ba0000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269642f6500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000004c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x3, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5437, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x4, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5441, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269643a6500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5450, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x5, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5451, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000356140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964626500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000f20000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x6, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5452, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x7, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x545d, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964672500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x5460, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x8, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:09 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x40045431, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000068140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964672f00000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x9, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:09 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x40045436, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xa, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:09 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455cb, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xb, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:09 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x40049409, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:10 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x40086602, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xc, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964673a00000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000c0300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000006c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:10 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x40087602, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xd, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xe, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:10 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x4020940d, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xf, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:10 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80045430, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x10, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x11, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676200000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000560300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80045432, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x12, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467654a580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000074140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000960300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80045438, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80045439, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80045440, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x800455c9, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x800455ca, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2805.844504][T17999] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x800455cc, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x13, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80086601, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467654b580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000b40300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000007a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x80087601, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0xc0045878, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0xc0045878, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0xc0189436, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0xc020660b, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000c00300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2806.754845][T18067] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676580580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:12 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x14, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000081140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000c20300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x15, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:12 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:12 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2807.542744][T18131] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000396140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a0580100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2807.585844][T18152] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2807.597014][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:07:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x16, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000da0300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x17, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a8580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000a0140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2807.744866][T18161] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2807.783925][T18173] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x25, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:13 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e4580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000e20300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2808.391167][T18187] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2808.401159][T18189] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2808.435057][T18193] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2809.673493][T24421] Bluetooth: hci0: command 0x1003 tx timeout [ 2809.679615][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2811.753354][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2811.759429][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2813.833214][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x5) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003b4140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:23 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x3e, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e6580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e8580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x8) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2818.093295][T18208] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2818.127003][T18205] netlink: 30 bytes leftover after parsing attributes in process `syz-executor.1'. 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xa) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003b6140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:23 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xe80, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xb) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ea580100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2818.197044][T18221] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2818.214907][T18224] netlink: 30 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2818.293855][T18274] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x37fe0, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xc) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000ba140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ec580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000700140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x20000200, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xd) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xe) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x7ffff000, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0xfffffdef, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000900140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2819.001012][T18294] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x2, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ee580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003c0140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x11) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x12) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x3, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x25) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x48) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2819.814562][T18358] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=18358 comm=syz-executor.1 [ 2819.834226][T18363] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=18363 comm=syz-executor.1 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2819.886680][T18386] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pid=18386 comm=syz-executor.1 [ 2819.902397][T18399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pid=18399 comm=syz-executor.1 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x4, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765f0580100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003c2140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2819.932968][T18359] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2819.949107][T18409] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=18409 comm=syz-executor.1 [ 2819.971076][T18414] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=18414 comm=syz-executor.1 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x5, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2819.976150][T18413] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2820.018277][T18423] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=18423 comm=syz-executor.1 [ 2820.032179][T18425] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=18425 comm=syz-executor.1 13:07:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b2590100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000b00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x60) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x6, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003c4140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x68) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x7, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x8, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2820.670406][T18436] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2820.680441][T18438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6 sclass=netlink_route_socket pid=18438 comm=syz-executor.1 [ 2820.694808][T18447] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6 sclass=netlink_route_socket pid=18447 comm=syz-executor.1 13:07:25 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x74) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467654b5c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2820.783350][T18474] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x9, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:26 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7a) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003da140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a85c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0xa, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:26 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x300) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0xb, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0xc, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:26 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x500) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0xd, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x0, &(0x7f0000000400)}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x600) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0xe, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000030c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e45c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003e2140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e65c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0xf, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x700) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x11, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x900) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xa00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xb00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x12, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000010e5140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e85c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000d00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xc00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xd00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xe00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2823.275346][T18591] __nla_validate_parse: 3 callbacks suppressed [ 2823.275350][T18591] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1100) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x13, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ea5c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2823.387307][T18645] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000fffe140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ec5c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x14, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x17, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1f00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:29 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x1a, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2500) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3f00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2824.157049][T18666] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000003ff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4800) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x1b, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ee5c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4c00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000fff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001100140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x1c, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2824.975477][T18730] selinux_nlmsg_perm: 20 callbacks suppressed [ 2824.975488][T18730] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=18730 comm=syz-executor.1 [ 2824.996944][T18741] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=18741 comm=syz-executor.1 13:07:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6800) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6c00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7400) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2825.033844][T18731] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007fff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7a00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765f05c0100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2825.083187][T18753] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2825.094377][T18780] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. 13:07:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x22, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2825.163389][T18794] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x100000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467652e5d0100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000feff140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x29, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1fffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2825.837485][T18809] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x5000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x6b, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676575d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000030012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676576d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2826.695980][T18871] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2826.714714][T18878] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=107 sclass=netlink_route_socket pid=18878 comm=syz-executor.1 [ 2826.732517][T18890] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=107 sclass=netlink_route_socket pid=18890 comm=syz-executor.1 13:07:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x7c1, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676577d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000050012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676578d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x8000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000002c2200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2826.753833][T18880] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2826.772563][T18903] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1985 sclass=netlink_route_socket pid=18903 comm=syz-executor.1 13:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676579d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000060012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2826.817957][T18915] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1985 sclass=netlink_route_socket pid=18915 comm=syz-executor.1 13:07:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x7c4, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000090012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657ad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xa000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xb000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x702, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000a0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657bd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2827.588553][T18948] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1988 sclass=netlink_route_socket pid=18948 comm=syz-executor.1 [ 2827.605550][T18960] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1988 sclass=netlink_route_socket pid=18960 comm=syz-executor.1 13:07:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x703, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657cd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xb9302c9) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000d0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000222c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xc000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xd000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xe000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2828.456836][T19003] __nla_validate_parse: 12 callbacks suppressed [ 2828.456842][T19003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x10000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x11000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x12000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2828.573564][T19006] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'. 13:07:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x704, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1f000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000e0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657dd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657ed90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x20000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x706, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000f0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2828.654082][T19065] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2828.669631][T19073] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.3'. 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x25000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x707, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3f000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x40000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x48000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4c000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2828.751335][T19081] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x60000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657fd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2828.932674][T19140] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676580d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x68000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000110012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x708, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x709, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6c000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x74000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7a000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x97ffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676581d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xc902930b) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2829.172896][T19161] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2829.182427][T19165] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.3'. 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xfdfdffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2829.253157][T19193] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000120012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xfdffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676582d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x70a, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xffff1f00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x70b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xfffffdfd) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676583d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2829.429116][T19228] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.3'. 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xffffff7f) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xffffff97) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000130012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xfffffffd) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676584d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2829.660392][T19288] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2829.669822][T17298] Bluetooth: hci0: Frame reassembly failed (-84) 13:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x70c, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676585d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x70e, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x70f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000002140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676586d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676587d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2831.671831][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2831.677856][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2833.751671][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2833.757695][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2835.831561][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:07:45 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x100000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x710, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676588d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:45 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x711, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2839.865341][T19343] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2839.875907][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2839.942079][T19340] __nla_validate_parse: 7 callbacks suppressed [ 2839.942087][T19340] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676589d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000004140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000005140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:45 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467658ad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2840.162002][T19356] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2840.281970][T19361] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2841.911068][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 2841.917126][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2843.990916][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 2843.996945][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2846.070754][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:07:55 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:07:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x712, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:07:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000035600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467658bd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000006140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:07:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x713, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2850.097985][T19370] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2850.109290][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2850.191192][T19373] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000007140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467658cd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2850.471425][T19389] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:07:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:07:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000008140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2852.150288][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 2852.156321][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2854.230138][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2854.236164][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2856.309981][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:08:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x100000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:08:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467658dd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x714, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000009140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r3, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:08:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x715, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2860.340589][T19407] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2860.451838][T19408] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467658ed90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2860.660613][T19422] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000b140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:05 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467658fd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2860.870453][T19431] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2862.390021][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2862.396188][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2864.469612][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2864.475671][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2866.549465][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:08:15 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x200000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:08:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x716, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000008100140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676590d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r3, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:08:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676591d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x725, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2870.568073][T19442] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2870.584669][T19449] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2870.595444][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2870.689725][T19455] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000008500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676592d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:16 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676593d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2870.949558][T19466] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000d140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2871.057289][T19469] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2872.628736][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2872.634791][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2874.708573][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2874.714601][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2876.788425][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:08:26 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x300000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:08:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000039600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676594d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r3, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:08:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676595d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2880.806955][T19478] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2880.827119][T19489] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2880.838696][T17298] Bluetooth: hci0: Frame reassembly failed (-84) 13:08:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676596d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000010140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2880.968816][T19496] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000a000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2881.058739][T19507] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:26 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:26 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676597d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2881.338605][T19514] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2882.867975][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2882.874031][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2884.947812][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2884.953852][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2887.027660][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:08:36 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x400000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:08:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000011140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676598d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003b400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x0, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2891.055460][T19534] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2891.065214][T17298] Bluetooth: hci0: Frame reassembly failed (-84) [ 2891.167143][T19533] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676599d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000ba00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000012140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2891.288068][T19545] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467659ad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x4, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003c000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2891.447941][T19550] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2893.107188][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 2893.113244][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2895.187050][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 2895.193091][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2897.266861][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:08:46 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x500000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:08:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467659bd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000025140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003c200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x5, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x0, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2901.293918][T19568] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 13:08:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000002f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467659cd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2901.410407][T19571] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2901.477248][T19580] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003da00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:46 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x6, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:46 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467659dd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003e200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2901.677246][T19588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2903.346399][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2903.352434][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2905.426251][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2905.432301][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2907.506085][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:08:56 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x600000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:08:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:56 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467659ed90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000f200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:56 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x7, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x0, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2911.535605][T19608] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2911.547159][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:08:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467659fd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2911.736491][T19607] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:57 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x8, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:08:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000fffe00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:08:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a0d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2911.866658][T19622] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:08:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000003e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2911.976482][T19631] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2913.585606][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2913.591661][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2915.665465][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2915.671514][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2917.745289][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:09:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x700000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:09:06 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a1d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:06 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x9, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000003ff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000048140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:09:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a2d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2921.768564][T19645] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2921.772047][T19648] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2921.793832][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:09:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000004a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a3d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2921.946099][T19660] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:07 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xa, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:07 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a4d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000fff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2922.105501][T19672] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2922.142191][T19674] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2923.824846][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 2923.830899][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2925.904672][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 2925.910704][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2927.984666][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:09:17 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x800000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:09:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:09:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000004c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a5d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000007fff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xb, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2932.015340][T19697] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2932.025542][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2932.065081][T19694] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000068140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a6d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2932.324800][T19712] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000feff00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:17 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xc, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a7d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2932.514952][T19716] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000006c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2934.064048][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2934.070073][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2936.143861][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2936.149871][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2938.223707][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:09:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x900000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:09:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a8d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000170012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:09:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xd, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000074140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2942.251841][T19736] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2942.262036][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2942.274463][T19738] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000007a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765a9d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2942.363987][T19740] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2942.373299][T19740] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2942.434332][T19754] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:27 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xe, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000200012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765aad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2942.594338][T19767] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2942.603889][T19768] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2944.303254][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 2944.309325][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2946.383094][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 2946.389139][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2948.462965][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:09:37 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xa00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:09:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000a0140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000062c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765abd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x10, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2952.482424][T19777] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2952.497204][T19785] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2952.508909][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:09:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765acd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000003f0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2952.604595][T19784] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 13:09:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000ba140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000400012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765add90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2952.693321][T19796] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2952.702806][T19800] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 13:09:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x11, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 2952.763340][T19808] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2952.772896][T19809] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2954.542470][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 2954.548497][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2956.622333][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 2956.628564][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2958.702151][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:09:47 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xb00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:09:47 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a440012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000170012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:47 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765aed90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:47 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x12, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2962.717408][T19820] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2962.730806][T19820] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2962.737184][T19831] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2962.745581][T19824] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000540012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2962.760847][T19828] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 13:09:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000025c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765afd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2962.790596][T19845] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2962.800670][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 2962.814700][T19843] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. 13:09:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000200012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2962.859812][T19854] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b0d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2962.923055][T19857] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2962.932692][T19858] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2962.973059][T19860] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2964.861671][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2964.867709][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2966.941511][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2966.947671][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2969.021355][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:09:58 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xb9302c900000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:09:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000680012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:58 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x25, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:09:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000006280012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b1d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:09:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003e80012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2972.966652][T19868] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2972.971246][T19875] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2972.977187][T19871] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2973.002713][T19869] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:09:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000003f0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2973.024005][T19880] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2973.051995][T19881] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2973.063523][T19885] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:09:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000400012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:09:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b2d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2973.077410][T19871] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:09:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a400012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2973.125313][T19892] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2973.135113][T19894] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2973.211620][T19898] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2975.100907][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 2975.106948][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2977.180736][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2977.186756][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2979.260570][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:10:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000300140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b3d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000540012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2f, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:10:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xc00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:10:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000025c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2983.209449][T19916] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2983.218866][T17298] Bluetooth: hci0: Frame reassembly failed (-84) [ 2983.228383][T19903] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:10:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b4d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000640012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2983.281196][T19914] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2983.290744][T19920] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:10:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x39, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b5d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000680012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2983.390953][T19929] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2983.401102][T19932] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:10:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003e40012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2983.470999][T19946] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2983.481122][T19949] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:08 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b6d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000007fc0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2983.541045][T19956] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2983.590999][T19964] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2983.602650][T19965] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:10:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 2985.260138][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2985.266178][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2987.339986][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2987.346028][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2989.419818][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:10:18 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xd00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:10:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b7d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000007fff0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:18 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3a, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x0, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:10:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000030012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2993.438764][T19977] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2993.455068][T19988] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 2993.467544][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:10:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b8d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000040012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2993.540347][T19991] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2993.549923][T19997] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:10:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000600140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000050012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765b9d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 2993.630599][T20003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2993.700095][T20013] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2995.499382][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 2995.505428][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2997.579183][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 2997.585216][T11944] Bluetooth: hci0: sending frame failed (-49) [ 2999.659184][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:10:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xe00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:10:28 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3c, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765bad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000060012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000700140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3003.687789][T20036] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3003.697492][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:10:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765bbd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000080012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3003.807437][T20028] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765bcd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3003.879659][T20052] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765bdd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000900140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3003.929209][T20051] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3003.938847][T20051] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3003.950164][T20057] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3004.009570][T20063] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3005.738502][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 3005.744526][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3007.818353][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 3007.824370][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3009.898253][ T5] Bluetooth: hci0: command 0x1009 tx timeout 13:10:39 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1000000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:10:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x48, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000090012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765bed90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3013.926410][T20082] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3013.935925][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:10:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000a0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765bfd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3014.048303][T20083] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3014.057753][T20083] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3014.067583][T20085] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000b00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c0d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3014.128474][T20095] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3014.138929][T20095] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3014.150041][T20096] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x4a, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3014.212964][T20102] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3014.222292][T20104] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3014.232539][T20104] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3014.268424][T20102] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3015.977800][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 3015.983839][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3018.057581][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 3018.063647][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3020.137390][ T5] Bluetooth: hci0: command 0x1009 tx timeout 13:10:49 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1100000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:10:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c1d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000d0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x4c, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:10:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000e0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3024.151971][T20113] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3024.164159][T20116] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3024.175346][T20128] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3024.185817][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:10:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c2d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000000f0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3024.294192][T20137] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.3'. 13:10:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000d00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3024.357879][T20146] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:49 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c3d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:49 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x5c, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3024.497802][T20153] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3026.216921][T18401] Bluetooth: hci0: command 0x1003 tx timeout [ 3026.222994][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3028.296786][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3028.302861][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3030.376615][T18401] Bluetooth: hci0: command 0x1009 tx timeout 13:10:59 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1200000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:10:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000100012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c4d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x68, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:10:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3034.404470][T20174] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3034.414857][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:10:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c5d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c6d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3034.527033][T20173] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3034.556978][T20185] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:10:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c7d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:10:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c8d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3034.696968][T20190] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3034.727081][T20194] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3034.777108][T20201] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3036.456142][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 3036.462168][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3038.535981][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 3038.542238][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3040.615832][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:11:09 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x1f00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:11:09 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x6c, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765c9d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000110012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001100140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:11:09 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765cad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3044.634340][T20209] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3044.648154][T20208] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3044.660892][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3044.686205][T20213] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.3'. 13:11:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765cbd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3044.806177][T20218] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000001200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000120012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ccd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3044.886210][T20224] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3044.956266][T20229] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.3'. 13:11:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x74, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3045.040022][T20230] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3046.695333][T18401] Bluetooth: hci0: command 0x1003 tx timeout [ 3046.701394][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3048.775195][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3048.781269][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3050.855025][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:11:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765cdd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000130012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x7a, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600), 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:11:20 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2000000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 3054.876173][T20244] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3054.885381][T20249] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3054.893590][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3054.915725][T20247] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ced90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002f00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765cfd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3055.125412][T20259] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:20 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x228, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d0d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3055.215419][T20265] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000170012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d1d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3055.275342][T20270] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3055.307152][T20278] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:11:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001c0012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3055.316802][T20278] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. 13:11:20 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d2d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3055.346129][T20280] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3055.407973][T20287] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:20 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3056.934905][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 3056.940934][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3059.014391][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 3059.020454][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3061.094220][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:11:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2500000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:11:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000540012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d3d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x300, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3065.123603][T20308] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3065.135304][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 3065.146930][T20299] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d4d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000640012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3065.204649][T20304] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:11:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000003e00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000680012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3065.264772][T20320] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3065.275111][T20323] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:30 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x364, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d5d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3065.354377][T20323] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3065.363726][T20328] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3065.434684][T20333] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3067.173816][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 3067.179839][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3069.253610][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 3069.259643][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3071.333418][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:11:40 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3f00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:11:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000005c0212800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:40 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d6d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3a6, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:11:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000e40312800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d7d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3075.355006][T20342] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3075.359517][T20347] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3075.365299][T20349] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3075.375352][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:11:40 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000280612800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d8d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3075.523797][T20353] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3075.533417][T20358] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:11:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3b6, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3075.683825][T20367] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3075.693390][T20369] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3077.412952][T18401] Bluetooth: hci0: command 0x1003 tx timeout [ 3077.419023][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3079.492792][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3079.498833][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3081.572604][T18401] Bluetooth: hci0: command 0x1009 tx timeout 13:11:50 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4000000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:11:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000fc0712800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000004c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765d9d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:50 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3c6, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3085.594945][T20388] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3085.601736][T20391] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3085.614008][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:11:50 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765dad90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000400a12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3085.708556][T20385] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:11:51 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765dbd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:51 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006800140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:11:51 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3da, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:11:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140009800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3085.773454][T20404] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3085.782879][T20406] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3085.825322][T20410] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3087.652143][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3087.658447][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3089.732008][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 3089.738096][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3091.811847][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:12:01 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4800000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:12:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000a800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765dcd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000006c00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3e2, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3095.841595][T20438] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3095.852107][T14284] Bluetooth: hci0: Frame reassembly failed (-84) [ 3095.861969][T20432] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:12:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007400140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000b800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ddd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3095.912192][T20434] netlink: 'syz-executor.3': attribute type 10 has an invalid length. 13:12:01 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ded90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000c800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000007a00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3095.972356][T20452] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3096.012217][T20456] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3097.891361][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 3097.897392][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3099.971193][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 3099.977228][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3102.051034][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:12:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4c00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:12:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765dfd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000d800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3f4, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000008500140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:12:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000e800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3106.063750][T20464] netlink: 'syz-executor.3': attribute type 13 has an invalid length. [ 3106.084550][T20474] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3106.099730][T15879] Bluetooth: hci0: Frame reassembly failed (-84) [ 3106.141550][T20478] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:12:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000f800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e0d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140212800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000a000140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:11 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x500, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3106.311435][T20487] netlink: 'syz-executor.3': attribute type 15 has an invalid length. [ 3106.319801][T20489] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3106.381769][T20491] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3108.130554][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 3108.136577][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3110.210470][T16262] Bluetooth: hci0: command 0x1001 tx timeout [ 3110.216496][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3112.290232][T16262] Bluetooth: hci0: command 0x1009 tx timeout 13:12:21 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6000000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:12:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e1d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140312800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000ba00140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x600, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}], 0x2) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:12:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140412800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3116.306595][T20505] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3116.320719][T20513] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3116.332156][T20519] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3116.344517][T15879] Bluetooth: hci0: Frame reassembly failed (-84) 13:12:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e2d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140512800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000f200140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3116.440635][T20522] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3116.510673][T20537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:12:21 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e3d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x700, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3116.560599][T20542] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3116.630949][T20547] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3118.369755][T16262] Bluetooth: hci0: command 0x1003 tx timeout [ 3118.375783][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3120.449609][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 3120.455647][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3122.529435][ T5] Bluetooth: hci0: command 0x1009 tx timeout 13:12:31 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6800000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:12:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140612800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000003140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e4d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:31 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x900, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}], 0x2) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:12:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140712800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3126.549415][T20557] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3126.557795][T20567] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3126.572456][T17298] Bluetooth: hci0: Frame reassembly failed (-84) [ 3126.600396][T20565] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:12:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140812800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e5d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3126.686363][T20573] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:12:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000c03140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140912800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e6d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3126.749965][T20579] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3126.772347][T20580] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3126.849911][T20585] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3126.863168][T20588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3128.608931][T15262] Bluetooth: hci0: command 0x1003 tx timeout [ 3128.615000][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3130.688792][T15262] Bluetooth: hci0: command 0x1001 tx timeout [ 3130.694816][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3132.768792][T15262] Bluetooth: hci0: command 0x1009 tx timeout 13:12:42 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x6c00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:12:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xa00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140a12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e7d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000005603140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db27b4ee9c13475210defa4dac9d784e0c89135b82b321f8e43d7a5db9ab1bfd319f472a", 0x8c}], 0x2) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:12:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140b12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3136.799360][T20604] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3136.810476][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3136.819323][T20600] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:12:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000009603140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140c12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e8d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3136.907466][T20603] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3136.917139][T20609] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:12:42 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xb00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140d12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3137.049139][T20615] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3137.058812][T20620] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3137.119177][T20624] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3138.848121][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 3138.854174][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3140.927972][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3140.934001][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3143.007808][T18401] Bluetooth: hci0: command 0x1009 tx timeout 13:12:52 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7400000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:12:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765e9d90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000b403140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140e12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:52 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xc00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:12:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {0x0}], 0x2) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3147.029501][T20637] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3147.037135][T20642] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 13:12:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ead90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000141012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3147.079089][T20645] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:12:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000141112800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ebd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:12:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000c003140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3147.157980][T20651] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3147.167586][T20652] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:12:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000141212800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3147.219139][T20657] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3147.228637][T20658] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3147.303506][T20663] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3149.087385][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3149.093468][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3151.167166][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 3151.173292][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3153.247013][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:13:02 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7a00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:13:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765ecd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xd00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000142512800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000c203140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {0x0}], 0x2) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3157.273499][T20679] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3157.285696][T17298] Bluetooth: hci0: Frame reassembly failed (-84) 13:13:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000142f12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3157.317482][T20677] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3157.327128][T20681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:13:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b000100627269646765edd90100028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000da03140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000143a12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3157.397576][T20691] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:13:02 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676500000200028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000143c12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3157.457455][T20696] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3157.466858][T20702] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3157.557285][T20705] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3157.617336][T20707] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3159.326519][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 3159.332561][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3161.406370][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 3161.412398][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3163.486206][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:13:12 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x8000000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:13:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000e203140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:12 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0xe00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000143e12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:12 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676500000300028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {0x0}], 0x2) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:13:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000144812800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3167.513619][T20726] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3167.536636][T20719] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3167.546341][T20722] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. 13:13:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000144a12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3167.686743][T20732] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:13:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000005140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000144c12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3167.736782][T20737] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:13:13 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x1100, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000146812800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3167.827110][T20741] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3167.857688][T20744] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3169.565707][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 3169.571761][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3171.645533][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 3171.651599][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3173.725384][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:13:22 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x97ffffff00000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:13:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000006140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000146c12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:22 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676502000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:22 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x1200, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {0x0}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:13:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000147412800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676503000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3177.748584][T20768] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3177.757865][T20771] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 13:13:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000147a12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:23 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676504000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3177.875635][T20783] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:13:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000007140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014a012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3177.935925][T20793] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3178.006245][T20799] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3179.804898][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3179.810922][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3181.884747][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 3181.890790][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3183.964582][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:13:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xfdfdffff00000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:13:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676505000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x1f00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014ba12800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000009140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {0x0}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3187.993348][T20818] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 13:13:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140013800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676506000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3188.134815][T20813] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:13:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000a140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140014800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676507000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2000, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3188.214792][T20828] netlink: 'syz-executor.3': attribute type 19 has an invalid length. [ 3190.044306][T18059] Bluetooth: hci0: command 0x1003 tx timeout [ 3190.050344][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3192.124110][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 3192.130144][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3194.204105][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:13:43 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xfdffffff00000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:13:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676508000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140017800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000b140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2500, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {0x0}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:13:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140018800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3198.233926][T20860] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3198.243381][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:13:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014001a800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676509000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014001c800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467650a000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3198.378865][T20874] netlink: 'syz-executor.3': attribute type 28 has an invalid length. [ 3200.283289][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3200.289322][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3202.363107][T18059] Bluetooth: hci0: command 0x1001 tx timeout [ 3202.369134][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3204.442990][T18059] Bluetooth: hci0: command 0x1009 tx timeout 13:13:53 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xffff1f0000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:13:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140033800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467650b000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000030c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2802, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:13:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:13:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140040800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3208.462419][T20891] netlink: 'syz-executor.3': attribute type 51 has an invalid length. [ 3208.473355][T20897] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 13:13:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467650c000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140064800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467650d000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="45180000000000001407b2800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:13:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000d140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3208.668434][T20917] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3210.522482][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3210.528516][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3212.602295][T15793] Bluetooth: hci0: command 0x1001 tx timeout [ 3212.608324][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3214.682149][T15793] Bluetooth: hci0: command 0x1009 tx timeout 13:14:03 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xffffff7f00000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:14:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000147fff800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:03 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467650e000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2b5f, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:14:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000e140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:14:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467650f000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140009800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3218.709008][T20938] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3218.720461][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3218.733081][T20937] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. 13:14:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000a800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676510000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:04 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676511000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3218.838838][T20953] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 3220.761658][T18401] Bluetooth: hci0: command 0x1003 tx timeout [ 3220.767694][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3222.841506][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3222.847539][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3224.921360][T18401] Bluetooth: hci0: command 0x1009 tx timeout 13:14:14 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0xffffffff00000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:14:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676512000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000b800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x2f00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:14:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000011140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:14:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000c800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676525000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3228.965543][T20986] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3228.974986][T20847] Bluetooth: hci0: Frame reassembly failed (-84) 13:14:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000d800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467652f000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000e800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000012140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3229.201775][T21000] netlink: 'syz-executor.3': attribute type 13 has an invalid length. [ 3231.000870][T18401] Bluetooth: hci0: command 0x1003 tx timeout [ 3231.006964][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3233.080714][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3233.086779][T11944] Bluetooth: hci0: sending frame failed (-49) [ 3235.160524][T18401] Bluetooth: hci0: command 0x1009 tx timeout 13:14:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3900, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:14:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676538000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014000f800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000001f140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991ae", 0x46}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:14:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x80000, &(0x7f0000001040)="b33e22fb3be019d13359881c5d2effed12fb8ae29584b8ad36abf6822378a9a335e5da3e276eb0fcc38c6f27b0a079954722", &(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140)="1752e507c41e33231df60f6598c66c5b72052b22ade4e72532a6f6e76c41477d4eae40306084f2ae54") exit_group(0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$int_in(r1, 0x5452, &(0x7f0000000080)=0xffffffffffffffe0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0xffffffffffffffe0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) close(r3) openat$ptmx(0xffffffffffffff9c, &(0x7f0000001180), 0x1, 0x0) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) r4 = syz_open_procfs(0x0, 0x0) ioctl$KDADDIO(r4, 0x400455c8, 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) write$UHID_INPUT(r5, &(0x7f0000000000)={0xa, {"f1f353f0c833097c27a892e9d357cff5f8dbe89627fac0c7baa3d2367d656bce7be2201f63551726fae46c98bb9d1015f4f6c630ca5fe559381741086cf09a276956cdc7e94dadd91d4fe3b0870e56a7d380b72f9b395da9527a975ed11798f36566468a95b4b5bee90b1dc6b83f9488e226e57be4eb015b2d2c87b4a9488e1f205eab5b424225cb6cb4a89a4f644fa5a17a96b6f1b989cee896f36037d03e5533f69dfd83cda70ce02910faf8777c0a2b88df10f0385e1bc828ff019eb5a450b1e05c738079972dfc58810132a59804b823355107214232b12efc8b93d69b777eb1e6db53d9f00a72d4634edf1a514fe9840f22c9af52a3273844507f4614bf298a072f1b0292c5461596f7daaab6e60ce35b40d84f5abf83b710420cfb9332c80c9205bace3d3f81bfeec61ae2537dbb854da4131e11a12f2939c46c119fcb9695c453380c41f08b77f4e3f56f4ceb9f12d12ff852642075ad082dbc7b6e0c4201b7f5b35846e7baf3ea591daa5e175b45f2fc93dfba95837f20dd701f829811f82ef2f71447df0390048fdded6e05838edb9fad4158751321d6452a67b6f11e87aaee34a5082fe86d2fe67b5ab0ba8b9a1023316dee0db52aac7c5eaeca00fcb7df6d82b1ee05e5f17729546e25fa6882f167137c761bf4179669859e027874d20c7584d4d4db23cebc32344ea2d4305215f0e13fa3cda44c00f200f1a95bf51288722b8ee15349fd12345f70f8502f54fb659da95677679697f30ebe4b1e0ff19b9873d6de900a89f11835afe90c42df20b80dd1cb1764482d3c2bc5151abb6c6027673f3d0e6f09a6704c6754ed50886f8726329b331a40955cacc11c3ddef202996302ce8cc90896dc848c7066e82a98def0741f008a8d2a68be8979daf97c645552aa06b57aef18db7a8135768fd829f852dc6e7ff64599717f7715d75c5056c4ec5b1b75c5f6d25d53810f8a72d5b79a21ef4e5aa97fcc00fd134e1520d225a6d8e72cd819d3f064bcf336ac26e133c359830d1b326ca62071e38d465913de34a93947e3d09db2e5ced544a3f30b89fd2e0ea3bc71172ff30273a3d5cbcd4f98bd884b83f7b447f9697cfcd4e4d52379aa8aaaa97b48feb0ea03c1a9318cc87bde35d753cfe997ca98a7c203424443a3b9b6098fbf061584eed12668be29bb7491fedb3debc8970c577c14ff9ecb8e2ad6b9e36447b35925b761267e7858b78a89b9f8e248b138700763a729213a32dae8bdc25243d94aa3d717be39737a3053ad2eb4a0c07953444a1206355f46207774634c35deb3b484ec1a4ccc0b532b620593ccfaf6ea298fe0cb62b4e92d80cd248fd9c18d518c29cb6af367d7094e93d9e9ab5c2aa95a12ceb885927cb05739b060843e8b47a454d42ad8a06211ac37fc830edfe811d434b38b7602af5a05a6e2dc4c85c6622b9df9bda2363e8b2aa0fdaa4eb32d2f70dcf08106ac9601ada331a6a7337df98cc342a52a998f8f9bf372531f10fd292c22f3dcf85551cc6a66531c699a1f37d64eb9c7788e912c5e7b3949d291a557bad3199db335cc7f8aecbb97fe00d80a12273dbab8b70c2c6159e8b8f7ffffffd273bd5534e0306078e0a4472f5282b71abdd2a6b1c74dccdc34f28053c024011994323d24784518e9edb57f09602cc1a1c06d88b7b171bb3f852401eb41089c547bdb5195a0c7e73a8c47d650fd0941a7ecc6e351e5dd4499baa9a81b4a28757b2408bbdf1267629778fc977224362326bf6820628b47f6a070152be1b9b41b20ce4d26064720585746a87bfb24b744612af89fe691777451d804355d5b103838e2381aadf191e70bf6a0fabe9cc84e029582c9683384afd49e08ed99dee0a3dabf879c2938b4c2fc4213e337ac56563d0a579c153f3821691d4b21f2ae3e1343604ce8d61b4b02438e6e3bbc766671250a6cd626ffb9c333d2e52414fad4bcdf36a0e84463618875600ad3bc5859e2e29bef9b8b0c3400490fab3deef256c4fb5d608c5cba570cd2f2b8e1517928e22bd508c43cffb630e080fa0cfb1d5fcb8d2fea44419a15b96f99aadb6212bf80f50b05650b8d82109973fd4e39f8272a7bdac7afa01338201ee45d80c0da849cf0ab77b5ea93b327dbebbc46aa795a966a4737dc84afc126aa54f501462e86c06f4b3052bad341174380d689475ee1790ff162239b427567ddf7ebac9c62034d2b8285fbe07be4e04c57e8462361d04e075be4e3dce985ff8c2c252685f8afe95f3d8b4961faf8c621c31fbd2a8af095ce9fc49a3ec84cf998a7b81069b03c1eef1f14a676a34039bcefeaa6d64d168b7282bc00676765788d5891f4617f22dbcb81d4f2fd7be7b42ae3b9818505d577e7f0dcd89f669d2c15d70e292c13b525d81beee6b6870c3c8a72f7d1e3b64472bbf9087f411d9b18f80cd42872f2caeaa3fc4ec777135752418b136892f4b2603a463bedfbf13dba2ca1bcaf41e74e807877eedf15551164b041e4dc9d3022e99c2e2fac9d15906ac6a7d63bfb57d8cfee8df66a00abce56e1424ecbda3b4a9dc5f381bb7ba38b57268750a0808d39c5cbf5cea7bc55ec1e8328206028c16abf2c3eeae79359777c53718d0c6ce3c9f1b093a3db834cfeb1e146e140465345d6f0a75de4a1a8a374c2467a641f5583907c5f1639eb16cc8156f4b7e1484be957cbe1b1fcb26d443bf759b738a86ccfdff4a6076cd5056f52126b3935cf2107be04033696ef408fcbebd73a10bf8f5d728d2729fd41bcb1bf1ec315216c8c5f9dfbf366f12945f648f901d968f6ee231b98bab2ccb31303c02cf32e065dd73cd81e2b0e99e5f64b2de44eeb477a3b370b9c7aa81ef780aa9f48dadd32cefab2070df2b52a6ac7077338e7269ce5608d1d109d66e307a2c82b411c1089a3afd99a56aab8f301cfc0e541afa853769154efa1d9901fae7b1b5a54e865de2eefc5a0b26dde5eacbc51d43920a9c0f212c27e16be26cccb2477b31aa5756054c985d84200f710cca0b091849890c4e87428217e2cbc211e1bd701cf9381de83b17b617daa7941a054534c9915d951dc9278974d9092e09fdb9978bad73ad989e3565b05fc7f3791be2d7e0b67fb904d9890e71152c168c58eb54a66d7d37fd2a9aa4ebd109adc946a7eb337e3a7afb50c7a959e55bb1933188c9019bee743102a845d3503f95b53248c480fc81b6afc21a5cc3fc81f19a2d438b152b648239460c420f5cb198582be439865acfb4e7e4ce5f4e12e1b267d293609a93a0c79949315e5195f511bc231ec9735cc5c94c473467cf6e341718392a9cd7a4dcff06369dbcc5f54be4345d70563aec33a4aec74bdd64fd86d902752e9dc65fd07c77b508309336cca5574542e234346dba7ddfa2e4a8c12806418b378a5b40dc19fa910c69a8850854007677f01d299a2c916be0cc554c3386febf013a10120ed0bbe636a6b6adeb40c30540ce7426078d7117354fc0e5974ee40345cc8f70970b4ba1e40a18b288bac7e920f0c3e1ec91ccabc01762f6e0d4c49d8a5760cee1c501b85ec6e3ca5c1911fa26b9ffb52f3b66417e889616b99e89be2ef781f49d8dafa599433f369c561d55494577468d8b5b0f3fdc0135cbd43ca79063d9a3e15f23ca1677eaf94fbcf3a81ea62fc8bca1422274644ec77368ef3e05cfa311ac3a8c1a8c132c3701f797c1f0d51ec72ce7a8fab44b9ff2e4e714b52caba8d198a42bd255be3723439faad37f050c06c9fcff2bd6d9393d61ba3efcafee71645159b8c1faad79d02a4d453b98d09c46288dcfafdf82c79b6404be1b9d45d5f7f56f39d50deb58647d5faee01ae3a6dcd4465bfd908e0cbbfa73ae5725503f70f022868950ce5c0f6cd9c10bf6019e9162447b58ab2c27f0eda060efc3c894ddf731d6964d1dac70c0085e397683757abcab5c9d55d2747c58817ec259eead68c112135707ee419ae042ad0a2947e84b4ae748b1f85a585b4d18bef8a9efa2e48e7aa5f5b42bbd1ae3851ad482c3d2042eecbffb63705d36aae2ee7c7110421e4cedb3ea6857b47e5d289b280286bc34c85bfc9677501fae389c14eb4d15f08359562da54cb3a8518b3d1308eeb2f678967098ea21a3d128e5bb623e3409a8acce6346208a386f3e4f2ddd4dc6234b373d9da0fd39ca0badf742767fc8708569352eb46d5ca588037fa8522e61c83209ac943685b262d8ef3d7fd4dd7dd14377494c0b542e23c4c95151c8e1395984ad2b6df2397e098f8415be65088651426abb5cd587c253a13054ee16e8dfd0f23f0a889db7529269e807cec75f7386a5844b789183341c705fcd2b96cf80ce14a4f6422948a6c8d3d8e9d455e2d6b8b87f4696993cbc010ce10614f1dff96dc18f865b26660d27229defa822953bf392c3d920a50eb2473aa94fbced152660d57159b33f2272fe6e7e1ce6e6ba1f948b59c277f185d9a686ac0445e15e20b46c8e0ea4656d715df96425b7d4b36cb856e7c7ba3aaf620c9d10d5d96370e463d2555e0085ba94d8ffd2973e6be31d7934e771b9b82d0066011da58f147744e747a240de1978a8eca86cfa845d8eca0aa9cabdc8668c43f9862c7ee85353d289d81d744877e22d67613673905e78cfaacde5f6e43ffcd6e7d9b9d15aea0dd922977ae87b0cb51a89ef15350309b43eb5c8e79e446d9ba2bb06d74fa6aed2431a5379da9776221130c87ac36b72bc1fc03f14c78cdb8a16f2d840b2bad04bf4655a2ab3c1ef4458e401fa817704b5a88e4bb8b15cf16383b9a7e2a64de19928b16e5f7f25be0ad126c3833ace7f36f3c3d9a6836d1a4710b4995ec0c9f10001f7dfc6410b29e9d031f1d3b4b34e9b4dc3a8fb08b49a29892e68dce9309c67874ecc75d477b59e2fbf4347f3c445e49126822f4301eaee1259475cfb22566e69d9ae0d436e402f8d100439a9ca6a518d457a91087e83663c413e339a0d8d4c31c083303b46b2982015227bd7e126976d7b26a670ba78f21a8c95b05450ee149c0ae1fb7397d179c6e295d0fc57dab28e5e9bdc99acd8596a928d6ebd97316b8c60cf657bc4ca1ffe8b9a445724842cb38681acc5d5eba455d5fa19cc8c5cac15a46d6a72c9b64983a686edff27b3669d46c005879949b1980a1456e8a85fe4969acd56415f144405ed99afb16d9d652fce35b9c800b8e217517690bed18e00051868dfe8acb5b10ff49d733316bcc7b8ba77265cda37e5faed1307f8a69338090f532f463f1a9740bbcc58851bc5c85b1a129596898667e55a6882f4d0d97c456697dbe282345dec80d76443e1ec7602f523607534f429d603bc087f9b189b15e9c389456ddc04b425a553fb7ec0fa0488b85afa75f624a4cd25f8454b620b0b4fd084a6f6750dcb0a6f3ceeb033fb9dd0f253a53bc4e1dfc7f03b5000cf1fa9c5f0ecbab3257146030f77f30b160b76262b8d3de2510e0984b8192caa7856a69b93f5f53db8190bb70c7daa2b052c56d38a644eb2c69d316d505848d9258c8934b1b870844e543b771f4969e25c8e9a5f825b9aaeeac6ff1cc4e956504fd07f834800413e22da22dfdc4a0c218dadd0442d305cb436dca3d835402e0362b12d02e52ae84c2e80c9fcd7a47efd6c4bc654c8148c47a2ae50f89e729676b4ee79c96991cb4484679eb8eda3517407dd402f0d1b48fcc9551275df982e34e1ee7dd2bb646b9f2ed45bc7e770cbce36566eced4dc3ddf8665232d029e9487d64848c10e8cd2b01415d3e80519cc9b2ff3218d6f239691e4800", 0x1000}}, 0x1006) mmap(&(0x7f0000ff0000/0xf000)=nil, 0xf000, 0x2000000, 0x13, r5, 0x9ba83000) 13:14:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467653a000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) clone(0x24080, &(0x7f0000000100)="36c3716550916bb2b80bfba047cf20b348337d9b6749c141a4f58dedbbe8fb04afc6d1457b4d3929117eac7152bc948bf7a37beebb33b94dc045d17d8218d977bb8dbec13ce955c59363dce21386e9b7e70c3e8bf1c4078092731a481eca4fea83e4de900dfb07b9b9f3bc940308c610754551bc8f6acc2421995097c00fdf2a817730052b861cf617e0fe2cdc6bdc2d75719a01a2029e9ed11611b072ac1e509ece152437cc30ec5dab7ba450778102d886a77bf671deb63f4be3b1", &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)="79a2fc47ab5741db290b85ac584eeca2e0094a497f025c86781957d9ced53b788f8c76d9dc6ad3f12214e03ba43426d59a764f583bc32c0f0139524009e159eca4b47ae9e6e314f33b9db47bdd810c9229654d395d54bdebbedb54178dcdbf5cb30a6720b147cf5c06aa7c21333ee39634ff9b0f2352439643303b7a69930bd8c605bb4478a517b589e719a82a9f441c10057e24fe0aed44a4f80d9bdce2a46ab23f9bb912d9137eba2be71ee74d1425f2216cff399f77148366cf477449c83b8d7a") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:14:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140010800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3239.217261][T21038] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3239.226853][T20847] Bluetooth: hci0: Frame reassembly failed (-84) [ 3239.241344][T21027] netlink: 'syz-executor.3': attribute type 15 has an invalid length. 13:14:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCNXCL(r0, 0x540d) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 3239.267906][T20847] Bluetooth: hci1: Frame reassembly failed (-84) [ 3239.291575][ T87] Bluetooth: hci2: sending frame failed (-49) 13:14:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676548000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140013800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3239.321102][T21053] netlink: 'syz-executor.3': attribute type 16 has an invalid length. [ 3239.352513][T21071] netlink: 'syz-executor.3': attribute type 19 has an invalid length. 13:14:24 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3a00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:14:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000020140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467654a000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140014800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991ae", 0x46}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:14:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467654c000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140017800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000002c22140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:25 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3c00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) [ 3241.240048][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3241.246300][ T87] Bluetooth: hci0: sending frame failed (-49) [ 3241.320027][T15793] Bluetooth: hci2: command 0x1003 tx timeout [ 3241.326121][ T87] Bluetooth: hci2: sending frame failed (-49) [ 3241.332744][T15793] Bluetooth: hci1: command 0x1003 tx timeout [ 3241.338781][ T87] Bluetooth: hci1: sending frame failed (-49) [ 3243.319889][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3243.325930][ T87] Bluetooth: hci0: sending frame failed (-49) [ 3243.399878][T18401] Bluetooth: hci1: command 0x1001 tx timeout [ 3243.405902][ T87] Bluetooth: hci1: sending frame failed (-49) [ 3243.412492][T18401] Bluetooth: hci2: command 0x1001 tx timeout [ 3243.418495][ T87] Bluetooth: hci2: sending frame failed (-49) [ 3245.399716][T18401] Bluetooth: hci0: command 0x1009 tx timeout [ 3245.479690][T18401] Bluetooth: hci2: command 0x1009 tx timeout [ 3245.485687][T18401] Bluetooth: hci1: command 0x1009 tx timeout [ 3249.399555][T21054] BUG: scheduling while atomic: syz-executor.2/21054/0x00000002 [ 3249.407204][T21054] Modules linked in: [ 3249.411120][T21054] Preemption disabled at: [ 3249.411130][T21054] [<0000000000000000>] 0x0 [ 3249.419884][T21054] CPU: 0 PID: 21054 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 3249.431476][T21054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3249.441507][T21054] Call Trace: [ 3249.444771][T21054] dump_stack+0x1d8/0x24e [ 3249.449066][T21054] ? devkmsg_release+0x11c/0x11c [ 3249.453969][T21054] ? show_regs_print_info+0x12/0x12 [ 3249.459133][T21054] ? __kasan_slab_free+0x20c/0x240 [ 3249.464209][T21054] ? __kasan_slab_free+0x18a/0x240 [ 3249.469325][T21054] ? slab_free_freelist_hook+0x7b/0x150 [ 3249.474837][T21054] ? kmem_cache_free+0xb8/0x5f0 [ 3249.479656][T21054] __schedule_bug+0x1af/0x240 [ 3249.484299][T21054] ? __migrate_task+0x160/0x160 [ 3249.489112][T21054] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 3249.494535][T21054] ? _raw_spin_lock+0x1b0/0x1b0 [ 3249.499360][T21054] __schedule+0xa42/0x1170 [ 3249.503744][T21054] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 3249.509516][T21054] ? is_mmconf_reserved+0x420/0x420 [ 3249.514680][T21054] ? check_preemption_disabled+0x9e/0x330 [ 3249.520367][T21054] ? debug_smp_processor_id+0x20/0x20 [ 3249.525705][T21054] schedule+0x13b/0x1d0 [ 3249.529827][T21054] lock_sock_nested+0x1ed/0x310 [ 3249.534660][T21054] ? slab_free_freelist_hook+0x7b/0x150 [ 3249.540172][T21054] ? sock_def_destruct+0x10/0x10 [ 3249.545077][T21054] ? init_wait_entry+0xd0/0xd0 [ 3249.549809][T21054] ? hci_send_to_sock+0x709/0x720 [ 3249.554835][T21054] ? hci_sock_dev_event+0x274/0x570 [ 3249.560031][T21054] hci_sock_dev_event+0x2da/0x570 [ 3249.565023][T21054] hci_unregister_dev+0x2a5/0x13f0 [ 3249.570103][T21054] ? rcu_sync_exit+0xc6/0x1a0 [ 3249.574746][T21054] hci_uart_tty_close+0x1a2/0x220 [ 3249.579735][T21054] ? hci_uart_tty_open+0x2d0/0x2d0 [ 3249.584811][T21054] tty_ldisc_release+0x272/0x600 [ 3249.589715][T21054] tty_release_struct+0x27/0xd0 [ 3249.594534][T21054] tty_release+0xdd7/0x10a0 [ 3249.599005][T21054] ? tty_release_struct+0xd0/0xd0 [ 3249.603996][T21054] __fput+0x27d/0x6c0 [ 3249.607945][T21054] task_work_run+0x186/0x1b0 [ 3249.612503][T21054] prepare_exit_to_usermode+0x2b0/0x310 [ 3249.618015][T21054] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3249.623881][T21054] RIP: 0033:0x7f0413ff254b [ 3249.628267][T21054] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 3249.647836][T21054] RSP: 002b:00007ffd17561510 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 3249.656213][T21054] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f0413ff254b [ 3249.664152][T21054] RDX: 00007f0414148418 RSI: ffffffff81005ccd RDI: 0000000000000003 [ 3249.672089][T21054] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b32122728 [ 3249.680024][T21054] R10: 0000000000001bc3 R11: 0000000000000293 R12: 0000000000316fea [ 3249.687966][T21054] R13: 00000000000003e8 R14: 00007f0414143f80 R15: 0000000000316fe5 [ 3249.695920][T21054] ? prepare_exit_to_usermode+0xfd/0x310 [ 3249.702043][T21054] ------------[ cut here ]------------ [ 3249.707505][T21054] DEBUG_LOCKS_WARN_ON(val > preempt_count()) [ 3249.707545][T21054] WARNING: CPU: 0 PID: 21054 at kernel/sched/core.c:4019 preempt_count_sub+0x9c/0x160 [ 3249.722996][T21054] Modules linked in: [ 3249.726863][T21054] CPU: 0 PID: 21054 Comm: syz-executor.2 Tainted: G W 5.4.125-syzkaller-00007-g4109c89bbb12 #0 [ 3249.738445][T21054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3249.748472][T21054] RIP: 0010:preempt_count_sub+0x9c/0x160 [ 3249.754074][T21054] Code: 42 8a 04 30 84 c0 0f 85 89 00 00 00 83 3d df af 00 05 00 75 d3 48 c7 c7 80 cb aa 84 48 c7 c6 20 cc aa 84 31 c0 e8 54 33 f6 ff <0f> 0b eb ba e8 0b 04 df 00 85 c0 74 b1 48 c7 c0 d4 46 47 86 48 c1 [ 3249.773644][T21054] RSP: 0018:ffff88816cc67c48 EFLAGS: 00010246 [ 3249.779674][T21054] RAX: f5f6eadc494a6a00 RBX: 0000000000000001 RCX: ffff888170ed8fc0 [ 3249.787615][T21054] RDX: 0000000000000000 RSI: 0000000000009ac3 RDI: 0000000000000001 [ 3249.795594][T21054] RBP: 0000000000000001 R08: ffffffff814e8e0f R09: fffffbfff0dcd2da [ 3249.803537][T21054] R10: fffffbfff0dcd2da R11: 0000000000000000 R12: ffff888184b07400 [ 3249.811486][T21054] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff888190268000 [ 3249.819435][T21054] FS: 0000555557257400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 3249.828330][T21054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3249.834877][T21054] CR2: 00005555572573bc CR3: 00000001811a7000 CR4: 00000000001406f0 [ 3249.842817][T21054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3249.850756][T21054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3249.858695][T21054] Call Trace: [ 3249.861955][T21054] _raw_read_unlock+0x21/0x40 [ 3249.866599][T21054] hci_unregister_dev+0x2a5/0x13f0 [ 3249.871679][T21054] ? rcu_sync_exit+0xc6/0x1a0 [ 3249.876322][T21054] hci_uart_tty_close+0x1a2/0x220 [ 3249.881314][T21054] ? hci_uart_tty_open+0x2d0/0x2d0 [ 3249.886394][T21054] tty_ldisc_release+0x272/0x600 [ 3249.891298][T21054] tty_release_struct+0x27/0xd0 [ 3249.896113][T21054] tty_release+0xdd7/0x10a0 [ 3249.900591][T21054] ? tty_release_struct+0xd0/0xd0 [ 3249.905581][T21054] __fput+0x27d/0x6c0 [ 3249.909531][T21054] task_work_run+0x186/0x1b0 [ 3249.914090][T21054] prepare_exit_to_usermode+0x2b0/0x310 [ 3249.919604][T21054] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3249.925466][T21054] RIP: 0033:0x7f0413ff254b [ 3249.929851][T21054] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 3249.949419][T21054] RSP: 002b:00007ffd17561510 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 3249.957799][T21054] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f0413ff254b [ 3249.965739][T21054] RDX: 00007f0414148418 RSI: ffffffff81005ccd RDI: 0000000000000003 [ 3249.973681][T21054] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b32122728 [ 3249.981626][T21054] R10: 0000000000001bc3 R11: 0000000000000293 R12: 0000000000316fea [ 3249.989564][T21054] R13: 00000000000003e8 R14: 00007f0414143f80 R15: 0000000000316fe5 13:14:35 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:14:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676550000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140018800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000025140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x3f00, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:14:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991ae", 0x46}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) 13:14:35 executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) write$UHID_INPUT(r0, &(0x7f0000000000)={0xa, {"f1f353f0c833097c27a892e9d357cff5f8dbe89627fac0c7baa3d2367d656bce7be2201f63551726fae46c98bb9d1015f4f6c630ca5fe559381741086cf09a276956cdc7e94dadd91d4fe3b0870e56a7d380b72f9b395da9527a975ed11798f36566468a95b4b5bee90b1dc6b83f9488e226e57be4eb015b2d2c87b4a9488e1f205eab5b424225cb6cb4a89a4f644fa5a17a96b6f1b989cee896f36037d03e5533f69dfd83cda70ce02910faf8777c0a2b88df10f0385e1bc828ff019eb5a450b1e05c738079972dfc58810132a59804b823355107214232b12efc8b93d69b777eb1e6db53d9f00a72d4634edf1a514fe9840f22c9af52a3273844507f4614bf298a072f1b0292c5461596f7daaab6e60ce35b40d84f5abf83b710420cfb9332c80c9205bace3d3f81bfeec61ae2537dbb854da4131e11a12f2939c46c119fcb9695c453380c41f08b77f4e3f56f4ceb9f12d12ff852642075ad082dbc7b6e0c4201b7f5b35846e7baf3ea591daa5e175b45f2fc93dfba95837f20dd701f829811f82ef2f71447df0390048fdded6e05838edb9fad4158751321d6452a67b6f11e87aaee34a5082fe86d2fe67b5ab0ba8b9a1023316dee0db52aac7c5eaeca00fcb7df6d82b1ee05e5f17729546e25fa6882f167137c761bf4179669859e027874d20c7584d4d4db23cebc32344ea2d4305215f0e13fa3cda44c00f200f1a95bf51288722b8ee15349fd12345f70f8502f54fb659da95677679697f30ebe4b1e0ff19b9873d6de900a89f11835afe90c42df20b80dd1cb1764482d3c2bc5151abb6c6027673f3d0e6f09a6704c6754ed50886f8726329b331a40955cacc11c3ddef202996302ce8cc90896dc848c7066e82a98def0741f008a8d2a68be8979daf97c645552aa06b57aef18db7a8135768fd829f852dc6e7ff64599717f7715d75c5056c4ec5b1b75c5f6d25d53810f8a72d5b79a21ef4e5aa97fcc00fd134e1520d225a6d8e72cd819d3f064bcf336ac26e133c359830d1b326ca62071e38d465913de34a93947e3d09db2e5ced544a3f30b89fd2e0ea3bc71172ff30273a3d5cbcd4f98bd884b83f7b447f9697cfcd4e4d52379aa8aaaa97b48feb0ea03c1a9318cc87bde35d753cfe997ca98a7c203424443a3b9b6098fbf061584eed12668be29bb7491fedb3debc8970c577c14ff9ecb8e2ad6b9e36447b35925b761267e7858b78a89b9f8e248b138700763a729213a32dae8bdc25243d94aa3d717be39737a3053ad2eb4a0c07953444a1206355f46207774634c35deb3b484ec1a4ccc0b532b620593ccfaf6ea298fe0cb62b4e92d80cd248fd9c18d518c29cb6af367d7094e93d9e9ab5c2aa95a12ceb885927cb05739b060843e8b47a454d42ad8a06211ac37fc830edfe811d434b38b7602af5a05a6e2dc4c85c6622b9df9bda2363e8b2aa0fdaa4eb32d2f70dcf08106ac9601ada331a6a7337df98cc342a52a998f8f9bf372531f10fd292c22f3dcf85551cc6a66531c699a1f37d64eb9c7788e912c5e7b3949d291a557bad3199db335cc7f8aecbb97fe00d80a12273dbab8b70c2c6159e8b8f7ffffffd273bd5534e0306078e0a4472f5282b71abdd2a6b1c74dccdc34f28053c024011994323d24784518e9edb57f09602cc1a1c06d88b7b171bb3f852401eb41089c547bdb5195a0c7e73a8c47d650fd0941a7ecc6e351e5dd4499baa9a81b4a28757b2408bbdf1267629778fc977224362326bf6820628b47f6a070152be1b9b41b20ce4d26064720585746a87bfb24b744612af89fe691777451d804355d5b103838e2381aadf191e70bf6a0fabe9cc84e029582c9683384afd49e08ed99dee0a3dabf879c2938b4c2fc4213e337ac56563d0a579c153f3821691d4b21f2ae3e1343604ce8d61b4b02438e6e3bbc766671250a6cd626ffb9c333d2e52414fad4bcdf36a0e84463618875600ad3bc5859e2e29bef9b8b0c3400490fab3deef256c4fb5d608c5cba570cd2f2b8e1517928e22bd508c43cffb630e080fa0cfb1d5fcb8d2fea44419a15b96f99aadb6212bf80f50b05650b8d82109973fd4e39f8272a7bdac7afa01338201ee45d80c0da849cf0ab77b5ea93b327dbebbc46aa795a966a4737dc84afc126aa54f501462e86c06f4b3052bad341174380d689475ee1790ff162239b427567ddf7ebac9c62034d2b8285fbe07be4e04c57e8462361d04e075be4e3dce985ff8c2c252685f8afe95f3d8b4961faf8c621c31fbd2a8af095ce9fc49a3ec84cf998a7b81069b03c1eef1f14a676a34039bcefeaa6d64d168b7282bc00676765788d5891f4617f22dbcb81d4f2fd7be7b42ae3b9818505d577e7f0dcd89f669d2c15d70e292c13b525d81beee6b6870c3c8a72f7d1e3b64472bbf9087f411d9b18f80cd42872f2caeaa3fc4ec777135752418b136892f4b2603a463bedfbf13dba2ca1bcaf41e74e807877eedf15551164b041e4dc9d3022e99c2e2fac9d15906ac6a7d63bfb57d8cfee8df66a00abce56e1424ecbda3b4a9dc5f381bb7ba38b57268750a0808d39c5cbf5cea7bc55ec1e8328206028c16abf2c3eeae79359777c53718d0c6ce3c9f1b093a3db834cfeb1e146e140465345d6f0a75de4a1a8a374c2467a641f5583907c5f1639eb16cc8156f4b7e1484be957cbe1b1fcb26d443bf759b738a86ccfdff4a6076cd5056f52126b3935cf2107be04033696ef408fcbebd73a10bf8f5d728d2729fd41bcb1bf1ec315216c8c5f9dfbf366f12945f648f901d968f6ee231b98bab2ccb31303c02cf32e065dd73cd81e2b0e99e5f64b2de44eeb477a3b370b9c7aa81ef780aa9f48dadd32cefab2070df2b52a6ac7077338e7269ce5608d1d109d66e307a2c82b411c1089a3afd99a56aab8f301cfc0e541afa853769154efa1d9901fae7b1b5a54e865de2eefc5a0b26dde5eacbc51d43920a9c0f212c27e16be26cccb2477b31aa5756054c985d84200f710cca0b091849890c4e87428217e2cbc211e1bd701cf9381de83b17b617daa7941a054534c9915d951dc9278974d9092e09fdb9978bad73ad989e3565b05fc7f3791be2d7e0b67fb904d9890e71152c168c58eb54a66d7d37fd2a9aa4ebd109adc946a7eb337e3a7afb50c7a959e55bb1933188c9019bee743102a845d3503f95b53248c480fc81b6afc21a5cc3fc81f19a2d438b152b648239460c420f5cb198582be439865acfb4e7e4ce5f4e12e1b267d293609a93a0c79949315e5195f511bc231ec9735cc5c94c473467cf6e341718392a9cd7a4dcff06369dbcc5f54be4345d70563aec33a4aec74bdd64fd86d902752e9dc65fd07c77b508309336cca5574542e234346dba7ddfa2e4a8c12806418b378a5b40dc19fa910c69a8850854007677f01d299a2c916be0cc554c3386febf013a10120ed0bbe636a6b6adeb40c30540ce7426078d7117354fc0e5974ee40345cc8f70970b4ba1e40a18b288bac7e920f0c3e1ec91ccabc01762f6e0d4c49d8a5760cee1c501b85ec6e3ca5c1911fa26b9ffb52f3b66417e889616b99e89be2ef781f49d8dafa599433f369c561d55494577468d8b5b0f3fdc0135cbd43ca79063d9a3e15f23ca1677eaf94fbcf3a81ea62fc8bca1422274644ec77368ef3e05cfa311ac3a8c1a8c132c3701f797c1f0d51ec72ce7a8fab44b9ff2e4e714b52caba8d198a42bd255be3723439faad37f050c06c9fcff2bd6d9393d61ba3efcafee71645159b8c1faad79d02a4d453b98d09c46288dcfafdf82c79b6404be1b9d45d5f7f56f39d50deb58647d5faee01ae3a6dcd4465bfd908e0cbbfa73ae5725503f70f022868950ce5c0f6cd9c10bf6019e9162447b58ab2c27f0eda060efc3c894ddf731d6964d1dac70c0085e397683757abcab5c9d55d2747c58817ec259eead68c112135707ee419ae042ad0a2947e84b4ae748b1f85a585b4d18bef8a9efa2e48e7aa5f5b42bbd1ae3851ad482c3d2042eecbffb63705d36aae2ee7c7110421e4cedb3ea6857b47e5d289b280286bc34c85bfc9677501fae389c14eb4d15f08359562da54cb3a8518b3d1308eeb2f678967098ea21a3d128e5bb623e3409a8acce6346208a386f3e4f2ddd4dc6234b373d9da0fd39ca0badf742767fc8708569352eb46d5ca588037fa8522e61c83209ac943685b262d8ef3d7fd4dd7dd14377494c0b542e23c4c95151c8e1395984ad2b6df2397e098f8415be65088651426abb5cd587c253a13054ee16e8dfd0f23f0a889db7529269e807cec75f7386a5844b789183341c705fcd2b96cf80ce14a4f6422948a6c8d3d8e9d455e2d6b8b87f4696993cbc010ce10614f1dff96dc18f865b26660d27229defa822953bf392c3d920a50eb2473aa94fbced152660d57159b33f2272fe6e7e1ce6e6ba1f948b59c277f185d9a686ac0445e15e20b46c8e0ea4656d715df96425b7d4b36cb856e7c7ba3aaf620c9d10d5d96370e463d2555e0085ba94d8ffd2973e6be31d7934e771b9b82d0066011da58f147744e747a240de1978a8eca86cfa845d8eca0aa9cabdc8668c43f9862c7ee85353d289d81d744877e22d67613673905e78cfaacde5f6e43ffcd6e7d9b9d15aea0dd922977ae87b0cb51a89ef15350309b43eb5c8e79e446d9ba2bb06d74fa6aed2431a5379da9776221130c87ac36b72bc1fc03f14c78cdb8a16f2d840b2bad04bf4655a2ab3c1ef4458e401fa817704b5a88e4bb8b15cf16383b9a7e2a64de19928b16e5f7f25be0ad126c3833ace7f36f3c3d9a6836d1a4710b4995ec0c9f10001f7dfc6410b29e9d031f1d3b4b34e9b4dc3a8fb08b49a29892e68dce9309c67874ecc75d477b59e2fbf4347f3c445e49126822f4301eaee1259475cfb22566e69d9ae0d436e402f8d100439a9ca6a518d457a91087e83663c413e339a0d8d4c31c083303b46b2982015227bd7e126976d7b26a670ba78f21a8c95b05450ee149c0ae1fb7397d179c6e295d0fc57dab28e5e9bdc99acd8596a928d6ebd97316b8c60cf657bc4ca1ffe8b9a445724842cb38681acc5d5eba455d5fa19cc8c5cac15a46d6a72c9b64983a686edff27b3669d46c005879949b1980a1456e8a85fe4969acd56415f144405ed99afb16d9d652fce35b9c800b8e217517690bed18e00051868dfe8acb5b10ff49d733316bcc7b8ba77265cda37e5faed1307f8a69338090f532f463f1a9740bbcc58851bc5c85b1a129596898667e55a6882f4d0d97c456697dbe282345dec80d76443e1ec7602f523607534f429d603bc087f9b189b15e9c389456ddc04b425a553fb7ec0fa0488b85afa75f624a4cd25f8454b620b0b4fd084a6f6750dcb0a6f3ceeb033fb9dd0f253a53bc4e1dfc7f03b5000cf1fa9c5f0ecbab3257146030f77f30b160b76262b8d3de2510e0984b8192caa7856a69b93f5f53db8190bb70c7daa2b052c56d38a644eb2c69d316d505848d9258c8934b1b870844e543b771f4969e25c8e9a5f825b9aaeeac6ff1cc4e956504fd07f834800413e22da22dfdc4a0c218dadd0442d305cb436dca3d835402e0362b12d02e52ae84c2e80c9fcd7a47efd6c4bc654c8148c47a2ae50f89e729676b4ee79c96991cb4484679eb8eda3517407dd402f0d1b48fcc9551275df982e34e1ee7dd2bb646b9f2ed45bc7e770cbce36566eced4dc3ddf8665232d029e9487d64848c10e8cd2b01415d3e80519cc9b2ff3218d6f239691e4800", 0x1000}}, 0x1006) ioctl$TIOCL_SETVESABLANK(r0, 0x541c, &(0x7f0000000080)) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x40101, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r2, 0x100000003, 0x0, 0x0) ioctl$VT_GETSTATE(r2, 0x5603, &(0x7f0000000000)={0x4, 0x2}) syz_open_procfs(0xffffffffffffffff, 0x0) ptrace$setopts(0x4200, 0xffffffffffffffff, 0xfffffffffffffc01, 0x42) ioctl$KDADDIO(r1, 0x400455c8, 0x0) [ 3249.997509][T21054] ? prepare_exit_to_usermode+0xfd/0x310 [ 3250.003105][T21054] ---[ end trace 0939a4953c92a62c ]--- 13:14:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014001a800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3250.062548][T21137] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 3250.072029][T14284] Bluetooth: hci0: Frame reassembly failed (-84) 13:14:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676568000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000000014001c800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467656c000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="451800000000222c140012800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140033800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b00010062726964676574000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) getpid() sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x705, 0x4000, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @dev}]}}}]}, 0x40}}, 0x0) 13:14:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140012800b0001006272696467657a000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 13:14:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x600, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b253cff39c6c6be208b00000000", @ANYRES32=0x0, @ANYBLOB="4518000000000000140064800b00010062726964676500000400028008000a00", @ANYRES32], 0x3c}}, 0x0) [ 3250.259971][T21148] netlink: 'syz-executor.3': attribute type 28 has an invalid length. [ 3250.299091][T21155] netlink: 'syz-executor.3': attribute type 51 has an invalid length. 13:14:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001780)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000007c0)="30eb2297b18c0a2ada6f46f8341ce63ccdab668e820dabde", 0x41395563) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3, 0x100000000}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@loopback, @local}, 0xc) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xda6, 0x4) fgetxattr(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="dff548771d77ce8786aca76dda6fb054ab8ea73799d7293eda90ba41a2db81fab55b5415692300a8e64bca2f60e1717f85f06a6bbca90f392b04f34940db7ffccc33ed6ea82296de9683c9e360cd1c477304bd8f9bd74d44a4c7d1c7e625a86cd54b72c5745f475a772b84977a6b05381dbe6259bc510f0f70c3e9946a78c7b5a19e97447799d930f9", 0x89}, {&(0x7f00000001c0)="96431fb1cb119741590ad657dc5e5ce3e5fe9f1f639e6a18bc7b6c1d0b424eb306f34cf2429c62c0fdefbae36740a7169721af852826d7f14b6cae8af86507ff78a1dda991aea5952f43e7e0146a3c035f0113d617240e8940c60cdf3400193bbe3a0c0b1eae5799db", 0x69}, {0x0}], 0x3) sendto$inet(r4, &(0x7f00000012c0)="1a268a927f1f6588b967480241ba78600453f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x2e00, 0x11, 0x0, 0x27) [ 3252.119161][T15793] Bluetooth: hci0: command 0x1003 tx timeout [ 3252.125185][T21048] Bluetooth: hci0: sending frame failed (-49) [ 3254.199016][T18401] Bluetooth: hci0: command 0x1001 tx timeout [ 3254.205045][T21048] Bluetooth: hci0: sending frame failed (-49) [ 3256.279179][T18401] Bluetooth: hci0: command 0x1009 tx timeout