b4e4839e47caafe561f96065457a7079fcf3ba84b293f9b934b0b13180b6d6273cb2d0f4787f4f4397143aa8a3e183b76bb7aed4c5e2f9a353b9d568e2f21e22eddfa50e9701bd43d63cded199f01fea7d4b0ede9356373d1022e6616008ed688d107c2f2819096518c0a7393ce61b6a6c640433ab0ace07687208878f21c6eb17f11f91959798f1d66d1453c7047384785840a2d5cb42f00494cf6559ccd22beab93ff22e62b7c1a425d06de42af40577aeb35287aeb107b2ba68d65c207d5060c6975079c28a16f33fe17c3e8b805392702280eff6c7b7b4daa6ed2e9fcf6f42a0aac22b1c6553ff5032336dc53a38c8bf8b5f341583a497a0ac39db8b00a3f1076c89ab9037cd92adb25e71053398709e591910e5c8edd6046133080efcfa4ce750cce280cf022ce5f5a7edcd976652b304a9837a517dbbda85fbe14123f643f93624225a8b573c43346aef3a33bdd73445b857b04d3e8ca4ef2a44a3dc64ba47dd82d4716f730f7f2415ca79e2ea9ea8198f92442f2511145391269ded11f7d658b605612b76faf348e92e0453ecc5f3c44195cc28c77d9ffb696862c2c28d0ee385578160aa1f6a4d2c6ce77a53814eb0f4f3ba531b113e73bc5b9772693025e0afa0c0cfbc85a86a1d781778c9cdb1f760631dab63e1f4dfd58c1da0c7590a8d9ffbeb1c0bdc988a2d109f4148a52ddb122d0c1a7dd1ec9d09d5f48edc52b143ea095e86160aee7d65a4c4ea6ac4ff34372bbbd4c6db43896097be676acdb2f9fa08c60dfca03a25f99520f427474cb657ca0425b4a5a266de4c45b24c925006acaa4676ff527f279c7427aedb25b15bc71e13a65c2b7335b6fe001de8a25bd38c830796ae38ed0934a5b41cd85874cc9016cd2aa323c1b1"}, 0x10) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x29c, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1108.762708] Unknown ioctl 21532 [ 1108.772714] Unknown ioctl 21532 [ 1110.470189] Bluetooth: hci0 command 0x1003 tx timeout [ 1110.475521] Bluetooth: hci0 sending frame failed (-49) [ 1110.630148] Bluetooth: hci1 command 0x1003 tx timeout [ 1110.635519] Bluetooth: hci1 sending frame failed (-49) [ 1112.550210] Bluetooth: hci0 command 0x1001 tx timeout [ 1112.555547] Bluetooth: hci0 sending frame failed (-49) [ 1112.710212] Bluetooth: hci1 command 0x1001 tx timeout [ 1112.715603] Bluetooth: hci1 sending frame failed (-49) [ 1114.630173] Bluetooth: hci0 command 0x1009 tx timeout [ 1114.790179] Bluetooth: hci1 command 0x1009 tx timeout 13:29:27 executing program 5 (fault-call:4 fault-nth:38): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:29:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$inet(0x2, 0x801, 0x0) getsockopt$sock_buf(r1, 0x1, 0x1e, &(0x7f0000499000)=""/35, &(0x7f000020a000)=0x19) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) setsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000000080)=0x8, 0x4) 13:29:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2, 0x1) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000040)={0x3, 0x3, 0x3, 0x3, 0x10001}) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:29:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:29:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:29:27 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:29:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000040)=0x6, 0x4) [ 1119.276494] Bluetooth: Unknown HCI packet type 5e [ 1119.287434] FAULT_INJECTION: forcing a failure. [ 1119.287434] name failslab, interval 1, probability 0, space 0, times 0 [ 1119.308007] CPU: 1 PID: 22204 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1119.315159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 13:29:27 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000040)=@ipx, 0xffffffffffffff47, 0x0}}], 0x1, 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x1, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000001c0)={0x7f, 0x1f, 0x5, 0xf7a1, 0x9, [{0x2, 0x3, 0xfff, 0x0, 0x0, 0x2000}, {0x20, 0x5, 0xfffffffffffffffd, 0x0, 0x0, 0x80}, {0x9, 0x1, 0x9, 0x0, 0x0, 0x2081}, {0x5, 0x4, 0x81, 0x0, 0x0, 0x1}, {0x5, 0xb1, 0x1ff, 0x0, 0x0, 0x208}, {0xd1, 0x4, 0x8, 0x0, 0x0, 0x800}, {0x28, 0xa5, 0x1}, {0x4, 0x2, 0xffffffff, 0x0, 0x0, 0x6}, {0x9, 0xe3, 0x0, 0x0, 0x0, 0x3c00}]}) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x2000, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f00000000c0)='gre0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/netlink\x00') preadv(r2, &(0x7f00000017c0), 0x1a4, 0x0) [ 1119.315165] Call Trace: [ 1119.315187] dump_stack+0x138/0x19c [ 1119.315207] should_fail.cold+0x10f/0x159 [ 1119.315226] should_failslab+0xdb/0x130 [ 1119.315245] kmem_cache_alloc_node+0x287/0x780 [ 1119.315272] __alloc_skb+0x9c/0x500 [ 1119.315287] ? skb_scrub_packet+0x4b0/0x4b0 [ 1119.315307] ? netlink_has_listeners+0x20a/0x330 [ 1119.335020] kobject_uevent_env+0x781/0xc23 [ 1119.335042] kobject_uevent+0x20/0x26 [ 1119.357745] device_add+0xa3e/0x1490 [ 1119.365859] ? device_private_init+0x190/0x190 13:29:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, &(0x7f0000000000)=@isdn, &(0x7f0000000080)=0x80, 0x80800) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x4, 0x3d8, 0x0, 0x0, 0x1d0, 0x1d0, 0x1d0, 0x340, 0x340, 0x340, 0x340, 0x340, 0x4, &(0x7f00000000c0), {[{{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@common=@socket0={0x20, 'socket\x00'}, @common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x10, 0x200, 0x0, 0x1}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x98, 0xc0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0x110, 0x170, 0x0, {}, [@common=@unspec=@nfacct={0x48, 'nfacct\x00', 0x0, {'syz1\x00', 0x20}}, @common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x90, 0x818}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @empty, 0x4, 0xf, [0xe, 0x1d, 0x9, 0x10, 0x15, 0x31, 0x22, 0x31, 0x0, 0x3e, 0x2, 0x6, 0x12, 0x35, 0x37, 0x40], 0x0, 0x4, 0x2}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0xffffffffffffffbd) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1119.374142] hci_register_dev+0x2d9/0x810 [ 1119.378300] ? __raw_spin_lock_init+0x2d/0x100 [ 1119.382900] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1119.387238] tty_ioctl+0x8f7/0x1320 [ 1119.390876] ? hci_uart_tty_poll+0x10/0x10 [ 1119.395125] ? tty_vhangup+0x30/0x30 [ 1119.398950] ? __might_sleep+0x93/0xb0 [ 1119.402906] ? __fget+0x210/0x370 [ 1119.406371] ? tty_vhangup+0x30/0x30 [ 1119.410092] do_vfs_ioctl+0x7ae/0x1060 [ 1119.413997] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1119.418765] ? lock_downgrade+0x6e0/0x6e0 [ 1119.422919] ? ioctl_preallocate+0x1c0/0x1c0 13:29:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r1, 0x2) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1119.427335] ? __fget+0x237/0x370 [ 1119.430807] ? security_file_ioctl+0x89/0xb0 [ 1119.435228] SyS_ioctl+0x8f/0xc0 [ 1119.438606] ? do_vfs_ioctl+0x1060/0x1060 [ 1119.442770] do_syscall_64+0x1e8/0x640 [ 1119.446693] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1119.451550] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1119.456741] RIP: 0033:0x4592c9 [ 1119.459936] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1119.467655] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 13:29:27 executing program 3: setreuid(0x0, 0xee00) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000040)=0x8, 0x4) mknod(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) [ 1119.474929] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1119.482205] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1119.489675] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1119.496984] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1119.506336] Bluetooth: Unknown HCI packet type 5e [ 1119.513397] Bluetooth: Unknown HCI packet type 43 [ 1119.518605] Bluetooth: Unknown HCI packet type 5e 13:29:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x100, 0x0) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000080)) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000040)='syz0\x00') bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) accept$alg(r1, 0x0, 0x0) [ 1119.525544] Bluetooth: Unknown HCI packet type 50 [ 1119.528973] device nr0 entered promiscuous mode [ 1119.534919] Bluetooth: Unknown HCI packet type 5e [ 1119.542824] Bluetooth: Unknown HCI packet type 40 [ 1121.350270] Bluetooth: hci0 command 0x1003 tx timeout [ 1121.355594] Bluetooth: hci0 sending frame failed (-49) [ 1121.510144] Bluetooth: hci1 command 0x1003 tx timeout [ 1121.515597] Bluetooth: hci1 sending frame failed (-49) [ 1123.430588] Bluetooth: hci0 command 0x1001 tx timeout [ 1123.436043] Bluetooth: hci0 sending frame failed (-49) [ 1123.590236] Bluetooth: hci1 command 0x1001 tx timeout [ 1123.595734] Bluetooth: hci1 sending frame failed (-49) [ 1125.510224] Bluetooth: hci0 command 0x1009 tx timeout [ 1125.670200] Bluetooth: hci1 command 0x1009 tx timeout 13:29:38 executing program 5 (fault-call:4 fault-nth:39): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:29:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000700)='/dev/hwrng\x00', 0x40000, 0x0) ioctl$LOOP_SET_CAPACITY(r2, 0x4c07) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x801}) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm-monitor\x00', 0x200400, 0x0) ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f00000002c0)={0x4, 0x5, "92e4810ac5a32cebfe21d4e81075233add7e8afcd05cc81e722c8492a7b888e2", 0x2, 0x8000, 0x1, 0xdc000000000000, 0x1}) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0xbc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000340)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10%\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd7\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0=p\xd6\xe3\xe4W:\xd2\xf6\xfc\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xdb\x17\xf9\xcf#)T\xcdj^\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:') bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r1, &(0x7f0000000040)="c8d7ec21ee8c717f6ed61d76ae7d2387bb69e6428bd37b9271a1c7aaca9b2c912f2868b9e7e85fa85add2991cdc3fc8c23037ed018c5b56a9c7d98e0d05d91eb9445bd1095bd15955de80b5f9ca48c2d4fb0f637c4de41f01140c379babcaba3f8adf495fc56eea5ad3fb77db676adfa5ff8ccf0758d634effa7833d5b7464de3a362bcc12711033053e7153746a8c1a26aab2f6c6615c219bc77ba680b4a33706a5d6ae68e0a17b0cb917bba1db08bda6bc63c8d3adfe97fe5075af354d1a26c4c930", &(0x7f0000000140)="2b66dc5802305a4fc78ae6480d14517660899603e5a73f9f1ebf1e3e2c261caec33de12bba4d3de3b7933cb02d7de50af78438a56012b6d300a73c5d2960d8529bd248cc121eafc9dfeba560e82e1bab83106cec725862ec91d8e78a7e5285cc1d153e0ce45e347fec885c56dd1b48ffeb387209fec2581a5388eee419731fe0566097ebe7233e2787c674225cfe8848aad4f8965b1c5503d9d048ae8838b39f7217e8b8f66d085a2d9a5259ead662321b5cd94547b7cd22b7a7f35c08f89c8ac92d3a7e25d372b3af20d84288f7a60006b4cb47450c180f2f95adb59d9485b728e5c5de", 0x3}, 0x20) ioctl$EVIOCGABS0(r3, 0x80184540, &(0x7f0000000600)=""/214) 13:29:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) setsockopt(r1, 0x9, 0x370c, &(0x7f0000001380)="043cee8ead2911a1e1abc93262d02c4f08ba984844f5fc1e635dc712df8f9f16ca66c22d1bbd7c943f6866239d664080f57daa7f4895a7d893b63237c9f6b576000bb2359a75f9eff7b5e324b09944d94dc3678360b2c3ca5abbc6e772c64aaec6e8e01e8182b4f71a394c83f8ac59499ea661a23fca89ad282b69550e447b537b369013ee258fa096e737c837e05e4c0f9cf1a5055c7b3d26bf48a2e9509f6045845ef264149287a253ac24d3f73586dc722b691fc6e79160b93755ddcfcc157afc94a33bb500579c0dc31d7b984bf88ce811e334db9975c7012d1b84035f83f6701254a1a6791134d07df58ea7cf3fb6b4aeda28e9a9038b6d4c87a5fe05b1ccfa6caf2e7c0657466e1abe06b01a84ae7a20bc4c50cb6c231476c237ecd6301aa175fe811568c2f8e97fdc5d11ebeec4c51c94f5207a3c5c2a7f781d78557369e64d28411fdbcf2c2c1bc26e91e8c458743b0a5a9f4ecfc39b3b619ebcb7f4130ff1519100b07ccd82309187555885b41f3dc2578b61869fd66be5117ea8cd2d10f2560ff264aabf6bcd19beceedbc018b1c606a773ef83e084b3fbb0a81786d1cfd51e8a81ac2db5f56e83b3b4f692dbda8b4332678ccd30762b722480958dfe902bd06c3ba6d4699ef235c64baebd7634796712ba71ceec526070c2b16d808a9273313b50ae4131491b515392a4ae2e356f717cd1ef0713363a8bf1228fe170fd5716649b408b3940a0eb6cd0125b6b0c654aab96bdfc113e1500a8063f4987242209b4a6729223cbaaaec62578cd4a60becea6250f900eae76bbd5a3aa8a18f6b3548b1050e8841b65ee422e2e5a13ef429839b814f071f07c9f7d236ed004602e8346c412f7b8cce9d32ca0bbfaeac5835478e1f14d994940f21266c23ec774d597fd320a0ee05f9084b51ff9e4ad78f3bebb6cbf761f2a397107445eec7b4c0b6d6646635ad222cfbd9ffe3cf3bd4a05d03ac72757da246c9af85ea16510edc2936e81e93061f8a5b647c91a7ff418b41888f70e299b0effd67d7b83521677636bc01cc3e03268d5de76b782575f94f2c8f8ff230a35bb77a06b4996fcf40d6bb0ba955c0431d5736a0f49804704279f4384edb15c2eaeae7dd82e27c224b53020aaa1108ed84305de85578efdda95577fb35bf2e2a4f583fad4be64efce7fbad93637485ca7de075138c99f05c506a931ef2b5907cd4c95b5cead3aee00eed22a689f2c8bd22dd0d791157e46721024f38ffd86444f14f058a09fb266123abd94ab05017fe5970f2210d1530e8080b427afa0f7cca6e7e1781a1c469859800d05bc786f8247db51129f8389d6203be1b5524342ad1e984cbb891f4f7de2c26325eb4283ff7ad33cd1e080a9e368fd033b5976ebe6a71059cda0c49beb7f2979b34ec3a304d67c9adcc5594b9c13dc7e1adfbf90b464f65496868e3e542734b38d4aa52ce8ffa44f2b6561ec72d77f509e2847628c8a6d57a7fa94d78ed73007fb7f2bc21afb10d464c986ebadf69e1c52db2c6ffcd138b3c88ff2e809904dc692c0519d243bb056d78d796c93253df127ab253e5b82d259f873b8bb00031c1d0ddd3fb682586e37f295e108a5fa66397dc1168b3db9f72e88ddd06ef56aa429e99a028fba1ff9b3c68e295cfcc6c10953c9aa95101e5c42e4d5bb5b7c0543e54f47f0898be80cd6239638766a779c1836cdc178d182b46ace45fe639e465ebf2879654afb79f87b795c351a3a437626ec17dc801d48cbd55f38a2bf71583e84f06d5375dc4647950edd9aa9496472e8352ffe49b23f0fed92112435c6e82f49d451330a72e734b3f494c371ebae3d14ee4471fd071d5c3f477a06c6fd509a12bf200187c48530139f610504db979b4880f28d456d29eaf751e04ce8f22569f9ec6f9f1ca255b7173a70024a47ae9316cf91f36bd2efa360b221247650a080eeabcd07297030f63c5941f40fbf37926f91fb8e9bd530f6ec0020bdb32d5b2a86e42ed1a55380cfd5a3e05cde398ac223ed358ce534af93e49874e3192b7c819a4f8b01f73cee25bd8bbe64b11072ae75c46a910846c87dc294c0d116774959b680c5ea4d4aff538c0bd3b434d5ae6b524f260fb98a006a412c090e9b2c64f10ac1e1295c65b457fde6209bb14ff21c66249165202cc427bfaf2b2432f2c9618894ad8f70819d80228d25ab0a65f2d9d49c2793e0290b23e03d03d43164be1162f020c86177da4a3e2fc823fa3ffa53d57c361bf82ee4defdb4540cf083f5115e975495821bd9b4b7bcbb2be8fcde9374d99bf0537198ba4d9dc8ae66717c52106164beec5b773ecec6141d975ddff12f06f33f83b3dd98ae26fe2982e6ef3f9deebdbda986e6155ba5970c6ba9cb777d52008ece768c448855a6c8566e874154f44ed2b120f4f67b7201e1763e596db94564c96d7a0f382e21446974c42c8fbc4304212350b4f0705885c98700dd82d777a7511807421dec59dc32a9af79d854fc41b5c9c983c420df45560b61fd7e44c47c76397ac2074cc3a17c07b683d75bae152ae108299a4b55d7919eba8ee1a846561650f335f84e687b893940c4a1f25e01629f5a1176ad4c622e0e74ead4fd7adcb0e5ba43bfa976c28795526e7f5442dfbbe83e6679eddb5f0d566506ed467e959e57b12bc756d8e0f0e2c12c1877d61ca6733ab64cbee2514a9a14be813064d361b5f9b7b67638cceb1af7f7f2a04f187b0408e3f1281f3bf2f51a7237c0806bf31ac361dd774bf2700e8113c553dcf11d31242da37f0867e10ff5019e10f6e7aaa590c455b8aca6883226bf4819764c9e39ae704b9160254428ac669c21a7d19ff65447a100a11638f6d23b6466f6494ca4a8c717c1ccb6aa7c24619db59a8936ea696d785ca5b25e8177f397cddfd663b317907f82fb28628c7a6509abc64f2d71b985fc3f1c26fe18e81445627e30a3615056b204221cb06ee7bc16e1286dbafcafb46292a64b0d4a7375e596de9439269a0231a5ca0283c7976ed493f5a7ffd8bc66162908ff91f02fd69f71f3fe061fe5314e548c73eb66d59b00b49f69fccf8e6e9679c2c692bf48261181512d44e99043e5d63e6cc71b055bcd6ee65b00a9e8e7e1a58c2c3c86fa3bd0df1525ee1ef488299a2267db7cdd24889effdd549ec9de7b3147b6de627c47120f85a5c4062cdf831bdcba4de60217de4f0cb5d04217372e728f89a83b17ebf47adf557b16ec79a34697bd81e2b259b8c6678517b330ed5f7d68951d18f375c681f46d3a57df6fe8fa6e87389ceae5acdd329933edc25fbea0c764ad26b8fa115cafe7727e26ba0654b4e5ae0ee66aebcd09cf58bab37e431bd064c65fe8b0011332de27847063e531e80c567f47f1baba0354cda3e8914f0547360a3a5b7eca72b91099080246b17bf0aa8e4c8f017ed5c81a5f0945ed8fa6c015bd2c2b879d5ec6020946d0f50bd2ebe0c5179a2d138c5e1212ff2d5fed6ca8b602198974a0003e92434f0062c5bd048972918dd7724f64a38daf3acbeef27b135a9c98f5ac5eab96508f45168d5d928240f3210d8776d2e76bcdcdd345cbe8b7c535ddf4b82d6787c9e936085f3dae828ec2bd5fbc74d6d2704e88b9e0ef4917bc02f677ad85c784b63be0d45c57e55995122a9196bd79af12db1c35288590f6c96f4c22ff2329c0d2d25e1de12ed61b9d598d451bc92e4fedc6c5d7baa76afddc803a4ac1e2164673f181cb300fd28ad0fac18675ab9c79c890e1f8c09af4468dde62dfbf9a807707e54468244a2da9c284af552a90c1d682428dfe85cd92feb36650d473ed167b7baf6007e1a1c3807494d84278b5cc80fea8fb4397a22df93b488d8fc3f2209738bcf16ef5a76f2c8d99885e18a5b83e6affb5268bdeac967992681d49763d7ab372d079106b76667a3037a9aa4bc89865deedeb90502435319919328ee8a427c10c01b3b97428afd2da819b63ae787821a2c117bddb69eb0978fe8e2ed1aac4e164c6a2540357149499277f06ad631c23801a5c15941ec3cc11693c911c634db53faaaf40f54fdedcdb772a71fbd8fa12ea098c8070b87e46b53571cffb1ea956ca40792e5254ecd08ed9e31139772e09a4ded148a8a4efa3d46088187a08d6d1a800cae33f123cd368b40fbce233c454da350308fbbedac07b7eb0a1ca883454b8fc84434aa340fda9c14c918dac6f262f1db313c20689d06d44e955bb93f4057f1ce0758fbe7468734a4839c746fe4b215e40643ced7966d91852d0d1b641366d4666928c893ae308a3d6f311809c840960601fe0712382a5b7d4f8704dc1df46d3e9be8c30e94ccbc63cceecfac716fe5bef10523a2ac95c4f31aba230cbc7321596c4b254dc7c875070cd837538642c20b5a4df26b1b12d8ec3ddb243b39b78a6a7b9b8266fb6ed2ee0b373f3cf0b7312e06b29ad1504bad03f47d98392d358f268ba2ef33740f404f1f696cd8ee7ef842168677a00ffd6f68778d8be2d69ea893b393df249f1ce66074582191ba1eddd29507435eb9c2f9ba322d6b316a6b2e82621df175c245dc09a79d00a660b2a80b73bbe387fd127f4933eb7d41060b7fa5dc2f65cd774a1e3ba84e2255c84e767dd7b79d63c52cb5309e2ca4e5ed38f89728a91e6affe063e32e392a84893c46bcc24357b3c9143dd17c4099d0c4be4014201d360f5b86ae8208ac4f14c6ada8a6b9bdc756c31da5b8a3eff743374185d51967f8eb7c441ba67d763d09bbb7c5891657158de7ee4a4a9e70afe38ab449541112b3590e1f8c7390f964aa982895436f7ddfd5808d01fadd9679bc4db0d26cc6483d98fef965633ddc051b5459460b034140a0cb04f8223c3a15bbef3be81e824cf7c0eaa27560d24dbe4e1bd7436aedf57f1ce6b6b0b0713a8dfde5b5c9d1e1ea04302c7035a0daf0bc0c600a03f6896ea5d5e0169df8095987961304b93af1980ab190eab1b05cca5d5ddc53f8942f667d600abe539fc249db8f6f485b25b1c9da6a9a506cb0fec169ea3291882826e496cb71b7cb6dffd6bd70d019058bf06d78668d662807ea56078b32b59a72514086d41530d543ddc2eb8f6bb87bb0ffb4a50eddf7c12955175edbf54c258c19e73f8e590dc948b399db5070901d2fb1deeac3be712bb97bb779772320ba4b521924ec836a9cdcfa95d6829e0567312b328c74a23cf0cee8ac42eb2c336fc472eaebe92ec3ec801e60e8c18e75b3b356298f0869410b04fb748d9cfdb247436b74b713d3c28fb23bf689f806a542bf06705b7b8ab8a5bce7b0777db416e4cf847cbb557cd9732a1e7329e942ef318f9979a11ae52065bd62763276140b46d0c0683919af0052283de8ad34fc85e7ac270f8a1d7df11ec7f8e4da96ae4c1bf12cf427942d930b9fdd6af2d3566013eb46175958104ec1730a007d1d2279257847d4f575790caf5bf267980d96b25b76a1b70efd1e346c7d920017b4dee23653679c186a3a93275f56f9fc4c13ede34e3537513e6ebcf0f882dd1e648db74ce0730992b4d7fb43a7fa14873d366435da698929807232eca58949a99c2f47ac21eff389509147f493bde0ef792cb108882c6bd6672d49696af65b6aa47954ffc90b6cb776f6b38baa74ab571850470658551fcec532603620aca0a022209be9b13ce545db088cb38252616dc42e8783ab18c114b94ee13db106238e7e4388fa35d1da196d1edd43a1f7783121b2fd2ac91cb82923bb24602576fb36c80c40f0d5a1a72b70d42da18f0285e1c04b771efcdb312554046234e58f9a7752de5a579c59ebed396eae47", 0x1000) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:29:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:29:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:29:38 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x109401) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000140)={0x8, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}, {}]}) [ 1130.135997] Bluetooth: Unknown HCI packet type 5e 13:29:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x10000, 0x10001) ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000040)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000000080)=""/26, &(0x7f00000000c0)=0x1a) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r3 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r3, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1130.164237] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 1130.193648] FAULT_INJECTION: forcing a failure. [ 1130.193648] name failslab, interval 1, probability 0, space 0, times 0 [ 1130.211403] CPU: 1 PID: 22245 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1130.218689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1130.228033] Call Trace: [ 1130.230616] dump_stack+0x138/0x19c [ 1130.234238] should_fail.cold+0x10f/0x159 [ 1130.238493] should_failslab+0xdb/0x130 [ 1130.242463] kmem_cache_alloc_node_trace+0x280/0x770 [ 1130.247563] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1130.253060] __kmalloc_node_track_caller+0x3d/0x80 [ 1130.257996] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1130.262667] __alloc_skb+0xcf/0x500 [ 1130.266277] ? skb_scrub_packet+0x4b0/0x4b0 [ 1130.270597] ? netlink_has_listeners+0x20a/0x330 [ 1130.275482] kobject_uevent_env+0x781/0xc23 [ 1130.279832] kobject_uevent+0x20/0x26 [ 1130.283653] device_add+0xa3e/0x1490 [ 1130.287405] ? device_private_init+0x190/0x190 [ 1130.291987] hci_register_dev+0x2d9/0x810 [ 1130.296260] ? __raw_spin_lock_init+0x2d/0x100 [ 1130.300842] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1130.305298] tty_ioctl+0x8f7/0x1320 [ 1130.308917] ? hci_uart_tty_poll+0x10/0x10 [ 1130.313161] ? tty_vhangup+0x30/0x30 [ 1130.316869] ? __might_sleep+0x93/0xb0 [ 1130.320752] ? __fget+0x210/0x370 [ 1130.324202] ? tty_vhangup+0x30/0x30 [ 1130.327911] do_vfs_ioctl+0x7ae/0x1060 [ 1130.331793] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1130.336554] ? lock_downgrade+0x6e0/0x6e0 [ 1130.340761] ? ioctl_preallocate+0x1c0/0x1c0 [ 1130.345170] ? __fget+0x237/0x370 [ 1130.348620] ? security_file_ioctl+0x89/0xb0 [ 1130.353114] SyS_ioctl+0x8f/0xc0 [ 1130.356520] ? do_vfs_ioctl+0x1060/0x1060 [ 1130.360789] do_syscall_64+0x1e8/0x640 [ 1130.364675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1130.369505] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1130.374685] RIP: 0033:0x4592c9 [ 1130.377856] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1130.385550] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1130.392807] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1130.400060] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1130.407322] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 13:29:38 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x900, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000040)={0x8, 0x1, 0x1, 0x5ce00000000, 0xf, 0x5}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1130.414672] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1130.425977] Bluetooth: Unknown HCI packet type 5e [ 1130.431924] Bluetooth: Unknown HCI packet type 43 [ 1130.437348] Bluetooth: Unknown HCI packet type 5e [ 1130.443463] Bluetooth: Unknown HCI packet type 50 [ 1130.448474] Bluetooth: Unknown HCI packet type 5e [ 1130.453895] Bluetooth: Unknown HCI packet type 40 13:29:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:29:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000040)={{0x2, 0x4e20, @broadcast}, {0x306, @link_local}, 0x30, {0x2, 0x4e20, @empty}, 'ip6gretap0\x00'}) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1130.507523] Unknown ioctl -1072667624 [ 1130.523145] Unknown ioctl -1072667624 13:29:38 executing program 3: r0 = syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x0, 0x80) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000200)={0x1, 0x80000000, [{0x2, 0x0, 0x4}]}) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) futimesat(r0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)={{r1, r2/1000+10000}, {0x0, 0x7530}}) r3 = semget$private(0x0, 0x7, 0x0) r4 = creat(&(0x7f0000000000)='./file0\x00', 0x24) futimesat(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={{}, {0x77359400}}) semtimedop(r3, &(0x7f00000000c0)=[{0x4, 0x3ff}, {0x4, 0x8}, {}], 0x3, 0x0) 13:29:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) socket$bt_bnep(0x1f, 0x3, 0x4) [ 1132.150132] Bluetooth: hci0 command 0x1003 tx timeout [ 1132.155472] Bluetooth: hci0 sending frame failed (-49) [ 1132.470171] Bluetooth: hci1 command 0x1003 tx timeout [ 1132.475531] Bluetooth: hci1 sending frame failed (-49) [ 1134.230248] Bluetooth: hci0 command 0x1001 tx timeout [ 1134.235821] Bluetooth: hci0 sending frame failed (-49) [ 1134.550152] Bluetooth: hci1 command 0x1001 tx timeout [ 1134.555552] Bluetooth: hci1 sending frame failed (-49) [ 1136.310108] Bluetooth: hci0 command 0x1009 tx timeout [ 1136.630166] Bluetooth: hci1 command 0x1009 tx timeout 13:29:49 executing program 5 (fault-call:4 fault-nth:40): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:29:49 executing program 1: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xa86, 0xa000) connect$llc(r0, &(0x7f0000000040)={0x1a, 0x338, 0x290, 0x3, 0x800, 0x3, @broadcast}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) ioctl$SCSI_IOCTL_SYNC(r2, 0x4) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:29:49 executing program 3: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f00000000c0)) mkdir(0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x300, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, 0x0) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) getpeername(r2, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000440), 0x400000000000211, 0x810) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x6685) 13:29:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r1, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:29:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:29:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) r2 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x4, 0x2000) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000002c0)={0x3, @win={{0xadce, 0x0, 0xf37a, 0x5d8}, 0x9, 0x8001, &(0x7f0000000180)={{0x7, 0x3ff, 0x6, 0x8}, &(0x7f0000000140)={{0x0, 0x4, 0x1, 0x101}, &(0x7f0000000080)={{0x7ff, 0xcea, 0x3, 0x5}}}}, 0x4, &(0x7f00000001c0)="b3cf58e2db9a716361f1784844f306e92746f51de7cd1fbbdf732a3227311b0d084565259ad231eb42ce644d5da7b80d57ea5950e1646205300b5de9af2533f6936ba2b67524459df1a9ff94ed16d4a78885827cddeb9b65c8525f5b9ac0c65f1e684f8186799c2a3ef0c0822ecc95d409d38e3ba178e838cf01fcbb68054258000a1c9f27595eee6d4850216a54922bf19d74fba6430b71a00566208a52cfe4f6c434ebe91bc1f0400b8def8aaa2fad42e294569f7a156c811ff6080ea35e8755b51d74de625eff9d7b98dba41231de5c27df", 0x3}}) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000003c0)=0x8000, 0x4) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:29:49 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x3, 0x141001) pwritev(r0, &(0x7f00000004c0)=[{&(0x7f0000000180)="9113933a90f1885c228c251311b7ae35f14d5c7167a30b89124361e92dca5cf494", 0x21}, {&(0x7f00000001c0)="6c4f47783e29ec7c731dc508cb7f28b7f78bfe5e48eeff3cfa6fb3c743a868cfd3a9a17358c1aa68ec65ef14fa213638928177f7ba3baa", 0x37}, {&(0x7f0000000200)="c9681be92c5adf6ee6fbe29cfb7e841c73c67a5f1f5186d4a9bc086d19eb300c8d187b1e0e794b00267861", 0x2b}, {&(0x7f0000000240)="8be6a557b67c935e70f3c048bd16d8d93639d557e96d9c6576da5297b40c99fd5c1c6b833cbc2214d857ff3cdc8bd82b42dcfb3deaae3e311d5adb5f638c50d4826b299376e737c7423c45bbcb2f6924b19d7662217220bbaac632c92da96f2759e7d7c9f62a9b9001eb1ddd15c6d710c2ab6a3c51f46150b5f11405650098db977babd5bb08667194e88ee24810c593c159817bc788de7f4d1bba1cdb98c9c114ead582455a0b70c7b2da24975542a8ee474c8c775b0625f1ff721aa050a1bae33d96d48626d7466ceab4d4405b84a0a31656bf534810b4", 0xd8}, {&(0x7f0000000340)="c5e22b5bc5077458c86abba31f2bb6f501ea3fdbacc6fae7da3a537474fd7e807e5109d4613fa15638343704d4cb892196e35b9be0cf1e03a8296257c7f5f4a5693eed8cc0fba44037450de9d5700833c412c05fc9cc994d20055ffc4a9ca66ce3053673f0249d772ad2364736d0695070620ecfcd0fe3c73b825c032cbd7e8ea41daeb2174e93db8ce736a2f4b4eb5c709df9a555723183f3c9ea670adf01e162da387d0089ac34aab6548a3880fc948c9ceba2c55424ce048f3fc2a881", 0xbe}, {&(0x7f0000000400)="de4ee31f682c03c27ad0347ae7fa903a6746cd507367e5c955c91b06b90320758bd3ea4d8228135f2e7c99da3d1b334e5f7785e8802a5f28e819616837f447d661656f9657514b470cb0ba7858d65fd0084415888f6369ed5f79f30f6e722e332bd7bc4fca8c03b259630a6cfffbdcc96d5046ced0f26899e19d06d77e6dfd7a588dc38845bf32fdca5f9be9486ceb60a4e8f4fdebc50c5c207267c844560416600d3fe4", 0xa4}], 0x6, 0x5) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000600)={0x2, r0}) bind$alg(r1, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000007c0)={0x0, 0x56b4}, &(0x7f0000000780)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000680)={r2, 0x10001}, &(0x7f00000006c0)=0x8) r3 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000600)=ANY=[], 0xfec8) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x4c000, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000640)=0xfffdffffffffffff, 0x150) ioctl$VIDIOC_QUERY_DV_TIMINGS(r4, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) recvmmsg(r3, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f0000000540)=""/167, 0xa7}], 0x1, 0x0, 0x16e}, 0xffffffffffffffff}], 0x1, 0x2, 0x0) [ 1140.995869] Bluetooth: Unknown HCI packet type 5e [ 1141.058820] FAULT_INJECTION: forcing a failure. [ 1141.058820] name failslab, interval 1, probability 0, space 0, times 0 [ 1141.076428] CPU: 0 PID: 22291 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1141.083644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.093059] Call Trace: [ 1141.095804] dump_stack+0x138/0x19c [ 1141.099442] should_fail.cold+0x10f/0x159 [ 1141.103583] should_failslab+0xdb/0x130 [ 1141.107551] kmem_cache_alloc_node+0x287/0x780 [ 1141.112128] __alloc_skb+0x9c/0x500 [ 1141.115923] ? skb_scrub_packet+0x4b0/0x4b0 [ 1141.120300] ? netlink_has_listeners+0x20a/0x330 [ 1141.125110] kobject_uevent_env+0x781/0xc23 [ 1141.129487] kobject_uevent+0x20/0x26 [ 1141.133289] device_add+0xa3e/0x1490 [ 1141.136997] ? device_private_init+0x190/0x190 [ 1141.141575] hci_register_dev+0x2d9/0x810 [ 1141.145722] ? __raw_spin_lock_init+0x2d/0x100 [ 1141.150429] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1141.154759] tty_ioctl+0x8f7/0x1320 13:29:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1, 0x0, 0xfffffffffffffc86}}], 0x1, 0x0, 0x0) [ 1141.158477] ? hci_uart_tty_poll+0x10/0x10 [ 1141.162820] ? tty_vhangup+0x30/0x30 [ 1141.166529] ? __might_sleep+0x93/0xb0 [ 1141.170399] ? __fget+0x210/0x370 [ 1141.173851] ? tty_vhangup+0x30/0x30 [ 1141.177550] do_vfs_ioctl+0x7ae/0x1060 [ 1141.181423] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1141.186163] ? lock_downgrade+0x6e0/0x6e0 [ 1141.190293] ? ioctl_preallocate+0x1c0/0x1c0 [ 1141.194692] ? __fget+0x237/0x370 [ 1141.198251] ? security_file_ioctl+0x89/0xb0 [ 1141.202660] SyS_ioctl+0x8f/0xc0 [ 1141.206028] ? do_vfs_ioctl+0x1060/0x1060 [ 1141.210165] do_syscall_64+0x1e8/0x640 [ 1141.214056] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1141.218902] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1141.224091] RIP: 0033:0x4592c9 [ 1141.227266] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1141.235031] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1141.242297] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1141.249616] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:29:49 executing program 3: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000940)='/dev/sequencer2\x00', 0x145900, 0x0) [ 1141.256890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1141.264154] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1141.278508] Bluetooth: Unknown HCI packet type 5e [ 1141.283924] Bluetooth: Unknown HCI packet type 43 [ 1141.289347] Bluetooth: Unknown HCI packet type 5e [ 1141.298629] Bluetooth: Unknown HCI packet type 50 13:29:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0xff14) r1 = syz_open_dev$sndpcmp(&(0x7f0000000240)='/dev/snd/pcmC#D#p\x00', 0x400, 0x10000) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@multicast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f00000003c0)=0xe8) sendmsg$nl_route_sched(r1, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800220}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000002e00020326bd7000fddbdf2500000000", @ANYRES32=r2, @ANYBLOB="0f00f9ff00000000e0fff3ff08000b0000000000b7892ce058bb3efbc65bfb3a1ed339ba6db9636e592d971ab9dfc84d4b60debe83f1bda74132308f5af3f70d73296ab5ddca46615df29c47e304651702244d5a8137227891582f3a786371a3bde2be219973bb02d2aa7546f7a73ac6179ebf75f59ff78a536b8fb00821211b670808a2a3447385b8eae38b3700526c3c1ed83a12a0883d5edb32ecf00bd30105ad6d83c5128c8492e28174fe256098aadd693103c4f35053adeccc87312533e81ad2e553d101f375abb528c4"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) r3 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r3, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:29:49 executing program 3: [ 1141.308427] Bluetooth: Unknown HCI packet type 5e [ 1141.317992] Bluetooth: Unknown HCI packet type 40 13:29:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r1, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1143.030152] Bluetooth: hci0 command 0x1003 tx timeout [ 1143.035471] Bluetooth: hci0 sending frame failed (-49) [ 1143.350156] Bluetooth: hci1 command 0x1003 tx timeout [ 1143.355538] Bluetooth: hci1 sending frame failed (-49) [ 1145.110204] Bluetooth: hci0 command 0x1001 tx timeout [ 1145.115538] Bluetooth: hci0 sending frame failed (-49) [ 1145.430202] Bluetooth: hci1 command 0x1001 tx timeout [ 1145.435643] Bluetooth: hci1 sending frame failed (-49) [ 1147.190285] Bluetooth: hci0 command 0x1009 tx timeout [ 1147.510143] Bluetooth: hci1 command 0x1009 tx timeout 13:30:00 executing program 5 (fault-call:4 fault-nth:41): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:30:00 executing program 3: 13:30:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x8001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x5b, 0x3, 0x7, 'queue0\x00', 0xfffffffffffffff7}) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:30:00 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r1, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(0xffffffffffffffff) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:30:00 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000000)={0x0, 0x2b, "5d02932b1d6085cc7b418a51725b480160151f91776e56fc0dacf6207181b3a960ff97bfb76e639f997c05"}, &(0x7f0000000080)=0x33) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000140)={r2, 0x8}, 0x8) ioctl$KDADDIO(r1, 0x400455c8, 0x0) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:30:00 executing program 3: 13:30:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) r1 = dup3(r0, r0, 0x80000) ftruncate(r0, 0x10001) ioctl$sock_x25_SIOCADDRT(r1, 0x890b, &(0x7f0000000000)={@null=' \x00', 0xf, 'lo\x00'}) socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1151.916000] Bluetooth: hci0: Frame reassembly failed (-84) [ 1151.950900] FAULT_INJECTION: forcing a failure. [ 1151.950900] name failslab, interval 1, probability 0, space 0, times 0 [ 1151.972056] CPU: 0 PID: 22335 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1151.979209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.979216] Call Trace: [ 1151.979240] dump_stack+0x138/0x19c [ 1151.979263] should_fail.cold+0x10f/0x159 [ 1151.998980] should_failslab+0xdb/0x130 [ 1151.998995] kmem_cache_alloc_node+0x287/0x780 [ 1151.999014] __alloc_skb+0x9c/0x500 [ 1152.007553] ? skb_scrub_packet+0x4b0/0x4b0 [ 1152.007569] ? netlink_has_listeners+0x20a/0x330 [ 1152.007583] kobject_uevent_env+0x781/0xc23 [ 1152.007601] kobject_uevent+0x20/0x26 [ 1152.028367] device_add+0xa3e/0x1490 [ 1152.032080] ? device_private_init+0x190/0x190 [ 1152.036664] hci_register_dev+0x2d9/0x810 [ 1152.040803] ? __raw_spin_lock_init+0x2d/0x100 [ 1152.045384] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1152.049872] tty_ioctl+0x8f7/0x1320 [ 1152.053510] ? hci_uart_tty_poll+0x10/0x10 [ 1152.057742] ? tty_vhangup+0x30/0x30 [ 1152.061446] ? __might_sleep+0x93/0xb0 [ 1152.065330] ? __fget+0x210/0x370 [ 1152.068927] ? tty_vhangup+0x30/0x30 [ 1152.072647] do_vfs_ioctl+0x7ae/0x1060 [ 1152.076546] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1152.081312] ? lock_downgrade+0x6e0/0x6e0 [ 1152.085481] ? ioctl_preallocate+0x1c0/0x1c0 [ 1152.090110] ? __fget+0x237/0x370 [ 1152.093585] ? security_file_ioctl+0x89/0xb0 [ 1152.097994] SyS_ioctl+0x8f/0xc0 [ 1152.101357] ? do_vfs_ioctl+0x1060/0x1060 [ 1152.105502] do_syscall_64+0x1e8/0x640 [ 1152.109415] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1152.114261] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1152.119561] RIP: 0033:0x4592c9 [ 1152.122741] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1152.130466] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1152.137733] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1152.145086] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1152.152368] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1152.159728] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:30:00 executing program 3: [ 1152.171696] Bluetooth: Unknown HCI packet type 5e [ 1152.176561] Bluetooth: Unknown HCI packet type 43 [ 1152.183684] Bluetooth: Unknown HCI packet type 5e [ 1152.192129] device nr0 entered promiscuous mode [ 1152.194190] Bluetooth: Unknown HCI packet type 50 [ 1152.218144] Bluetooth: Unknown HCI packet type 5e [ 1152.226429] Bluetooth: Unknown HCI packet type 40 13:30:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000100)={'mangle\x00'}, &(0x7f0000000040)=0x54) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x6b) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:30:00 executing program 3: 13:30:00 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, 0x0) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1153.990131] Bluetooth: hci0 command 0x1003 tx timeout [ 1153.995598] Bluetooth: hci0 sending frame failed (-49) [ 1154.240157] Bluetooth: hci1 command 0x1003 tx timeout [ 1154.245589] Bluetooth: hci1 sending frame failed (-49) [ 1156.070229] Bluetooth: hci0 command 0x1001 tx timeout [ 1156.075729] Bluetooth: hci0 sending frame failed (-49) [ 1156.310204] Bluetooth: hci1 command 0x1001 tx timeout [ 1156.315639] Bluetooth: hci1 sending frame failed (-49) [ 1158.150153] Bluetooth: hci0 command 0x1009 tx timeout [ 1158.390122] Bluetooth: hci1 command 0x1009 tx timeout 13:30:11 executing program 5 (fault-call:4 fault-nth:42): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:30:11 executing program 3: 13:30:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0xff7d) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x80) ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000040)) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:30:11 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, 0x0) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(0xffffffffffffffff) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:30:11 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2180) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @loopback}}, 0x5, 0xfffffffffffffffe, 0x22, 0x39}, &(0x7f0000000080)=0x98) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000200)=ANY=[@ANYRES32=r3, @ANYBLOB="c7000000b9d00a5f2c7dfa01efe619c52e62355636e4b739ab8efd467b1c8f2f27b5bbcfa6aeaf5e168d9d3a97d49f1bfe40e9e80227de9f8e2651ff010e088bdbab7318716f24839dcc1ab5750ff370e47a88f274b0f023433c37bc1542b1d860156b3c7bb13c32399f087df501fa0c10c189cf1c82df75b803ddcdb00faac756e5c8d99480e9481a8b7c292712959ac3ec972b62440877c8369cbc827f452e7537cca4013e7df46c5e48ef080045fd8f959f810a5dbe827e1da3147f070113442d3eab"], &(0x7f0000000300)=0xcf) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:30:11 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = accept$alg(r0, 0x0, 0x0) getsockopt(r1, 0x1, 0x7, 0x0, &(0x7f00000000c0)) 13:30:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000000)) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') ioctl$SIOCAX25ADDFWD(r2, 0x89ea, &(0x7f0000000080)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x2, 0xb, 0x1}) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) bind$vsock_dgram(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @host}, 0x10) [ 1162.777180] Bluetooth: hci0 sending frame failed (-49) [ 1162.793126] FAULT_INJECTION: forcing a failure. [ 1162.793126] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.805381] CPU: 1 PID: 22371 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1162.812485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1162.821824] Call Trace: [ 1162.821844] dump_stack+0x138/0x19c [ 1162.821858] should_fail.cold+0x10f/0x159 [ 1162.821869] should_failslab+0xdb/0x130 [ 1162.821878] kmem_cache_alloc_node_trace+0x280/0x770 [ 1162.821887] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1162.821896] __kmalloc_node_track_caller+0x3d/0x80 [ 1162.821911] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1162.828133] __alloc_skb+0xcf/0x500 [ 1162.828140] ? skb_scrub_packet+0x4b0/0x4b0 [ 1162.828150] ? netlink_has_listeners+0x20a/0x330 [ 1162.828159] kobject_uevent_env+0x781/0xc23 [ 1162.828169] kobject_uevent+0x20/0x26 [ 1162.828177] device_add+0xa3e/0x1490 [ 1162.828184] ? device_private_init+0x190/0x190 [ 1162.828195] hci_register_dev+0x2d9/0x810 [ 1162.828202] ? __raw_spin_lock_init+0x2d/0x100 [ 1162.828213] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1162.828224] tty_ioctl+0x8f7/0x1320 [ 1162.828228] ? hci_uart_tty_poll+0x10/0x10 [ 1162.828234] ? tty_vhangup+0x30/0x30 [ 1162.828246] ? __might_sleep+0x93/0xb0 [ 1162.828253] ? __fget+0x210/0x370 [ 1162.828262] ? tty_vhangup+0x30/0x30 [ 1162.828269] do_vfs_ioctl+0x7ae/0x1060 [ 1162.828278] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1162.828286] ? lock_downgrade+0x6e0/0x6e0 [ 1162.828301] ? ioctl_preallocate+0x1c0/0x1c0 [ 1162.938642] ? __fget+0x237/0x370 [ 1162.942086] ? security_file_ioctl+0x89/0xb0 [ 1162.946537] SyS_ioctl+0x8f/0xc0 [ 1162.949981] ? do_vfs_ioctl+0x1060/0x1060 [ 1162.954120] do_syscall_64+0x1e8/0x640 [ 1162.957987] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1162.962822] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1162.968117] RIP: 0033:0x4592c9 13:30:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) sendto$inet(r1, 0x0, 0xffffffffffffff3d, 0x400200007fe, &(0x7f00000000c0)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 13:30:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/btrfs-control\x00', 0x402500, 0x0) getsockopt$inet_mreq(r2, 0x0, 0x0, &(0x7f00000002c0)={@multicast2}, &(0x7f0000000300)=0x8) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r3, 0xc0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x8, 0x5}, 0x0, 0x0, &(0x7f00000000c0)={0x5, 0x6, 0x80000000, 0x9f7b}, &(0x7f0000000100)=0xfff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x7}}, 0x10) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1162.971290] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1162.978994] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1162.986358] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1162.993690] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1163.000960] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1163.008316] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:30:11 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, 0x0) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:11 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x7, 0x1, 0x0, "dcc3be6175bdf7718f56a6e2217c8d244cfe1172b2010000004000"}) [ 1164.790158] Bluetooth: hci0 command 0x1003 tx timeout [ 1164.795592] Bluetooth: hci0 sending frame failed (-49) [ 1165.030497] Bluetooth: hci1 command 0x1003 tx timeout [ 1165.035910] Bluetooth: hci1 sending frame failed (-49) [ 1166.870289] Bluetooth: hci0 command 0x1001 tx timeout [ 1166.876277] Bluetooth: hci0 sending frame failed (-49) [ 1167.110541] Bluetooth: hci1 command 0x1001 tx timeout [ 1167.116347] Bluetooth: hci1 sending frame failed (-49) [ 1168.951141] Bluetooth: hci0 command 0x1009 tx timeout [ 1169.190465] Bluetooth: hci1 command 0x1009 tx timeout 13:30:22 executing program 5 (fault-call:4 fault-nth:43): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:30:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12-neon\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) chmod(&(0x7f0000000000)='./file0\x00', 0x34) 13:30:22 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) r1 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) sendfile(r0, r1, 0x0, 0x102002700) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) 13:30:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(0xffffffffffffffff) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:30:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) prctl$PR_GET_NO_NEW_PRIVS(0x27) 13:30:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xffffffffffffffff, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1173.666489] Bluetooth: Unknown HCI packet type 5e [ 1173.695198] FAULT_INJECTION: forcing a failure. [ 1173.695198] name failslab, interval 1, probability 0, space 0, times 0 [ 1173.719247] CPU: 1 PID: 22411 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1173.726412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1173.735792] Call Trace: [ 1173.738406] dump_stack+0x138/0x19c [ 1173.738438] should_fail.cold+0x10f/0x159 [ 1173.746242] should_failslab+0xdb/0x130 [ 1173.750240] kmem_cache_alloc_node+0x287/0x780 [ 1173.754853] __alloc_skb+0x9c/0x500 [ 1173.754866] ? skb_scrub_packet+0x4b0/0x4b0 [ 1173.754882] ? netlink_has_listeners+0x20a/0x330 [ 1173.754897] kobject_uevent_env+0x781/0xc23 [ 1173.754915] kobject_uevent+0x20/0x26 [ 1173.754929] device_add+0xa3e/0x1490 [ 1173.754941] ? device_private_init+0x190/0x190 [ 1173.754957] hci_register_dev+0x2d9/0x810 [ 1173.754970] ? __raw_spin_lock_init+0x2d/0x100 [ 1173.754985] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1173.755000] tty_ioctl+0x8f7/0x1320 [ 1173.755009] ? hci_uart_tty_poll+0x10/0x10 [ 1173.755037] ? tty_vhangup+0x30/0x30 [ 1173.763021] ? __might_sleep+0x93/0xb0 [ 1173.763034] ? __fget+0x210/0x370 [ 1173.763053] ? tty_vhangup+0x30/0x30 [ 1173.763065] do_vfs_ioctl+0x7ae/0x1060 [ 1173.763079] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1173.763100] ? lock_downgrade+0x6e0/0x6e0 [ 1173.833106] ? ioctl_preallocate+0x1c0/0x1c0 [ 1173.837522] ? __fget+0x237/0x370 [ 1173.840983] ? security_file_ioctl+0x89/0xb0 [ 1173.845404] SyS_ioctl+0x8f/0xc0 [ 1173.848769] ? do_vfs_ioctl+0x1060/0x1060 [ 1173.853019] do_syscall_64+0x1e8/0x640 [ 1173.856918] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1173.861784] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1173.866974] RIP: 0033:0x4592c9 [ 1173.870164] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1173.878001] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1173.885272] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 13:30:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)={0x0, 0xcd, "fbec3506f18a728069fc56451fd60688345114da879218c201111336d1d8453eda80f5e1aa82379193c7d311290d5ed601862c30cbf7def186a56d856a6b8bc10d74242d1767dc0b6ed27954291ffeb63e26b1a3a49532bbe96bf3f2653a783f8594a47f7421e63ba66cca7241cc6defff9c8eaf93eade9d9ca8c59be48ed620f04a23d69a635d5083756e5d6ac5116550fa340df49dfb0f5d689ccff7fcf6c3bf4745fc8ec491f2a6bf1c8226fcc8dcc5572c29e0bc2e78610a31fbbbe8c0efa4ff161814f705023943abd577"}, &(0x7f0000000180)=0xd5) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)={r2, 0xddf5, 0x5, [0x1, 0x3ff, 0x5, 0x3, 0x0]}, &(0x7f0000000200)=0x12) inotify_init1(0x80800) r3 = syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x40, 0xc00) inotify_add_watch(r3, &(0x7f0000000280)='./file0\x00', 0x4) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1173.892546] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1173.899825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1173.907373] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:30:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) getsockname$netrom(r0, &(0x7f0000000000)={{}, [@netrom, @rose, @null, @null, @rose, @netrom, @default, @null]}, &(0x7f0000000080)=0x48) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0xffffffffffffffe0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) socket$inet6_udp(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:30:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xffffffffffffffff, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000000)={0x7f, {{0x2, 0x4e22, @multicast2}}}, 0x88) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:30:22 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = eventfd2(0x0, 0x0) write$P9_RLERRORu(r0, 0x0, 0x0) 13:30:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, 0x0) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1175.670149] Bluetooth: hci0 command 0x1003 tx timeout [ 1175.676813] Bluetooth: hci0 sending frame failed (-49) [ 1175.990186] Bluetooth: hci1 command 0x1003 tx timeout [ 1175.995543] Bluetooth: hci1 sending frame failed (-49) [ 1177.750220] Bluetooth: hci0 command 0x1001 tx timeout [ 1177.755635] Bluetooth: hci0 sending frame failed (-49) [ 1178.070269] Bluetooth: hci1 command 0x1001 tx timeout [ 1178.075658] Bluetooth: hci1 sending frame failed (-49) [ 1179.830209] Bluetooth: hci0 command 0x1009 tx timeout [ 1180.150224] Bluetooth: hci1 command 0x1009 tx timeout 13:30:32 executing program 5 (fault-call:4 fault-nth:44): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:30:32 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x80000, 0x0) write$FUSE_POLL(r2, &(0x7f0000000040)={0x18, 0xfffffffffffffff5, 0x6, {0x4}}, 0x18) 13:30:32 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xffffffffffffffff, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:32 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:30:32 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_int(r0, 0x0, 0x3f, &(0x7f0000000000)=0x9, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCGPTPEER(r1, 0x5441, 0x4800000) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:30:32 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0xfe8a) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x3) [ 1184.584786] Bluetooth: Unknown HCI packet type 5e [ 1184.589771] Bluetooth: Unknown HCI packet type 43 [ 1184.612746] FAULT_INJECTION: forcing a failure. [ 1184.612746] name failslab, interval 1, probability 0, space 0, times 0 13:30:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000580)=[{{&(0x7f0000000000)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000000480)=[{&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000000080)=""/33, 0x21}, {&(0x7f00000000c0)=""/32, 0x20}, {&(0x7f0000000100)=""/202, 0xca}, {&(0x7f0000000200)=""/134, 0x86}, {&(0x7f00000002c0)=""/154, 0x9a}, {&(0x7f0000000380)=""/87, 0x57}, {&(0x7f0000000400)=""/117, 0x75}], 0x8, &(0x7f0000000500)=""/100, 0x64}, 0xf337}], 0x1, 0x40000000, &(0x7f00000005c0)={0x0, 0x1c9c380}) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1184.639594] CPU: 1 PID: 22465 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1184.646771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1184.656231] Call Trace: [ 1184.656272] dump_stack+0x138/0x19c [ 1184.656305] should_fail.cold+0x10f/0x159 [ 1184.656325] should_failslab+0xdb/0x130 [ 1184.656346] kmem_cache_alloc_node_trace+0x280/0x770 [ 1184.656364] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1184.681380] __kmalloc_node_track_caller+0x3d/0x80 [ 1184.686364] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1184.691109] __alloc_skb+0xcf/0x500 [ 1184.694869] ? skb_scrub_packet+0x4b0/0x4b0 [ 1184.699235] ? netlink_has_listeners+0x20a/0x330 [ 1184.704030] kobject_uevent_env+0x781/0xc23 [ 1184.708388] kobject_uevent+0x20/0x26 [ 1184.712293] device_add+0xa3e/0x1490 [ 1184.716291] ? device_private_init+0x190/0x190 [ 1184.721586] hci_register_dev+0x2d9/0x810 [ 1184.725748] ? __raw_spin_lock_init+0x2d/0x100 [ 1184.730351] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1184.734705] tty_ioctl+0x8f7/0x1320 [ 1184.738388] ? hci_uart_tty_poll+0x10/0x10 [ 1184.742639] ? tty_vhangup+0x30/0x30 [ 1184.746385] ? __might_sleep+0x93/0xb0 [ 1184.750295] ? __fget+0x210/0x370 [ 1184.753895] ? tty_vhangup+0x30/0x30 [ 1184.757639] do_vfs_ioctl+0x7ae/0x1060 [ 1184.761575] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1184.766579] ? lock_downgrade+0x6e0/0x6e0 [ 1184.770748] ? ioctl_preallocate+0x1c0/0x1c0 [ 1184.775209] ? __fget+0x237/0x370 [ 1184.780052] ? security_file_ioctl+0x89/0xb0 [ 1184.784652] SyS_ioctl+0x8f/0xc0 [ 1184.788167] ? do_vfs_ioctl+0x1060/0x1060 [ 1184.792454] do_syscall_64+0x1e8/0x640 [ 1184.796360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1184.801233] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1184.806430] RIP: 0033:0x4592c9 [ 1184.809638] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1184.817360] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1184.824666] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1184.832027] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1184.839344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1184.846626] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1184.861997] Bluetooth: Unknown HCI packet type 5e [ 1184.868916] Bluetooth: Unknown HCI packet type 43 [ 1184.875193] Bluetooth: Unknown HCI packet type 5e 13:30:33 executing program 1: bind$alg(0xffffffffffffffff, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x28001000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x20, 0x70bd2d, 0x5, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4080}, 0x40004) r2 = accept$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:30:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0xdbd19929d4f5ebeb) fanotify_init(0x40, 0x40002) r1 = accept$alg(r0, 0x0, 0x0) r2 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x200, 0x208000) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000240)={{{@in=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}}}, &(0x7f0000000340)=0xe8) sendmsg$nl_route_sched(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4100}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=@newqdisc={0x74, 0x24, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, r3, {0xffff, 0xb}, {0xfff3, 0x2}, {0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8, 0x1, 'sfq\x00'}, {0x48, 0x2, {{0x3, 0x96eb, 0x3, 0x3, 0x100}, 0xad9b, 0x1, 0xffff, 0x5, 0x9, 0x1a, 0x9, 0x1e, 0x4, {0x9, 0x1, 0x9, 0x8, 0xc52, 0x80}}}}]}, 0x74}}, 0xee750835d1f58172) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r4, 0xc10c5541, &(0x7f0000000040)={0x0, 0x6, 0x9, 0x0, 0x0, [], [], [], 0xffffffffffffffe1, 0x3ff}) [ 1184.887561] device nr0 entered promiscuous mode [ 1184.908342] device nr0 entered promiscuous mode [ 1184.909581] Bluetooth: Unknown HCI packet type 50 [ 1184.928753] Bluetooth: Unknown HCI packet type 5e [ 1184.935812] Bluetooth: Unknown HCI packet type 40 13:30:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:33 executing program 1: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x1) r1 = dup(r0) r2 = socket$alg(0x26, 0x5, 0x0) accept4$alg(r2, 0x0, 0x0, 0x80000) bind$alg(r2, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100), &(0x7f0000000140)=0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0xfffffffffffffcf7) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$VIDIOC_S_TUNER(r3, 0x4054561e, &(0x7f0000000040)={0x1, "d95130b4c31e032539d91187687173e05bd74a62310009957bee131de515de7b", 0x3, 0x80, 0x7f, 0x4, 0x4, 0x1, 0x8, 0x5b6}) r5 = accept$alg(r2, 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000380)={0x0, 0x8f}, &(0x7f00000003c0)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000400)={r6, 0x8000, 0x5, 0xcae, 0x2a, 0xae}, 0x14) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000180)={0x1, 0x0, [{0x8, 0x5, 0x0, 0x0, @msi={0x7f, 0x400, 0x5}}]}) write$binfmt_script(r5, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r5, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000440)=0x5, 0x4) sendmsg$nl_crypto(r4, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=@get={0xf8, 0x13, 0x800, 0x70bd25, 0x25dfdbfb, {{'morus1280-generic\x00'}, [], [], 0x400, 0x400}, [{0x8, 0x1, 0x4}, {0x8, 0x1, 0x100}, {0x8, 0x1, 0x9}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4}, 0x50) [ 1186.630209] Bluetooth: hci0 command 0x1003 tx timeout [ 1186.635543] Bluetooth: hci0 sending frame failed (-49) [ 1186.870325] Bluetooth: hci1 command 0x1003 tx timeout [ 1186.875711] Bluetooth: hci1 sending frame failed (-49) [ 1188.710639] Bluetooth: hci0 command 0x1001 tx timeout [ 1188.716002] Bluetooth: hci0 sending frame failed (-49) [ 1188.950394] Bluetooth: hci1 command 0x1001 tx timeout [ 1188.955760] Bluetooth: hci1 sending frame failed (-49) [ 1190.790235] Bluetooth: hci0 command 0x1009 tx timeout [ 1191.030262] Bluetooth: hci1 command 0x1009 tx timeout 13:30:43 executing program 5 (fault-call:4 fault-nth:45): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:30:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) fstat(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@ipv4_newrule={0x54, 0x20, 0x2, 0x70bd2d, 0x25dfdbfc, {0x2, 0x10, 0x10, 0x9, 0x7fffffff, 0x0, 0x0, 0x0, 0x10000}, [@FRA_FLOW={0x8, 0xb, 0x78c9}, @FRA_DST={0x8, 0x1, @multicast1}, @FRA_FLOW={0x8, 0xb, 0x7}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x8, 0x16, 0x2e}, @FRA_GENERIC_POLICY=@FRA_UID_RANGE={0xc, 0x14, {r1, r2}}, @FRA_FLOW={0x8, 0xb, 0x80000000}]}, 0xfffffed1}, 0x1, 0x0, 0x0, 0x810}, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead) 13:30:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:30:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) fcntl$getown(r1, 0x9) r2 = getpgrp(0xffffffffffffffff) r3 = getpgrp(r2) ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f0000000000)=r3) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x21}, 0x1c) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) bind$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:30:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) times(&(0x7f0000000000)) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha1\x00'}, 0x58) 13:30:43 executing program 3: socket(0xa, 0x2, 0x0) syz_open_dev$usb(0x0, 0x400, 0x40000) syz_open_dev$evdev(0x0, 0x0, 0x80400) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0xb69, 0x2081) write$UHID_INPUT(r0, 0x0, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f00000000c0)) pwrite64(r0, &(0x7f0000000280)="aa8a54d4000b07087e6d0a92ead1fd631c49a531166854e12cda57ee2cdb80d17ba263b03104a3787a16f6e506128ad09559556b223d747921d7", 0x3a, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000140)={0x0, 0x0, 0x0}) sched_yield() syz_genetlink_get_family_id$SEG6(0x0) [ 1195.430933] Bluetooth: Unknown HCI packet type 5e [ 1195.436429] Bluetooth: Unknown HCI packet type 43 [ 1195.439467] FAULT_INJECTION: forcing a failure. [ 1195.439467] name failslab, interval 1, probability 0, space 0, times 0 13:30:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) accept$nfc_llcp(r2, &(0x7f0000000100), &(0x7f00000000c0)=0xffffffffffffff25) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1195.473208] CPU: 1 PID: 22512 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1195.480363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1195.480369] Call Trace: [ 1195.480395] dump_stack+0x138/0x19c [ 1195.480411] should_fail.cold+0x10f/0x159 [ 1195.480426] should_failslab+0xdb/0x130 [ 1195.480441] kmem_cache_alloc_node_trace+0x280/0x770 [ 1195.480451] ? vsnprintf+0x290/0x1560 [ 1195.480467] __kmalloc_node_track_caller+0x3d/0x80 [ 1195.480480] devm_kmalloc+0x62/0x170 [ 1195.480489] devm_kvasprintf+0xaf/0x100 [ 1195.480499] ? devm_kmemdup+0x60/0x60 [ 1195.480514] ? mark_held_locks+0xb1/0x100 [ 1195.480523] devm_kasprintf+0xa5/0xd0 [ 1195.480531] ? devm_kvasprintf+0x100/0x100 [ 1195.480542] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1195.480552] ? devres_add+0x40/0x50 [ 1195.480582] hci_leds_init+0xb1/0x1b0 [ 1195.480594] hci_register_dev+0x2ee/0x810 [ 1195.480602] ? __raw_spin_lock_init+0x2d/0x100 [ 1195.480616] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1195.480628] tty_ioctl+0x8f7/0x1320 13:30:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x101100, 0x0) ioctl$TCSETXF(r1, 0x5434, &(0x7f0000000140)={0x5, 0x6, [0x2, 0x10001, 0x1, 0x5, 0x1], 0x5}) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4040, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept4$ax25(r1, &(0x7f0000000180)={{}, [@rose, @null, @netrom, @null, @netrom, @default, @bcast, @netrom]}, &(0x7f0000000200)=0x48, 0x800) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f0000000040)=""/167, 0xa7}], 0x100000000000006f}}], 0x1, 0x0, 0x0) [ 1195.480637] ? hci_uart_tty_poll+0x10/0x10 [ 1195.480647] ? tty_vhangup+0x30/0x30 [ 1195.480667] ? __might_sleep+0x93/0xb0 [ 1195.480676] ? __fget+0x210/0x370 [ 1195.480693] ? tty_vhangup+0x30/0x30 [ 1195.500473] do_vfs_ioctl+0x7ae/0x1060 [ 1195.500489] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1195.500501] ? lock_downgrade+0x6e0/0x6e0 [ 1195.500510] ? ioctl_preallocate+0x1c0/0x1c0 [ 1195.500521] ? __fget+0x237/0x370 [ 1195.500536] ? security_file_ioctl+0x89/0xb0 [ 1195.500547] SyS_ioctl+0x8f/0xc0 [ 1195.500555] ? do_vfs_ioctl+0x1060/0x1060 [ 1195.500567] do_syscall_64+0x1e8/0x640 [ 1195.500575] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1195.500589] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1195.500598] RIP: 0033:0x4592c9 [ 1195.500604] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1195.500616] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1195.500621] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1195.500627] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:30:44 executing program 3: 13:30:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x101000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x48, 0x0, &(0x7f0000000040)=[@clear_death, @increfs={0x40046304, 0x1}, @exit_looper, @acquire_done, @dead_binder_done, @exit_looper, @release={0x40046306, 0x2}], 0xbf, 0x0, &(0x7f00000000c0)="d92c60b570cc95abdbb740864e8f58a42e889efd3fc033eb512fa8db5a2eb5b2d3217aa5f598d0e6dc8675576206a5f0fc59375b4b585a1a8745254e6b52d5aa93cd72dd4b898131fd6f1470971b9ddf36fa4377a58b79ee3bc24c600fe91ab0dade6dc5a60301bdf4c0f9600504ad1e9b17007ec7ecd5f1b4af8c5f52a71b02e2f34a30e35afd0cb8122b6b494977fd00f5d3211864c4c44a4cd6db120e7058c795e8ea18db860dd5608036444b6400ec9062d59d6142ea7aba0410720196"}) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f00000001c0)=@generic={0x0, 0x54, 0x1f}) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000200)=ANY=[], 0x0) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1195.500632] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1195.500637] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1195.713362] device nr0 entered promiscuous mode 13:30:44 executing program 3: [ 1195.791887] QAT: Invalid ioctl [ 1195.795950] QAT: Invalid ioctl [ 1195.802810] QAT: Invalid ioctl [ 1195.806885] QAT: Invalid ioctl [ 1197.430080] Bluetooth: hci0 command 0x1003 tx timeout [ 1197.435430] Bluetooth: hci0 sending frame failed (-49) [ 1197.750201] Bluetooth: hci1 command 0x1003 tx timeout [ 1197.755561] Bluetooth: hci1 sending frame failed (-49) [ 1199.510221] Bluetooth: hci0 command 0x1001 tx timeout [ 1199.515601] Bluetooth: hci0 sending frame failed (-49) [ 1199.830223] Bluetooth: hci1 command 0x1001 tx timeout [ 1199.835639] Bluetooth: hci1 sending frame failed (-49) [ 1201.590167] Bluetooth: hci0 command 0x1009 tx timeout [ 1201.910180] Bluetooth: hci1 command 0x1009 tx timeout 13:30:54 executing program 5 (fault-call:4 fault-nth:46): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:30:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:30:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) accept4(r1, 0x0, &(0x7f0000000000), 0x80800) 13:30:54 executing program 3: 13:30:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:30:54 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="76000000000111dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:30:54 executing program 3: 13:30:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000040)) r2 = accept$alg(r0, 0x0, 0x0) r3 = msgget$private(0x0, 0xa2) msgctl$MSG_STAT(r3, 0xb, &(0x7f0000000080)=""/29) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1206.305355] Bluetooth: Unknown HCI packet type 5e [ 1206.313982] Bluetooth: Unknown HCI packet type 43 [ 1206.338381] FAULT_INJECTION: forcing a failure. [ 1206.338381] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.369257] CPU: 1 PID: 22553 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1206.376438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1206.385828] Call Trace: [ 1206.388461] dump_stack+0x138/0x19c [ 1206.392128] should_fail.cold+0x10f/0x159 [ 1206.396303] should_failslab+0xdb/0x130 [ 1206.400306] kmem_cache_alloc_node_trace+0x280/0x770 [ 1206.405444] ? vsnprintf+0x290/0x1560 [ 1206.409293] __kmalloc_node_track_caller+0x3d/0x80 [ 1206.414328] devm_kmalloc+0x62/0x170 13:30:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) [ 1206.414341] devm_kvasprintf+0xaf/0x100 [ 1206.422050] ? devm_kmemdup+0x60/0x60 [ 1206.425878] ? mark_held_locks+0xb1/0x100 [ 1206.430048] devm_kasprintf+0xa5/0xd0 [ 1206.433871] ? devm_kvasprintf+0x100/0x100 [ 1206.438129] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1206.438142] ? devres_add+0x40/0x50 [ 1206.438157] hci_leds_init+0xb1/0x1b0 [ 1206.438172] hci_register_dev+0x2ee/0x810 [ 1206.438182] ? __raw_spin_lock_init+0x2d/0x100 [ 1206.438197] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1206.438212] tty_ioctl+0x8f7/0x1320 13:30:54 executing program 3: [ 1206.438219] ? hci_uart_tty_poll+0x10/0x10 [ 1206.438228] ? tty_vhangup+0x30/0x30 [ 1206.438247] ? __might_sleep+0x93/0xb0 [ 1206.438256] ? __fget+0x210/0x370 [ 1206.438270] ? tty_vhangup+0x30/0x30 [ 1206.438280] do_vfs_ioctl+0x7ae/0x1060 [ 1206.438292] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1206.438311] ? lock_downgrade+0x6e0/0x6e0 [ 1206.447066] ? ioctl_preallocate+0x1c0/0x1c0 [ 1206.447080] ? __fget+0x237/0x370 [ 1206.447106] ? security_file_ioctl+0x89/0xb0 [ 1206.447118] SyS_ioctl+0x8f/0xc0 13:30:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x0, 0x2) accept$unix(r1, &(0x7f00000000c0), &(0x7f0000000240)=0x6e) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x3) recvfrom$unix(r1, &(0x7f0000000180)=""/48, 0x30, 0x40000000, 0x0, 0x0) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) ioctl$VIDIOC_G_TUNER(r1, 0xc054561d, &(0x7f00000001c0)={0xfffffffffffffffc, "8a1479843f4ace07991e853a660492a4f7e92028cf0c1dc6bde4c1bab4a595e4", 0x7, 0x12, 0x1, 0x8, 0x4, 0x3, 0x5, 0x9f}) [ 1206.447128] ? do_vfs_ioctl+0x1060/0x1060 [ 1206.447141] do_syscall_64+0x1e8/0x640 [ 1206.447150] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1206.447165] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1206.447173] RIP: 0033:0x4592c9 [ 1206.447178] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1206.447189] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1206.447195] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1206.447200] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1206.447205] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1206.447211] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1206.530401] Bluetooth: Unknown HCI packet type 5e [ 1206.554820] Bluetooth: Unknown HCI packet type 43 [ 1206.573994] Bluetooth: Unknown HCI packet type 5e [ 1206.585248] Bluetooth: Unknown HCI packet type 50 13:30:55 executing program 3: [ 1206.622528] Bluetooth: Unknown HCI packet type 5e [ 1206.628670] Bluetooth: Unknown HCI packet type 40 [ 1208.310193] Bluetooth: hci0 command 0x1003 tx timeout [ 1208.315539] Bluetooth: hci0 sending frame failed (-49) [ 1208.550225] Bluetooth: hci1 command 0x1003 tx timeout [ 1208.555580] Bluetooth: hci1 sending frame failed (-49) [ 1210.390262] Bluetooth: hci0 command 0x1001 tx timeout [ 1210.395624] Bluetooth: hci0 sending frame failed (-49) [ 1210.630263] Bluetooth: hci1 command 0x1001 tx timeout [ 1210.635649] Bluetooth: hci1 sending frame failed (-49) [ 1212.470241] Bluetooth: hci0 command 0x1009 tx timeout [ 1212.710215] Bluetooth: hci1 command 0x1009 tx timeout 13:31:05 executing program 5 (fault-call:4 fault-nth:47): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:31:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x20000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000040)={{0xffffffffffffffff, 0x1, 0x1000, 0x0, 0x4}, 0x8, 0x0, 0x8}) bind$alg(r0, &(0x7f0000000b40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0xa7}], 0x1}}], 0x1, 0x0, 0x0) 13:31:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x0, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:05 executing program 3: mprotect(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) select(0x40, &(0x7f0000000000), 0x0, 0x0, 0x0) clock_nanosleep(0x0, 0x0, 0x0, &(0x7f0000000080)) 13:31:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:31:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:05 executing program 1: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x0, 0x0) fcntl$getownex(r0, 0x10, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) eventfd(0xfbd6) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 1217.176391] Bluetooth: Unknown HCI packet type 5e [ 1217.182325] Bluetooth: Unknown HCI packet type 43 [ 1217.202773] FAULT_INJECTION: forcing a failure. [ 1217.202773] name failslab, interval 1, probability 0, space 0, times 0 [ 1217.221652] CPU: 0 PID: 22590 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1217.228798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1217.238181] Call Trace: [ 1217.240785] dump_stack+0x138/0x19c [ 1217.240806] should_fail.cold+0x10f/0x159 [ 1217.240825] should_failslab+0xdb/0x130 [ 1217.240841] kmem_cache_alloc_node_trace+0x280/0x770 [ 1217.240858] ? mark_held_locks+0xb1/0x100 [ 1217.240884] __kmalloc_node_track_caller+0x3d/0x80 [ 1217.240900] ? led_trigger_unregister+0x2e0/0x2e0 [ 1217.240919] __devres_alloc_node+0x39/0x120 [ 1217.252663] devm_led_trigger_register+0x36/0xc0 [ 1217.252677] hci_leds_init+0xe8/0x1b0 [ 1217.252690] hci_register_dev+0x2ee/0x810 [ 1217.252702] ? __raw_spin_lock_init+0x2d/0x100 [ 1217.252727] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1217.261996] tty_ioctl+0x8f7/0x1320 [ 1217.262008] ? hci_uart_tty_poll+0x10/0x10 [ 1217.262019] ? tty_vhangup+0x30/0x30 [ 1217.262038] ? __might_sleep+0x93/0xb0 [ 1217.262047] ? __fget+0x210/0x370 [ 1217.262064] ? tty_vhangup+0x30/0x30 [ 1217.262074] do_vfs_ioctl+0x7ae/0x1060 [ 1217.262087] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1217.262098] ? lock_downgrade+0x6e0/0x6e0 [ 1217.262113] ? ioctl_preallocate+0x1c0/0x1c0 [ 1217.271883] ? __fget+0x237/0x370 [ 1217.271901] ? security_file_ioctl+0x89/0xb0 [ 1217.271914] SyS_ioctl+0x8f/0xc0 [ 1217.271924] ? do_vfs_ioctl+0x1060/0x1060 [ 1217.271939] do_syscall_64+0x1e8/0x640 [ 1217.271956] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1217.281044] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1217.281054] RIP: 0033:0x4592c9 13:31:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1217.281060] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1217.281072] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1217.281078] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1217.281082] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1217.281088] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1217.281093] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1217.375143] Bluetooth: Unknown HCI packet type 5e 13:31:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x0, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1219.190253] Bluetooth: hci0 command 0x1003 tx timeout [ 1219.195706] Bluetooth: hci0 sending frame failed (-49) [ 1219.430241] Bluetooth: hci1 command 0x1003 tx timeout [ 1219.435592] Bluetooth: hci1 sending frame failed (-49) [ 1221.270245] Bluetooth: hci0 command 0x1001 tx timeout [ 1221.275742] Bluetooth: hci0 sending frame failed (-49) [ 1221.510145] Bluetooth: hci1 command 0x1001 tx timeout [ 1221.515785] Bluetooth: hci1 sending frame failed (-49) [ 1223.350256] Bluetooth: hci0 command 0x1009 tx timeout [ 1223.590256] Bluetooth: hci1 command 0x1009 tx timeout 13:31:16 executing program 5 (fault-call:4 fault-nth:48): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:31:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:16 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x0, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:16 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000005dc0)='(', 0x1) close(r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r2, 0x11, 0x200001000000067, &(0x7f0000000280)=0x98, 0x4) bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10000, 0x4) 13:31:16 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000000019, &(0x7f0000000180)=0x4001, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @empty}, 0x1c) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2000) 13:31:16 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:31:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x14, 0x4000000000002, 0x2, 0xffffffffffffffff}, 0x14}}, 0x0) [ 1228.058633] FAULT_INJECTION: forcing a failure. [ 1228.058633] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.072799] CPU: 1 PID: 22632 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1228.079924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1228.089830] Call Trace: [ 1228.092520] dump_stack+0x138/0x19c [ 1228.096189] should_fail.cold+0x10f/0x159 [ 1228.100339] should_failslab+0xdb/0x130 [ 1228.104337] __kmalloc_track_caller+0x2ec/0x790 13:31:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) ptrace$setregs(0xf, 0x0, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1228.104351] ? pointer+0xb10/0xb10 [ 1228.112571] ? lock_acquire+0x16f/0x430 [ 1228.116643] ? rfkill_register+0x3a/0xb20 [ 1228.120794] ? kvasprintf_const+0x5a/0x170 [ 1228.120806] kvasprintf+0xa7/0x110 [ 1228.120813] ? bust_spinlocks+0xc0/0xc0 [ 1228.120826] ? __mutex_lock+0x36a/0x1470 [ 1228.120835] ? rfkill_register+0x3a/0xb20 [ 1228.120848] kvasprintf_const+0x5a/0x170 [ 1228.128865] kobject_set_name_vargs+0x5b/0x150 [ 1228.128879] dev_set_name+0xa4/0xc0 [ 1228.128885] ? device_initialize+0x430/0x430 13:31:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r1, &(0x7f0000000000)=[{{0x77359400}, 0x1, 0x5a, 0x2}], 0x7200) poll(&(0x7f0000000080)=[{r1}, {r0, 0x4000}, {r1}], 0x3, 0x0) fchmod(r1, 0x0) 13:31:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1228.128896] ? __init_waitqueue_head+0x36/0x90 [ 1228.128907] rfkill_register+0xe5/0xb20 [ 1228.128917] hci_register_dev+0x34b/0x810 [ 1228.128928] ? __raw_spin_lock_init+0x2d/0x100 [ 1228.128940] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1228.128950] tty_ioctl+0x8f7/0x1320 [ 1228.128962] ? hci_uart_tty_poll+0x10/0x10 [ 1228.150096] ? tty_vhangup+0x30/0x30 [ 1228.150111] ? __might_sleep+0x93/0xb0 [ 1228.150119] ? __fget+0x210/0x370 [ 1228.150127] ? tty_vhangup+0x30/0x30 [ 1228.150135] do_vfs_ioctl+0x7ae/0x1060 [ 1228.150145] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1228.150154] ? lock_downgrade+0x6e0/0x6e0 [ 1228.150160] ? ioctl_preallocate+0x1c0/0x1c0 [ 1228.150166] ? __fget+0x237/0x370 [ 1228.150177] ? security_file_ioctl+0x89/0xb0 [ 1228.150184] SyS_ioctl+0x8f/0xc0 [ 1228.150188] ? do_vfs_ioctl+0x1060/0x1060 [ 1228.150197] do_syscall_64+0x1e8/0x640 [ 1228.150203] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1228.150213] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1228.150219] RIP: 0033:0x4592c9 [ 1228.150222] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1228.150229] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1228.150233] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1228.150236] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1228.150240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1228.150243] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1228.187342] Bluetooth: Unknown HCI packet type 5e 13:31:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1228.198145] Bluetooth: Unknown HCI packet type 43 [ 1228.205279] Bluetooth: Unknown HCI packet type 5e [ 1228.210914] Bluetooth: Unknown HCI packet type 50 [ 1228.246945] Bluetooth: Unknown HCI packet type 5e [ 1228.283455] Bluetooth: Unknown HCI packet type 40 [ 1228.346019] device nr0 entered promiscuous mode [ 1230.070304] Bluetooth: hci0 command 0x1003 tx timeout [ 1230.076073] Bluetooth: hci0 sending frame failed (-49) [ 1230.230222] Bluetooth: hci1 command 0x1003 tx timeout [ 1230.236050] Bluetooth: hci1 sending frame failed (-49) [ 1232.150200] Bluetooth: hci0 command 0x1001 tx timeout [ 1232.155649] Bluetooth: hci0 sending frame failed (-49) [ 1232.310200] Bluetooth: hci1 command 0x1001 tx timeout [ 1232.315586] Bluetooth: hci1 sending frame failed (-49) [ 1234.230200] Bluetooth: hci0 command 0x1009 tx timeout [ 1234.390182] Bluetooth: hci1 command 0x1009 tx timeout 13:31:26 executing program 5 (fault-call:4 fault-nth:49): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:31:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:26 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x0, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:26 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000280)=0x400) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r3 = socket(0x11, 0x80002, 0x0) bind$packet(r3, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000600)={0x7, 0xa46, &(0x7f00000004c0)="171d041aaabdb5d4463d028029f72196031f4825bbca18ace9c05d2e7ff5f7acac5947a0dddd3960fef8553860e3915c74d6cc5091bdff1a4ba521e24999bab8ea15a7904711668738f29391ef1fe360ac56b9773cfacf44d7365a673bb492578e33dfc1e2aaa04b13", &(0x7f0000000540)="604966fe3b1b5531bcda4e260ec4883d3bd047807173c1fc1cee12b18a509e6a9682517c61b4637cbc8d9d6531352ea895becb7298baee020a042ee1627f5a1179f7b8c5e23d6a3796c21015a4b8344feb1ff45303eaddc6b766f22817db3da9a502960669ef55f9d4a8874506f48f337398e4dc1d27dadd175e80b5f406ecaf72567d2b733333683d94af96d9f062e3bcbfc38e9bffdb5770a7a520376206", 0x69, 0x9f}) setsockopt(r3, 0x107, 0x5, &(0x7f0000001000), 0xc5) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r1, 0x0, 0x2, &(0x7f0000000140)='\xd1\x00', 0xffffffffffffffff}, 0x30) tkill(r4, 0x15) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f00000000c0)={0x9, 0x3, 0x6, {}, 0x31ef, 0x1f}) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e20, 0x4, @rand_addr="2ff38b822a92465cd1ff736f753ee70b", 0x7}}, 0xc65, 0x2, 0xb883, 0xaba4, 0x8}, &(0x7f00000003c0)=0x98) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000840)=ANY=[@ANYRES32=r5, @ANYBLOB="37000003fe4dc8b3cc2f901487a7729379a2fc41d67b2b110ac117483bf81f24660bf4bb7571f3b5ed05658c57d159b88ced56b6a7926bca669c92cab949000000000000000000008e9574d34aebfab233044c25ba4f99ba2e6826e58c8c719f927fa158c50275916ee7acd27b72cffb09000000000000007e0161c6f222eb5e44641c63bb22ab7eb1361142e2ecd05c466a0e15f9d3ac000000000000000000000000a0d1210c2b21035c788f2d4b375b4b6a1b3d88f8f8123e6bd001bc02a09cdd3ec748f11e542ff91e2ddbd0fce760a0c0fc789e44ea0b3035282c284cc6c1556c431dc62d1191532405a0ed4490d2e7fcee8cf9f2970eee3de6c69bdc2853154f0dc7782d1a4540e25279fbcb9e9d7202241ad8daa950b36a5120f94b2aee9326f2d2b0f37d644b2ec093f31d817d22f91d694bc8a09db35e667a834f64ea4b77877e8d3af016a9943f50596bcb78057b70afd8bfa481679c8db2444182d17f36feac047c4607c83c94eeca5913b3236105fdfa0281ceac8120fdadb5a8db19764c0d98d4790e48c853409854e34567c23f91a3efdae20a496ee77fc869d2f76f7d77ade5a85766925db7eecf1d612af8e37c8fd2ae03eae355a2b387a48eddb043"], &(0x7f0000000440)=0x3f) pwrite64(r3, &(0x7f00000001c0)="dc6660918dfaf7f3fce58976852dcddba001e5dd90f21df560ceda793348c2876af0e7cadf9dbe4ee91d54e5a35a86b440843c516a7784f90e6b7db1b3e7da6967d1a757e4ce8e430fb08620e9af3057f2a1c41f65047d3b3586c9401ffdf9f2e6516dcffc96cf489cb919a04876b04b91a44cdddde4712890bc5fcdd665eb28749362772637de9f6c71b2c68433f441ffc0d835", 0x94, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000002c0)=0x8000, 0x4) getsockopt$llc_int(r3, 0x10c, 0x2, &(0x7f0000000000), &(0x7f0000000080)=0x4) 13:31:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1238.297747] FAULT_INJECTION: forcing a failure. [ 1238.297747] name failslab, interval 1, probability 0, space 0, times 0 [ 1238.322851] CPU: 0 PID: 22665 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1238.325540] Bluetooth: Unknown HCI packet type 5e [ 1238.330213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1238.330217] Call Trace: [ 1238.330233] dump_stack+0x138/0x19c [ 1238.330245] should_fail.cold+0x10f/0x159 [ 1238.330254] should_failslab+0xdb/0x130 [ 1238.330263] kmem_cache_alloc_node_trace+0x280/0x770 [ 1238.330270] ? vsnprintf+0x290/0x1560 [ 1238.330279] __kmalloc_node_track_caller+0x3d/0x80 [ 1238.330288] devm_kmalloc+0x62/0x170 [ 1238.330294] devm_kvasprintf+0xaf/0x100 [ 1238.330300] ? devm_kmemdup+0x60/0x60 [ 1238.330310] ? mark_held_locks+0xb1/0x100 [ 1238.330316] devm_kasprintf+0xa5/0xd0 [ 1238.330321] ? devm_kvasprintf+0x100/0x100 [ 1238.330333] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1238.335753] Bluetooth: Unknown HCI packet type 43 [ 1238.344757] ? devres_add+0x40/0x50 [ 1238.344771] hci_leds_init+0xb1/0x1b0 [ 1238.344780] hci_register_dev+0x2ee/0x810 [ 1238.344787] ? __raw_spin_lock_init+0x2d/0x100 [ 1238.344797] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1238.344806] tty_ioctl+0x8f7/0x1320 [ 1238.344811] ? hci_uart_tty_poll+0x10/0x10 [ 1238.344817] ? tty_vhangup+0x30/0x30 [ 1238.344827] ? __might_sleep+0x93/0xb0 [ 1238.344834] ? __fget+0x210/0x370 [ 1238.344842] ? tty_vhangup+0x30/0x30 [ 1238.344849] do_vfs_ioctl+0x7ae/0x1060 [ 1238.344857] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1238.344864] ? lock_downgrade+0x6e0/0x6e0 [ 1238.344869] ? ioctl_preallocate+0x1c0/0x1c0 [ 1238.344875] ? __fget+0x237/0x370 [ 1238.344885] ? security_file_ioctl+0x89/0xb0 [ 1238.344892] SyS_ioctl+0x8f/0xc0 [ 1238.344896] ? do_vfs_ioctl+0x1060/0x1060 [ 1238.344909] do_syscall_64+0x1e8/0x640 [ 1238.356323] Bluetooth: Unknown HCI packet type 5e [ 1238.359557] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1238.359571] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1238.359578] RIP: 0033:0x4592c9 [ 1238.359586] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 [ 1238.367088] Bluetooth: Unknown HCI packet type 50 [ 1238.368760] ORIG_RAX: 0000000000000010 [ 1238.368766] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1238.368769] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1238.368772] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1238.368776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1238.368779] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1238.435219] Bluetooth: Unknown HCI packet type 5e [ 1238.446501] Bluetooth: Unknown HCI packet type 43 [ 1238.452472] Bluetooth: Unknown HCI packet type 5e [ 1238.459199] Bluetooth: Unknown HCI packet type 50 [ 1238.471271] Bluetooth: Unknown HCI packet type 5e [ 1238.476419] Bluetooth: Unknown HCI packet type 40 13:31:27 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x205, 0x800000002009) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000040)={0x0, 0x6, [@remote, @random="13d691c68ade", @local, @empty, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, @broadcast]}) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000100)={0x80, 0x20201, 0x0, 0x0, 0x70d000}) 13:31:27 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f00000002c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000a83000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x9) 13:31:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:27 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x2000000000000d, &(0x7f00000001c0)=0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001b80)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000001bc0)={0x1d, r2}, 0x10) ioctl$SIOCX25SCAUSEDIAG(r0, 0x89ec, &(0x7f0000000040)={0xffffffffffffff81, 0x8}) io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000)="0400000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f00000000000000000002000000", 0x38}]) ioctl$sock_netdev_private(r0, 0x89fe, &(0x7f0000000300)="75bf354086a026d28c2bf63482daf56b993668e8c44644e47af7808bcbc25d021f94bd03737e9bd8582e17fc6ee2eb5f12695a2b3f4d40f17be2abb873560e697c9232573b6a297e95f0c302a0c2bf6b5ac07c09bdea9469bc93d377af5be8017eb112865fc91bfb18f4014e306432fbce408e49b3e1faaf691b1118608164b234d9deb504e861035d04148f085ba5dcd6407ccec4d50ba63003dc936fd2dbd4daf59ba5ce025b821c0d7c17046ebf7eee684075085e7ae4c881fd12e627238a061bcfdd2a9e7607e953cb25ef0a88ec6047c3d8e4be521deec98b4680") r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0) recvfrom$netrom(r3, &(0x7f0000000140)=""/42, 0x2a, 0x40, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000200)="971b263e12ea63c5a2e82e23ad72531c8b31278b19783d1cbdd69ea8e0fe6243642b2227178c6dcb31c38b1e740cff56687bc56ae2ef703dc2f3849f53c783443df007aa7f311aabd8ae2f3867eb5b83b24656f4f355440b5ae42aefe754f646c56b196630ff7b14da5b4dd4f450b76c5f650a1e48abdf884bb9df79e0bd99f11ab3ccbbd61b6292a76b13e7f4143cc04e7006c2966e7e3c3d20e530c325ba6dabf0097102e2861e2d211db32bb57a1e5f159ea11dc370037ffdf729b3c7e88a8a1458e7b2ae4976249eb0205141c1605b885d3ba7a2634649110f4f2f0b74e993f9a60968a3e31bfb8611127861be21e7d40e76f9c04d2fac6c2cdd4b587f92") 13:31:27 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = getpgid(0x0) r2 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x7, 0x202) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0xa, &(0x7f0000000100)='\'}ppp1+,^\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r1, r2, 0x0, 0x12, &(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', r3}, 0x30) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x80004e23, @loopback}, 0xffffff8e) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000000280)={{0x0, 0x0, 0x4, 0x0, 'syz1\x00', 0x100000001}, 0x1, [0x8, 0x4, 0x4d82, 0x0, 0x1f, 0xc8b0, 0x20, 0x582, 0x0, 0x8, 0x7f, 0xffffffffffff8001, 0x4, 0x800, 0x8, 0x100000000, 0x1000, 0x5, 0x40, 0x3, 0x5, 0x1e, 0x9, 0x1, 0x0, 0x929, 0x4, 0x3f, 0x4, 0x9a23, 0x0, 0x5, 0x2, 0x1, 0x6935ad3f, 0x0, 0x8, 0x100, 0x7, 0x9, 0x40, 0x7ff, 0x7, 0x6f, 0xfffffffffffffffa, 0xf9, 0x7fff, 0x1, 0xffff, 0x40, 0x20000000000, 0x3, 0xffffffffffffffe0, 0x6, 0x81, 0x1, 0x3f, 0x0, 0x1, 0x0, 0x3f, 0x80000000, 0x4, 0xffff, 0x5, 0x8, 0xc8, 0xff, 0x200, 0x0, 0x3, 0x800, 0xb3, 0x6c8, 0xd6, 0x7, 0x1, 0x9, 0x8, 0x3, 0x4, 0x9, 0x0, 0xfffffffffffffffa, 0x964, 0x100000000, 0x1, 0x3, 0xd1, 0x3, 0x0, 0x4, 0xffff, 0x8000, 0x9, 0xfffffffffffffffb, 0x1, 0x6, 0x100000000, 0x7f, 0xfffffffffffffffd, 0x101, 0x5, 0x3, 0x81, 0x5, 0x4, 0x3, 0x1, 0x6, 0xd2, 0x9, 0xff, 0x6, 0x7ff, 0x7, 0x3, 0x23, 0x800, 0x2, 0x59b8, 0x8, 0x2, 0xc6, 0x37f, 0x9b5, 0x86, 0x7], {0x0, 0x989680}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f00000089c0), 0x4000000000001e4, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x8ef8, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, &(0x7f0000000240)) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000007c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000880)={&(0x7f0000000980)=ANY=[@ANYBLOB="68000079e1d308570d5032e9878b92197d78d097e45d45427497dc338d789b35b6145e34789438e3497936a8fb47a72d672e10f366c906c9948927b5ee6e7321ae85b4515a7a394074a20df910cb70dea8e664f823dfba4c9ce1b83dcb51c878b87da363f94447becc8743e4387f0a8f7ac16b0f40172ad160bcaaf553f7a341a4e4ca7fafefd78eaaf734e495f08c82392d051c11dfb2ee28bec95f1f47add1e34e84156d226863a61c200e83aaf7eacb3994ed803b4dbcb597ab02b3a487706a4c4564e7e157b68a74fa3b60e98e24c015ff1b7c5316bd79a3f25e69661c82761cb5f272cfff583f7400582c3b28", @ANYRES16=r4, @ANYBLOB="080c01000000fedbdf25010000000000000009410000004c00180000000173797a3100"/98], 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 13:31:27 executing program 1: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000100)) [ 1240.390140] Bluetooth: hci1 command 0x1003 tx timeout [ 1240.395476] Bluetooth: hci1 sending frame failed (-49) [ 1240.470180] Bluetooth: hci0 command 0x1003 tx timeout [ 1240.475583] Bluetooth: hci0 sending frame failed (-49) [ 1242.470234] Bluetooth: hci1 command 0x1001 tx timeout [ 1242.475563] Bluetooth: hci1 sending frame failed (-49) [ 1242.550233] Bluetooth: hci0 command 0x1001 tx timeout [ 1242.555564] Bluetooth: hci0 sending frame failed (-49) [ 1244.550291] Bluetooth: hci1 command 0x1009 tx timeout [ 1244.630262] Bluetooth: hci0 command 0x1009 tx timeout 13:31:36 executing program 5 (fault-call:4 fault-nth:50): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:31:36 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:36 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x10000, 0x0) getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f0000000140)=0xfffffffffffffff7, &(0x7f0000000180)=0x4) r1 = socket(0x1e, 0x5, 0x0) r2 = socket(0x1e, 0x2, 0x0) bind(r2, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) connect$tipc(r1, &(0x7f0000000000)=@name, 0x10) connect(r1, 0x0, 0x0) getsockname(r2, &(0x7f00000001c0)=@tipc=@name, &(0x7f0000000240)=0x80) setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f00000000c0)=0x1, 0x4) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000080)=0xfffffffffffffe02) 13:31:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:36 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x34, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @erspan={{0x10, 0x1, 'erspan\x00'}, {0x4}}}]}, 0x34}}, 0x0) fchdir(r0) unlink(&(0x7f0000000100)='./bus\x00') creat(&(0x7f0000000240)='./bus\x00', 0x0) 13:31:36 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x100, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000140)=""/245) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:31:36 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000400)={0x0, {{0x2, 0x0, @dev}}, 0x0, 0x2, [{{0x2, 0x4e22, @multicast1}}, {{0x2, 0x0, @broadcast}}]}, 0x190) [ 1248.557939] FAULT_INJECTION: forcing a failure. [ 1248.557939] name failslab, interval 1, probability 0, space 0, times 0 [ 1248.576226] CPU: 0 PID: 22717 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1248.583372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1248.592731] Call Trace: [ 1248.592755] dump_stack+0x138/0x19c [ 1248.592775] should_fail.cold+0x10f/0x159 [ 1248.603120] should_failslab+0xdb/0x130 [ 1248.603137] __kmalloc+0x2f0/0x7a0 [ 1248.610655] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1248.610670] ? devres_add+0x40/0x50 [ 1248.610681] ? rfkill_alloc+0x9c/0x2a0 [ 1248.610695] rfkill_alloc+0x9c/0x2a0 [ 1248.610710] hci_register_dev+0x308/0x810 [ 1248.610720] ? __raw_spin_lock_init+0x2d/0x100 [ 1248.610734] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1248.610748] tty_ioctl+0x8f7/0x1320 [ 1248.610757] ? hci_uart_tty_poll+0x10/0x10 [ 1248.610767] ? tty_vhangup+0x30/0x30 [ 1248.610788] ? __might_sleep+0x93/0xb0 [ 1248.610798] ? __fget+0x210/0x370 [ 1248.610814] ? tty_vhangup+0x30/0x30 [ 1248.610824] do_vfs_ioctl+0x7ae/0x1060 [ 1248.610837] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1248.610848] ? lock_downgrade+0x6e0/0x6e0 [ 1248.610860] ? ioctl_preallocate+0x1c0/0x1c0 [ 1248.610872] ? __fget+0x237/0x370 [ 1248.610889] ? security_file_ioctl+0x89/0xb0 [ 1248.610902] SyS_ioctl+0x8f/0xc0 [ 1248.610912] ? do_vfs_ioctl+0x1060/0x1060 [ 1248.610925] do_syscall_64+0x1e8/0x640 [ 1248.610934] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1248.610949] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1248.610957] RIP: 0033:0x4592c9 [ 1248.610962] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1248.610973] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1248.610978] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1248.610984] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1248.610990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 13:31:37 executing program 1: [ 1248.610996] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1248.625508] Bluetooth: Unknown HCI packet type 5e [ 1248.642517] Bluetooth: Unknown HCI packet type 43 [ 1248.655400] Bluetooth: Unknown HCI packet type 5e [ 1248.696440] Bluetooth: Unknown HCI packet type 50 [ 1248.714882] Bluetooth: Unknown HCI packet type 5e [ 1248.772685] Bluetooth: Unknown HCI packet type 40 [ 1248.800419] Bluetooth: Unknown HCI packet type 5e 13:31:37 executing program 1: 13:31:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1248.811499] Bluetooth: Unknown HCI packet type 43 [ 1248.816897] Bluetooth: Unknown HCI packet type 5e [ 1248.822054] Bluetooth: Unknown HCI packet type 50 [ 1248.827071] Bluetooth: Unknown HCI packet type 5e [ 1248.832175] Bluetooth: Unknown HCI packet type 40 13:31:37 executing program 1: 13:31:37 executing program 1: [ 1250.640317] Bluetooth: hci0 command 0x1003 tx timeout [ 1250.646872] Bluetooth: hci0 sending frame failed (-49) [ 1250.870163] Bluetooth: hci1 command 0x1003 tx timeout [ 1250.875683] Bluetooth: hci1 sending frame failed (-49) [ 1252.710240] Bluetooth: hci0 command 0x1001 tx timeout [ 1252.715558] Bluetooth: hci0 sending frame failed (-49) [ 1252.950188] Bluetooth: hci1 command 0x1001 tx timeout [ 1252.955652] Bluetooth: hci1 sending frame failed (-49) [ 1254.790317] Bluetooth: hci0 command 0x1009 tx timeout [ 1255.030138] Bluetooth: hci1 command 0x1009 tx timeout 13:31:47 executing program 5 (fault-call:4 fault-nth:51): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:31:47 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(0xffffffffffffffff, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:47 executing program 1: 13:31:47 executing program 3: [ 1258.806309] FAULT_INJECTION: forcing a failure. [ 1258.806309] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.818994] CPU: 0 PID: 22750 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1258.826201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1258.835559] Call Trace: [ 1258.835582] dump_stack+0x138/0x19c [ 1258.835602] should_fail.cold+0x10f/0x159 [ 1258.835620] should_failslab+0xdb/0x130 [ 1258.835637] __kmalloc_track_caller+0x2ec/0x790 [ 1258.835650] ? __down_trylock_console_sem+0x41/0x200 [ 1258.835666] ? kstrdup_const+0x48/0x60 [ 1258.835681] kstrdup+0x3a/0x70 [ 1258.835695] kstrdup_const+0x48/0x60 [ 1258.835710] __kernfs_new_node+0x2f/0x420 [ 1258.835721] ? vprintk_func+0x65/0x159 [ 1258.835737] kernfs_new_node+0x80/0xf0 [ 1258.835752] kernfs_create_dir_ns+0x41/0x140 [ 1258.835767] sysfs_create_dir_ns+0xbe/0x1d0 [ 1258.835781] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1258.835797] kobject_add+0x11f/0x180 [ 1258.835808] ? kset_create_and_add+0x180/0x180 [ 1258.835830] ? __raw_spin_lock_init+0x2d/0x100 [ 1258.846338] ? refcount_inc_not_zero+0x88/0xe0 [ 1258.846349] ? klist_init+0x71/0xe0 [ 1258.846365] device_add+0x383/0x1490 [ 1258.846378] ? device_initialize+0x430/0x430 [ 1258.846391] ? device_private_init+0x190/0x190 [ 1258.846407] rfkill_register+0x19c/0xb20 [ 1258.855239] hci_register_dev+0x34b/0x810 [ 1258.855250] ? __raw_spin_lock_init+0x2d/0x100 [ 1258.855267] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1258.855282] tty_ioctl+0x8f7/0x1320 [ 1258.855291] ? hci_uart_tty_poll+0x10/0x10 [ 1258.855307] ? tty_vhangup+0x30/0x30 [ 1258.864299] ? __might_sleep+0x93/0xb0 [ 1258.871266] ? __fget+0x210/0x370 [ 1258.871286] ? tty_vhangup+0x30/0x30 [ 1258.871297] do_vfs_ioctl+0x7ae/0x1060 [ 1258.871310] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1258.871320] ? lock_downgrade+0x6e0/0x6e0 [ 1258.871331] ? ioctl_preallocate+0x1c0/0x1c0 [ 1258.871343] ? __fget+0x237/0x370 [ 1258.871360] ? security_file_ioctl+0x89/0xb0 [ 1258.871372] SyS_ioctl+0x8f/0xc0 [ 1258.871382] ? do_vfs_ioctl+0x1060/0x1060 [ 1258.871395] do_syscall_64+0x1e8/0x640 [ 1258.871405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1258.871421] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1258.871430] RIP: 0033:0x4592c9 [ 1258.871436] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1258.871448] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1258.871454] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1258.871460] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1258.871466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1258.871472] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1258.877776] kobject_add_internal failed for rfkill170 (error: -12 parent: hci0) 13:31:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x800000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDDISABIO(r1, 0x4b37) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$sock_bt_cmtp_CMTPCONNADD(r0, 0x400443c8, &(0x7f0000000000)={r0, 0x9}) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:31:47 executing program 1: 13:31:47 executing program 3: 13:31:47 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:47 executing program 1: 13:31:47 executing program 3: 13:31:47 executing program 3: [ 1260.960194] Bluetooth: hci0 command 0x1003 tx timeout [ 1260.965514] Bluetooth: hci0 sending frame failed (-49) [ 1261.510142] Bluetooth: hci1 command 0x1003 tx timeout [ 1261.516369] Bluetooth: hci1 sending frame failed (-49) [ 1263.030203] Bluetooth: hci0 command 0x1001 tx timeout [ 1263.035588] Bluetooth: hci0 sending frame failed (-49) [ 1263.590171] Bluetooth: hci1 command 0x1001 tx timeout [ 1263.595649] Bluetooth: hci1 sending frame failed (-49) [ 1265.110245] Bluetooth: hci0 command 0x1009 tx timeout [ 1265.670244] Bluetooth: hci1 command 0x1009 tx timeout 13:31:57 executing program 5 (fault-call:4 fault-nth:52): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:31:57 executing program 1: 13:31:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5075e0bcfec7be070") add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) 13:31:57 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:31:57 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d8") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1269.006637] FAULT_INJECTION: forcing a failure. [ 1269.006637] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.020698] CPU: 1 PID: 22783 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1269.028662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.038865] Call Trace: [ 1269.038888] dump_stack+0x138/0x19c [ 1269.038901] should_fail.cold+0x10f/0x159 [ 1269.038919] should_failslab+0xdb/0x130 [ 1269.054026] __kmalloc_track_caller+0x2ec/0x790 [ 1269.054037] ? __down_trylock_console_sem+0x41/0x200 [ 1269.054045] ? kstrdup_const+0x48/0x60 [ 1269.054052] kstrdup+0x3a/0x70 [ 1269.054058] kstrdup_const+0x48/0x60 [ 1269.054066] __kernfs_new_node+0x2f/0x420 [ 1269.054070] ? vprintk_func+0x65/0x159 [ 1269.054077] kernfs_new_node+0x80/0xf0 [ 1269.054085] kernfs_create_dir_ns+0x41/0x140 [ 1269.054099] sysfs_create_dir_ns+0xbe/0x1d0 [ 1269.065152] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1269.065162] kobject_add+0x11f/0x180 [ 1269.065167] ? kset_create_and_add+0x180/0x180 [ 1269.065176] ? __raw_spin_lock_init+0x2d/0x100 [ 1269.065185] ? refcount_inc_not_zero+0x88/0xe0 [ 1269.065191] ? klist_init+0x71/0xe0 [ 1269.065201] device_add+0x383/0x1490 [ 1269.065208] ? device_initialize+0x430/0x430 [ 1269.065215] ? device_private_init+0x190/0x190 [ 1269.065226] rfkill_register+0x19c/0xb20 [ 1269.065235] hci_register_dev+0x34b/0x810 [ 1269.065240] ? __raw_spin_lock_init+0x2d/0x100 [ 1269.065251] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1269.065261] tty_ioctl+0x8f7/0x1320 [ 1269.065265] ? hci_uart_tty_poll+0x10/0x10 [ 1269.065271] ? tty_vhangup+0x30/0x30 [ 1269.065283] ? __might_sleep+0x93/0xb0 [ 1269.065289] ? __fget+0x210/0x370 [ 1269.065298] ? tty_vhangup+0x30/0x30 [ 1269.065305] do_vfs_ioctl+0x7ae/0x1060 [ 1269.065313] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1269.065321] ? lock_downgrade+0x6e0/0x6e0 [ 1269.065327] ? ioctl_preallocate+0x1c0/0x1c0 [ 1269.065332] ? __fget+0x237/0x370 [ 1269.065343] ? security_file_ioctl+0x89/0xb0 [ 1269.065355] SyS_ioctl+0x8f/0xc0 [ 1269.065362] ? do_vfs_ioctl+0x1060/0x1060 [ 1269.065371] do_syscall_64+0x1e8/0x640 [ 1269.065376] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1269.065385] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1269.065391] RIP: 0033:0x4592c9 [ 1269.065394] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1269.065402] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1269.065405] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1269.065408] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1269.065412] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1269.065415] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1269.067117] kobject_add_internal failed for rfkill172 (error: -12 parent: hci0) 13:31:58 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000000040)=0x1, 0x4) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) sendmsg$inet_sctp(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000ac0)="8ba7ac1d3808c296997d0cd3ad3b8ba6b42d5a872cb7409038e9fad254ef77546690d81343eb93adde85138e", 0x2c}], 0x1}, 0x0) 13:31:58 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = ioctl$TIOCGPTPEER(0xffffffffffffff9c, 0x5441, 0x0) bind$unix(r0, 0x0, 0x0) 13:31:58 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d8") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:31:58 executing program 0: r0 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000100)=0x1c) close(r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) r3 = syz_open_dev$amidi(&(0x7f0000000400)='/dev/amidi#\x00', 0x403, 0x200004) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x410, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8014}, 0x8040) ioctl$CAPI_INSTALLED(r3, 0x80024322) ioctl$KDADDIO(r2, 0x400455c8, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@local}}, &(0x7f0000000340)=0xe8) ioctl$SIOCAX25DELUID(r3, 0x89e2, &(0x7f0000000380)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r5}) ioctl$TIOCSETD(r2, 0x5412, &(0x7f00000003c0)=0x1b) dup(r2) 13:31:58 executing program 1: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x8840000, 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000004400)='./file0\x00', &(0x7f0000004440)) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000000500)={&(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x24002000}, 0xc, &(0x7f0000000040)=[{0x0}], 0x1, &(0x7f00000004c0), 0x0, 0x50}, 0x80) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000004680), 0x0) syz_genetlink_get_family_id$tipc2(0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0) syz_genetlink_get_family_id$tipc2(0x0) tkill(r0, 0x40) wait4(0x0, 0x0, 0x0, 0x0) 13:31:58 executing program 1: clone(0x802102001bfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xe}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1269.701044] Bluetooth: Unknown HCI packet type 1b [ 1269.701788] Bluetooth: Unknown HCI packet type 5e [ 1269.730419] Bluetooth: Unknown HCI packet type 43 [ 1269.735713] Bluetooth: Unknown HCI packet type 5e [ 1269.745746] Bluetooth: Unknown HCI packet type 50 13:31:58 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d8") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1269.753416] Bluetooth: Unknown HCI packet type 5e [ 1269.760487] Bluetooth: Unknown HCI packet type 40 [ 1271.190345] Bluetooth: hci0 command 0x1003 tx timeout [ 1271.197173] Bluetooth: hci0 sending frame failed (-49) [ 1271.750208] Bluetooth: hci1 command 0x1003 tx timeout [ 1271.756783] Bluetooth: hci1 sending frame failed (-49) [ 1273.270299] Bluetooth: hci0 command 0x1001 tx timeout [ 1273.276862] Bluetooth: hci0 sending frame failed (-49) [ 1273.830262] Bluetooth: hci1 command 0x1001 tx timeout [ 1273.836998] Bluetooth: hci1 sending frame failed (-49) [ 1275.350294] Bluetooth: hci0 command 0x1009 tx timeout [ 1275.910176] Bluetooth: hci1 command 0x1009 tx timeout 13:32:07 executing program 5 (fault-call:4 fault-nth:53): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:32:07 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:32:07 executing program 3: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x9, 0x0) r1 = fcntl$getown(r0, 0x9) tkill(r1, 0x16) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x8, 0x7fffffff, 0x200, 0x9, 0x6}) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000080)) r2 = gettid() r3 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x101001, 0x0) ioctl$EVIOCGPROP(r4, 0x80404509, &(0x7f0000000180)=""/27) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') migrate_pages(r2, 0x6, &(0x7f0000000040), &(0x7f0000000100)=0x3) 13:32:07 executing program 1: open$dir(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x20000, 0x10000000002) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x20000, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f00000000c0)={0xa, 0x1, {0x57, 0x9, 0xc75, {0xffffffffffffff81}, {0x1ff, 0x9}, @period={0x5e, 0x0, 0x200, 0x7fff, 0x40, {0xffff, 0x20, 0x40, 0x8000}, 0x4, &(0x7f0000000080)=[0x100000001, 0x4b, 0x1, 0x7]}}, {0x57, 0x25b, 0x7, {0x800, 0x8}, {0x0, 0x8}, @rumble={0xfffffffffffffffa, 0x51b}}}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x1, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="4000000010000000000000001000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e000010000200040012000800130002000000"], 0x275}, 0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x0) 13:32:07 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc580128732") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1279.228727] Unknown ioctl -2143271671 [ 1279.244634] FAULT_INJECTION: forcing a failure. [ 1279.244634] name failslab, interval 1, probability 0, space 0, times 0 [ 1279.256856] CPU: 1 PID: 22828 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1279.263958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1279.273494] Call Trace: [ 1279.276215] dump_stack+0x138/0x19c [ 1279.279974] should_fail.cold+0x10f/0x159 [ 1279.284285] should_failslab+0xdb/0x130 [ 1279.288307] kmem_cache_alloc+0x2d7/0x780 [ 1279.292458] ? memcpy+0x46/0x50 [ 1279.295860] ? kstrdup+0x5a/0x70 [ 1279.299231] __kernfs_new_node+0x70/0x420 [ 1279.303384] ? vprintk_func+0x65/0x159 [ 1279.307363] kernfs_new_node+0x80/0xf0 [ 1279.311255] kernfs_create_dir_ns+0x41/0x140 [ 1279.315714] sysfs_create_dir_ns+0xbe/0x1d0 [ 1279.320133] kobject_add_internal.part.0.cold+0x114/0x5ae [ 1279.325686] kobject_add+0x11f/0x180 [ 1279.329402] ? kset_create_and_add+0x180/0x180 [ 1279.334027] ? __raw_spin_lock_init+0x2d/0x100 [ 1279.338841] ? refcount_inc_not_zero+0x88/0xe0 [ 1279.343439] ? klist_init+0x71/0xe0 [ 1279.347721] device_add+0x383/0x1490 [ 1279.351451] ? device_initialize+0x430/0x430 [ 1279.355896] ? device_private_init+0x190/0x190 [ 1279.360490] rfkill_register+0x19c/0xb20 [ 1279.364789] hci_register_dev+0x34b/0x810 [ 1279.369571] ? __raw_spin_lock_init+0x2d/0x100 [ 1279.374281] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1279.378610] tty_ioctl+0x8f7/0x1320 [ 1279.382244] ? hci_uart_tty_poll+0x10/0x10 [ 1279.386720] ? tty_vhangup+0x30/0x30 [ 1279.390556] ? __might_sleep+0x93/0xb0 [ 1279.394442] ? __fget+0x210/0x370 [ 1279.397989] ? tty_vhangup+0x30/0x30 [ 1279.401778] do_vfs_ioctl+0x7ae/0x1060 [ 1279.405673] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1279.410478] ? lock_downgrade+0x6e0/0x6e0 [ 1279.414627] ? ioctl_preallocate+0x1c0/0x1c0 [ 1279.419059] ? __fget+0x237/0x370 [ 1279.422642] ? security_file_ioctl+0x89/0xb0 [ 1279.427054] SyS_ioctl+0x8f/0xc0 [ 1279.430442] ? do_vfs_ioctl+0x1060/0x1060 [ 1279.434592] do_syscall_64+0x1e8/0x640 [ 1279.438468] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1279.443551] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1279.448817] RIP: 0033:0x4592c9 [ 1279.452003] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1279.459714] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1279.467087] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 13:32:07 executing program 3: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r2 = socket$caif_stream(0x25, 0x1, 0x0) pipe2$9p(&(0x7f0000000000), 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) pipe(&(0x7f0000000140)) inotify_init() r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uhid\x00', 0x20010000005, 0x0) write$UHID_CREATE(r3, &(0x7f0000000340)={0x0, 'syz0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xec\xff\xff\xff\xff\xff\xff\xff\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000480)=""/195, 0xbe}, 0x4d6) r4 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000084, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x2, 0x4f4, [0x0, 0x20000580, 0x200005b0, 0x200005e0], 0x0, &(0x7f00000000c0), &(0x7f0000000580)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0x0, 0x2, [{0x15, 0x10, 0xf9, 'yam0\x00', 'caif0\x00', 'ip6gre0\x00', 'teql0\x00', @dev={[], 0x23}, [0xff, 0xff, 0xff, 0x0, 0xff], @random="ba69a99155a4", [0xff, 0xff, 0xff, 0xff], 0x6e, 0x6e, 0xa6, [], [], @common=@mark={'mark\x00', 0x10, {{0xfffffff0, 0xfffffffffffffffd}}}}, {0x19, 0x3b, 0x8efd, 'caif0\x00', 'ip_vti0\x00', 'nr0\x00', 'team0\x00', @random="4f08fb3cb1b3", [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], @broadcast, [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], 0x2de, 0x356, 0x38e, [@mac={'mac\x00', 0x10}, @bpf0={'bpf\x00', 0x210, {{0xa, [{0x81, 0x100000001, 0x9, 0x80000001}, {0x0, 0x8, 0x96df, 0x5}, {0x0, 0x1, 0x1f, 0x20}, {0x1, 0x4, 0x100, 0x1}, {0x2, 0x1, 0x249, 0x1}, {0x1, 0xffffffff80000001, 0x8, 0xfffffffffffffe00}, {0x3, 0x7, 0x80000001, 0x7c1e}, {0x6, 0x8, 0xcd, 0x95}, {0x0, 0x1000, 0x1, 0x436}, {0xcc, 0x9, 0x9de, 0x7fff}, {0xfffffffffffffffc, 0x100000000, 0x6, 0x7}, {0x100000000, 0x5be, 0x9, 0xffffffffffffffff}, {0xb7, 0xb, 0x200, 0x1000}, {0xc8e, 0x2, 0x80000001, 0x80000001}, {0x100000000, 0x0, 0x8001}, {0x3, 0xffffffff, 0x2, 0x9d}, {0x800, 0x6, 0x2, 0x10000}, {0x8, 0x7, 0x0, 0x9bb}, {0x4, 0x0, 0x450b, 0x2}, {0x5, 0xcf, 0x2, 0x40}, {0x6, 0x5, 0xffffffffffff8000, 0xa02}, {0x2, 0x2, 0x3f, 0x4}, {0x7fff, 0x2, 0x120, 0x6}, {0x7, 0xffff, 0x6, 0x2}, {0xffff, 0x6, 0x4, 0xfffffffffffffeff}, {0x100000001, 0x9, 0x7fff, 0x2}, {0x9, 0x20, 0x6}, {0x7fff8000000, 0x3, 0x10000, 0x3}, {0x7, 0x9, 0x1ec0000000, 0x35aa}, {0x4, 0x0, 0x0, 0xfffffffffffffff8}, {0x3f, 0xaa, 0x4, 0x81}, {0x40, 0x1c3, 0x200, 0x5}, {0x7, 0x8, 0x3ff, 0xec0}, {0x3f, 0x9, 0x4, 0xfffffffffffffc00}, {0xffffffff00000000, 0xeb, 0x6840, 0x7}, {0x7, 0xf, 0x5, 0xcb}, {0x9, 0x3, 0x1, 0x6}, {0xffff800000000000, 0x6fa, 0x1, 0x4}, {0x7, 0x2371, 0x401, 0x731}, {0x968, 0x129, 0xffff, 0x8001}, {0x9, 0xffffffff80000001, 0x6, 0x3f}, {0x0, 0x7, 0x9, 0x3a}, {0x0, 0x4, 0x2, 0x1}, {0x2, 0x7, 0xed1, 0x7}, {0x3, 0x2, 0x5d, 0x1}, {0x9, 0x1, 0x7f, 0x20}, {0x5, 0x3, 0x504, 0x3}, {0x20, 0x8, 0xc77, 0x1}, {0xfff, 0xfffffffffffffc00, 0x1ff, 0xa33}, {0x5, 0x8001, 0xfffffffffffffffb, 0xb8}, {0x9, 0x7, 0x3, 0x2}, {0xd13a, 0x3, 0x3, 0x100}, {0x7fff, 0x8, 0x8, 0x80000001}, {0x5, 0x5, 0x6, 0x1257406f}, {0x3, 0x1, 0x1, 0x7}, {0x5c, 0x4, 0x5, 0x45a6}, {0x10000, 0x4, 0x7, 0x8}, {0x5, 0x7fff, 0x8d99, 0x80000000}, {0xffffffffffffff01, 0x2, 0x3, 0x10000}, {0x74e1, 0x54, 0x3}, {0x8, 0x7, 0x6, 0xf1}, {0x9, 0x2, 0x3, 0x3ff}, {0x4, 0x9, 0x6, 0x9}, {0x8, 0x8001, 0x9f33, 0x5}], 0x401}}}], [@common=@NFLOG={'NFLOG\x00', 0x50, {{0x40, 0x74f, 0x9d, 0x1, 0x0, "9b9d750e8360c0a5f867bb31378052f1ecf9a70385f2151814e3b077199e0f90ee4c8bd68dbdde959f37b44ec0d69f8feab9a9238e9e4d597d769a0aaf174655"}}}], @common=@mark={'mark\x00', 0x10, {{0xffffffd0, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x56c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) dup2(r4, r2) writev(r3, &(0x7f0000000180)=[{&(0x7f0000000040), 0xb5}], 0x8) [ 1279.474357] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1279.481837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1279.489134] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1279.503003] Unknown ioctl -2143271671 [ 1279.519113] kobject_add_internal failed for rfkill174 (error: -12 parent: hci0) 13:32:08 executing program 1: r0 = socket$inet6(0xa, 0x80001, 0x0) fstatfs(r0, &(0x7f0000000080)=""/179) getsockopt$inet6_int(r0, 0x29, 0x11, 0x0, &(0x7f0000000040)) [ 1279.594164] device nr0 entered promiscuous mode [ 1279.611182] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.618070] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.628858] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.636041] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 13:32:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000180), 0x1325c5) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000025c0)=0x80, 0x4) setsockopt$inet6_buf(r2, 0x29, 0x0, 0x0, 0xe) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1410428}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r3, 0x402, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x20000001) [ 1279.645317] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.652351] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.659625] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.669293] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.676429] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.687012] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.695519] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.702590] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.709813] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.717516] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.724794] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.732116] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.738989] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.746051] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.753209] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.760195] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.767569] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.774771] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.781820] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.788798] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.796052] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.803040] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.810355] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.817243] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.824205] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.831514] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.838383] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.848203] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.855174] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.855186] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.855197] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.855206] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.885684] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 13:32:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc580128732") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:08 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r2, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ID={0x8}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x800, 0x0) [ 1279.892545] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.904637] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.913314] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.923774] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.931630] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 13:32:08 executing program 1: socket$kcm(0x10, 0x2, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x511201, 0x0) getpeername$tipc(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10) [ 1279.942953] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.952930] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.963580] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.971616] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1279.979072] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 13:32:08 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1279.995680] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.005968] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.018411] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.029602] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.036861] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.046374] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.054715] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.064612] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.071903] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.079524] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.089627] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.096863] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.106035] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.113278] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.122642] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.129402] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.136222] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.143242] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.150361] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.157394] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.164210] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.171102] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.171114] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.171124] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.171134] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.171144] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.184801] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.212016] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.218825] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.225771] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.233350] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.240346] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.247057] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.254492] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.261409] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.268109] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.274973] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.281935] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.288650] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.295494] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.302380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.309329] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.316490] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.323386] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.330321] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.337251] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.344056] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.350938] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.358079] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.364979] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.371886] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.378582] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.385398] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.392377] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.399076] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.405851] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.412622] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.419317] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.426091] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.432875] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.439709] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.446504] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.453291] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.460423] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.467159] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.474173] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.481183] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.488035] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.494843] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.501735] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.508447] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.515719] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.522507] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.529379] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.536224] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.543056] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.549772] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.556647] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.563411] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.570380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.577452] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.584225] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.591089] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.597790] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.604616] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.611400] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.618202] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.625090] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.632276] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.638977] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.645763] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.652639] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.659429] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.666205] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.672998] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.679699] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.686680] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.693670] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.700687] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.707523] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.714400] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.721264] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.728079] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.735076] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.741915] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.748866] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.755687] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.762595] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.769420] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.776493] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.783258] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.789953] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.796750] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.803624] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.810402] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.817136] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.824020] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.830888] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.837593] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.844522] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.851301] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.858027] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.864827] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.871696] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.878573] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.885373] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.892497] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.899200] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.906035] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.912939] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.919906] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.926759] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.933552] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.940478] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.947667] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.954457] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.961379] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.968186] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.975123] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.981980] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.988683] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1280.995491] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1281.002604] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1281.010635] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1281.030336] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.037952] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.045958] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.055280] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.062618] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.069533] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.076887] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.083919] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.090817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.097608] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.104645] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.111783] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.118702] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.125605] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.132658] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.139549] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.146657] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.154114] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.171699] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.179179] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.186095] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.193093] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.200199] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.207130] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.214308] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.221266] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.228331] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.235165] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.242048] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.248797] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.255646] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.262566] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.269473] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.276594] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.283476] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.290321] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.297152] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.304023] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.310860] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.317786] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.324662] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.331491] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.338291] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.345184] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.352163] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.359007] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.365807] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.372587] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.379348] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.386140] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.393016] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.399775] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.406567] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.413317] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.420156] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.426935] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.434183] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.440974] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.447793] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.454673] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.461477] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.468224] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.475030] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.481825] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.488557] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.495363] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.502171] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.508900] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.515896] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.522691] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.529417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.536236] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.543036] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.550878] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.557660] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.564490] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.571290] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.578063] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.584890] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.591722] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.598501] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.605326] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.612103] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.618884] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.625689] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.632454] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.639220] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.646010] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.652777] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.659573] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.666381] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.673190] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.679928] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.686766] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.693572] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.700368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.707169] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.713978] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.720793] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.727539] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.734374] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.741171] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.747894] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.754704] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.761492] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.768212] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.775038] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.781845] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.788588] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.795398] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.802372] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.809158] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.816096] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.822909] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.829647] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.836649] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.843441] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.850218] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.857007] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.863803] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.870595] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.877362] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.884153] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.890936] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.897718] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.904785] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.913892] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.920714] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.927457] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.934303] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.941170] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.947907] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.954704] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.961522] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.968285] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.975100] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.981976] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.988758] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1281.995582] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.002383] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.009151] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.016041] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.022836] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.029622] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.036439] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.043254] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.050297] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.057051] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.063883] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.070765] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.077523] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.084349] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.091150] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.098765] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.105577] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.112419] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.119176] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.125962] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.132718] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.139480] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.146266] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.153037] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.159809] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.166651] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.173436] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.180303] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.187371] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.194186] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.201017] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.208497] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.215293] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.222093] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.228878] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.235674] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.242491] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.249250] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.256059] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.262849] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.269637] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.276817] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.283636] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.290583] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.297320] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.304149] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.311052] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.317795] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.324589] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.331395] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.338960] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.345783] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1282.353999] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1282.363459] Bluetooth: hci0 command 0x1003 tx timeout [ 1282.368817] Bluetooth: hci0 sending frame failed (-49) [ 1282.374291] Bluetooth: hci1 command 0x1003 tx timeout [ 1282.379978] Bluetooth: hci1 sending frame failed (-49) [ 1284.390171] Bluetooth: hci1 command 0x1001 tx timeout [ 1284.395453] Bluetooth: hci0 command 0x1001 tx timeout [ 1284.395536] Bluetooth: hci1 sending frame failed (-49) [ 1284.406132] Bluetooth: hci0 sending frame failed (-49) [ 1286.470177] Bluetooth: hci0 command 0x1009 tx timeout [ 1286.475453] Bluetooth: hci1 command 0x1009 tx timeout 13:32:18 executing program 5 (fault-call:4 fault-nth:54): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:32:18 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @empty}, 0x10) sendmsg$rds(r0, &(0x7f0000000680)={&(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x3}, 0x10, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/177, 0xb1}, {&(0x7f0000000080)=""/111, 0x6f}, {&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f0000000140)=""/61, 0x3d}, {&(0x7f0000000300)}], 0x5, &(0x7f00000007c0)=[@zcopy_cookie={0x18, 0x114, 0xc, 0x47}, @zcopy_cookie={0x18, 0x114, 0xc, 0xfffffffffffffff8}, @rdma_args={0x48, 0x114, 0x1, {{0xdc8, 0x6}, {&(0x7f0000001640)=""/4096, 0x1000}, &(0x7f0000000640)=[{&(0x7f00000003c0)=""/114, 0x72}, {&(0x7f0000000440)=""/155, 0x9b}, {&(0x7f0000000500)=""/89, 0x59}, {&(0x7f0000000580)=""/188, 0xbc}], 0x4, 0x8, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0xce15}], 0x90, 0x10}, 0xc040) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="2400000000000000140100000100"/40, @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/44], @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0000000000c438acc0"], 0x48}, 0x0) 13:32:18 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc580128732") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:18 executing program 4: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:32:18 executing program 3: r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x80000001, 0x1) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) write$cgroup_int(r0, &(0x7f0000000080), 0x12) recvfrom$x25(r0, &(0x7f00000000c0)=""/255, 0xff, 0x10000, &(0x7f00000001c0)={0x9, @null=' \x00'}, 0x12) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000200)={0x2, [0x5, 0x2b0d7baf]}, &(0x7f0000000240)=0x8) r1 = openat$cgroup_ro(r0, &(0x7f0000000280)='cpuacct.usage_sys\x00', 0x0, 0x0) ioctl$SIOCRSSCAUSE(r1, 0x89e1, &(0x7f00000002c0)=0x100000000) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000300)={0x1f, 0x7, 0x4}) ioctl$VT_RELDISP(r1, 0x5605) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000340)=0xd0) fsetxattr(r0, &(0x7f0000000380)=@random={'user.', 'wlan0trusted\x00'}, &(0x7f00000003c0)='vmnet1\x00', 0x7, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000400)={0xfffffffffffffffb, 0x0, [], {0x0, @reserved}}) ioctl$TCSBRKP(r0, 0x5425, 0x3ff) r2 = shmget(0x3, 0x3000, 0x78001000, &(0x7f0000ffa000/0x3000)=nil) shmat(r2, &(0x7f0000ffa000/0x3000)=nil, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f00000004c0)={'vxcan1\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x19}}}) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000500), &(0x7f0000000540)=0x4) r3 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x1) write$FUSE_DIRENT(r0, &(0x7f0000000580)={0x38, 0x0, 0x4, [{0x4, 0x7ff, 0x10, 0x6, ' \x00'}]}, 0x38) close(r3) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f00000005c0)={0x0, 0x0, 0x101, 0x2, {0x8001, 0x4, 0x4, 0x1}}) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000600)={0x0, 0x1, 0x2, [0x4, 0x0]}, &(0x7f0000000640)=0xc) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000680)={r4, 0x1}, &(0x7f00000006c0)=0x8) write$UHID_INPUT(r1, &(0x7f0000000700)={0x8, "f39f01f3e61537dd095fd572e7a827fb41e0d30675752c78f6e6a8b0da0e728b2bb8d5cc7a3c92bf3d2a4ec67ea4e1389b6b45db94bbab469bf314deb364dce95ef9c9dc0cb87da6ef8d772a3c34a2f17743e05f290be1d354d858147b2e1d5f28cd67d27c207c6731cc952d6a45ff2a45989fc4296389273ca85dd2a0ffc9c90691d58fb3ba9cfcb9b8d6a34201ca60d58042de2cecd39a5c836198e98fe77e6496d641bdad16e90d279fdc8ad5abd621065036c640c82d79b9ba1f27cefb715552fb07df2d002de0cd64e7c5a07f39a8c5c7ce904caff4ddce0d97dce99a09584c74ce0ad0d85584174ae15f28cea0bb7e147bd43ac3ec91fa5f1d5c14935bc40ae4e9ebeee84e56efdbec57f20f46836157f75039aff5163c577f149136698f10eb0ec64bf8a0f2e075260dc9a3544f1bc985f6e71afca7f6952a422ccf5d54d8bb74fe27bc5cb251233a860845fe47ee746d04a3054dae030d25f1a81d274e92a4eb7a8d83d5c297568fabb23269b2a428239cce25b86f84d871ad9b2609fe0a198e7b54379e4cba87d87a986c825f15fd68fe1b1d5b2667f2c1da3d7b4cc45e905b8547b0f60ee4eddb460720ac5a478de00088b062f0ce8ae1142a175bc2aa78b2d1bf5ca551a6954f3ce09756b412e630083f71aa80234fc0b9beb9cd44069fc1b531012fd183a1856b779eb9c6fafa92f7a8522967a3c28aedfe9587301ba5c65a480a591813d4d59a58cfdba7b4a4bb6305116c8c90468227d713ec8780f7e0690fbeedb447ffdfc052f1b59836a14f0ca4516c3fd98df070cc2c74a85658890a62c4d41fc47f5185252ae471d6862e70f20b2f7e37c740d7a66a399e49e25a823b810ead8376f5ce19a45e0722991a61a60579bc6a48319d1e3d5d218870a2602e8d63e3bd4b56168ed3c27444e5ad49269ad29160993a3c5782ca7c29f209207bc10ce99d912ff67c2ff390a4bdb967661b04ce67f969096467487ac21a0a017df0e12f85fbf52714545cf3626fa2155ae7984eaf78354f06aa9de889a299eba43b2b6257c791c2831f8e4e86e5cbad89cb5db3331c8b1552f503509c3bb7400d925f5007804d6099d4b78d81516b0623768313d332fba496ca242da3bc84e96333f239f1770c23a610bbb24e4e882d19049cbbc2dfdcc95a5c49020c05ac20e4f9d58389baed183f6de8f2bcd22cc4ce4e55ce7fe1dc661881eeef55c0711d5840621e59231f33e6eded9af54033933131974b04028b870482336ff2305f665a46f85a329155fb40738c79ea0d678a7a2b345a79e88d83e5ec279a30b8e3d405834d24b59a20438256c9b9f097f6ad25c97010f7c383d714a47d8534903846ea3cdd9c25f6a41b3bcd1aeda2e5b6d82736606607f7a8904e1d52660df0eaf64df93353d587f3cebb890ab3e5f1a0b5080062925519a1cf3dd0e4eddee26a135d7fda41a00e629335ff504add7d3c40f070822ddbe8957777f496610633222b63c9c82aa8226fdc3bec7e3714d3c4c35a0eb31588b231cadc7454c1511004b92e49d51f5d484a5367142344fc9ffc54720e60784614a8ebaec69e0397832c75cf286668a2547c3535f428a2941124772ec4cdf265dc4bf646d3756e92d6a943521ee5df4ae4c3dd78ba1a6910423d03b7c686d2e722012128b51be3d17418c94e4e4bf9dacb6db3adca5dfe215e29d5e0350185ecf571c6adbbf4129c4a19312e3476f386ec919c7c73aba01f4ef2df4c64f848e45794c35899eea25d4546e5668b191db15e0d37641092974cbb391191208a93ec10c44a50860534a5ef121c7714e90024840f1efe316089aa9849d12e624e413b0917c6fb7e791365e77fb930d29f0729d010a9cbd4e8f9d1a8497d12fc1777a2de727686d9d508daaebf68ff86700bdc1a74b5ea6ac3dba61cbd8d848cfc093be85d9d496a64c080b4df09e6d15e67f8937542bf65541f55028950ec533b399b9ef812ff5a22cb5e18fa88aa21febe6a71fff2070185c3bc1b03c247eedaa8bf26ad1e3ac2bc276ebd6222fc8c4a108cd43b418e10a7d8b5fe38e617a41dcadab63186359cbab3bf927c811643535aa90b2958b49b56ea52cfde4b63c67f7bf61173951eafe29ed07eb54c2545be2ad93952d536e512d9b0c5cfc0109be593063fe1f3238cabc34f2f903f94df44402d0c5446a01a40f5cb9c9c38e5e724e0c3a85c24c27cb79519e3de330d0bfe7438e0255393156b1cf81cc0a6f09039a7ffd2615fc71e3bf5e9bc9f9776454fedff96ad2dff918cbafa7a63c7686218c5247ee9b285cf58a1bd112f1b0d5ecd9c179d7c929d9ab5423ebdf4cf7968ff3a508e0bec3656c75a53782eed19b47de45c0b7a33ff7d92369f23dc55965e3687709b3cdb675cc3d7d3c0d4320b1d0d37f00a7a14325e07b9c66b11d5305d04902435c0e9082d133f5be273070e7e0dc01f57eb667a5d3e4ec4e30aaa46e436b937f4026f2c2909e9c1fc12306a49a5ca5fb9efec503919f3e00e826c12ac17a64ddb5b7a8a51c9e44dc88e1e0f5c94bf5e74f38fbe818bcc2279057074966431359fd30102942cdc40e5cecb6c5cdaabcd5444d8976e1cd6e40bc22b970653e3cbcca37eec82b7c9613f01263209aeeb060d09c66f5ab587b022cd31b701d83bfec3e0feb404c532a90c97dadb52623d4a349de8e3e658023906e25e7e5ba009a62f64771116ad1b2abd7625a21970290b6137d7c11e4f99039df540e9302c20c3ce81010dd4866ce45e8bdcdb076913a1e55027462a376af3914e59be072649204ea7c47f971e876da674f8a68ec5fd249a777f4f5c4c6842e433605b4ab7a95f1769eac19d299d67bf6bb4cc45a2a02a36e70a71b2edc504c5bf5a1f44f164f00cd82aaf0c6188b043307ff85cbca47b881cea8b32297ee286aea6c32d266f768ffb282b78344a5f9efa1cb3c7f10e3d5ef8879d587f7fac1e303191ecd7d1bc40ea63877a0cec549958e87156312d1c1ea2d963ff5c678e31ff12c1179cb52ae7012d521b1d05b740626210fc410648520a8118f4fa90ce46447dc2003326e5a6585f649a7b72e6183af06a7dd0d8e9cc82f88d7c32a637ea6467b6dbc070fb6cc0fff5fc143855a3346b85391d2bb670fc8192998f80e74826f43ef4cc8d928b97d6f69ecbf57b23ad5bb88ca43de79ce1445e35d95d446275ee61a6c9168b2f86aed616b7a0e070d24c14d82e13b4d94b686853d3c9c04415021303cc133c67124e663589c186d9f7cb772c7ce26e6b210a88b6c527f3c21960dcfdede1da3b7124179e718461568dbd24d0ed45c661f675866ac6f92e69494000ea8128033fce25b1a642407cbf4f9b7a37b6368bac2d3a9da06eedfbd6056a9488fc7e0877992d2a2ce4a9301c4f0f6e55d7fb291e77bfaedde73f7ebcb1d6f8752d77a61b530d1645d13a759c11b1d99dab007b2a7eefcd80705f7ea844d1f7be609ba58c4a6f7b444593e53810967064c6c77d05332f59ab83c55b22d4eb6d5e751bef976eb08657cc388d7e230246a03217c22f737bbc4fa105fc5e822bb658954b6d4b14f25b0c50041bbb881808d1cfd477c30748cd26afba3dd6b0bc7d40f8f2e236db593deebfb8284c20f0097c166ef98c8e58789d9f7d52d432b5d29e769c31162fa1a2a73e33cd68bac0efa2fb117b51bbc1816307b46994b6e908db7a4d5d2f4cb713b0082db8991e1586a38aab5eea4940d89f6c46053b196ee06c9ba74363d7dc47fe281e302b56fec7512d78062561245f54abc62fdfc3123d94c44d8a2447a337e22846dd79d8659ee9846ad69fa3f06695c57d59a6cda39eb16e6841658e066ada6dc5f8d691b52728eb7db94766ad6fd7acd4c4e54ad2ae0d19f1ae7e32854b77b13a06bd85e5e8ae65bd6dfa1887a580e89a7ed2fbe5027ac617bd1a8fd81537c1871e364feca986317e17ef44a16f8db387ee7f223ef3c942ca4138c2fd44e15e055e714236f59a6caf62deb86df2cc6fa7004e405ee5d50aa9fa906285f744931aa1ff2feb4177dc5d39125b8ed67b04829643571b66b8b88741020091d83803e8243be1cac137ef2f26a998b50ae679c972cd9b311852b6c6137138b0756160f31ffc06919b5c4f0a12646e60930d261ce1498b32fcb43207b3784a78c3d1d80d1dbd9ce7e32ada8baf809ace0efedb56b027bad84f1f1187aaa4c45597a8d5413ca94148da54e8f9156fa02ba7d8c7689cfe41253e24a7f4f5537490da5380dcf114f5b82885084310263ee16332b730f7b7937d5b15260cd9c1072ecd76bb5e379083d582ae7a42423c0a5d5886963f30630846aa0a22d60b615fbfe6b52198c0ff1693a2ba90bfd074681ca8c8a7ba28325daf956ab65c46d18e3ec5bf05fc25235087ff17edcdd96e0c1ed4994a8f79232be643d7c349a94e04b69a267f203e1e5c5fed358c304b484acdb788f341bfd5f85e0bba29d2650202d5a4ca9ea21592bea4ae2fc1b053a1c9b14e14dfb2c752b2d92f11f9802141051007d141f4849b097ad5f7c6ad596f39cbdccb8642a1d3a6a5c35e7738bafb37ad7e162c94f0ce3c407cdacb7071f4e59df403eeda7d561722b476fc2b5dec4ce82ad0f6f893f2fc08766c9cae195777d4e5861ab0bbb427324dedd3936758c975c38c7994a9d01d3267df7ffcab7cb26ec392f3140405332187f116bca7d0437438c64c8f16c118306f9587dc1e710fce969389e67e0ad1c5a1bcab3f3e02fab3935a03ad78ad18455efb2824575e5933beae5a83ce21085201c62faae769462256952068c6c810d56d7456da39eef073444dae6e9f615c4f292f00cd680e458faf168d51b3010cedf9786a8cb01d70f5a213719ff056f1a37ab9d8bb40b626c1f5e12f81b2f73df4500b6f33927ccfdb8c0c54d738dbb770338e7f08b059001203e0b3ab7e829e68dcb38d9ee153b04194f8df9e618cff549232a0dee1aaa45aff54f60ed683e7b37e03800f8fcb4cdff550ecd8421f25f8bda973502764d03aa6bd93376d589b0b5d287882130126d8739fe229bc64a96d5179662aa170d1491698d430bd464d0d766fea2c2b48fcea4cff2ee98d57e75754178a7d2f9202ea21176f7afa73c3f94baaffbc667ce45ee54a8afa650c2b735b850701e55e8d26aa790c911452f78b017c0871e7f2c79fa8edd551cbce0ebadf8f4a613c98add62865e66e6db6f4ff0ab9efd141d02aee5756d0b58311b1a258afd5b05d3f5c36b4a70f97c241def1ba6886b1294dd4fa5a3f70a8a5dede80cb1454198196326a020c2c93f6943ba4a6bfbeca51fa26b89af721738076e1aa230585f3a1e429550b329af5302031ae8354e3f37fab5bf26fde07be60895d16c47883a15195db54b1364470734b9afbf08456cdbf612fac052c00350b14fd5f69d561337e4bafa5ee9f33d2f7f8a425471ce9d71e860dc54c05735187d5680283739a4818783126ba43f7c2dc8a605dc4f1c5a4d4a667e7703cc72b2e22a511e61e3d67142ff2a7ea5edf34cb833e9252db81b37e98cd50b99e8e109647747e7c1739b0422a66ff65f57dec12e4fe7e50676c69d34b664469b14b64793f7b96bcb6f92dd43c83be495b0349629b56109d81d42c0fb7731ae40e2bdeb9cb94dfb7ea126e1b706f2b907ba83771b5b44bf521ee8d07710a76b8b17accf453e464d4a78d27d89789d5ce2748d5748d64da238d91351111d9cb687dd28b4c22c3ab675c0f24a9a66c51d39e60bab59d7dae2234ab151e20716861060e7d4c2bbccd896f8c0626c073338db9d7", 0x1000}, 0x1006) ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000001740)=0x100) r5 = syz_open_dev$amidi(&(0x7f0000001780)='/dev/amidi#\x00', 0x0, 0x301000) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x0) setsockopt$TIPC_IMPORTANCE(r5, 0x10f, 0x7f, &(0x7f00000017c0)=0x7fffffff, 0x4) setxattr$security_ima(&(0x7f0000001800)='./file0\x00', &(0x7f0000001840)='security.ima\x00', &(0x7f0000001880)=@md5={0x1, "693a076647cd889c9874f08f0bb80522"}, 0x11, 0x3) 13:32:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r2, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000400}, 0xc, &(0x7f0000000380)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="d4010000ee6b2eb500ca3ddb46eec2ba62950ed420db557c8abc4a593b035c54613d8adc9f694f508490ba1eb790e53c606a01f15e40455ff599d746748f0c5b4333a0212cf4ba33bf75e327ee9d3ec0410612e198d11fac157bb58172fd2ce66ebbea53030632fc073951db6aff1891718761118020c4c54e14250758fafa60db7d67958e30f84859eec442b82ee7712db06b784b0e1bbe3d8b8ccc67b91720574df24b24588f91a484a5a4bb6ffe410411c5707b7be74e8d314cb03ccb868a81c331b0c43ac13eb83c319cdbeea87a740c52ef92fc39ce1e85a59b7c7bc4159b1f4e3cb1a585eeac45cecb381d097d3e14af6c1f4e0000ebd51b554964290e3033726a749546a76bf928ce3c03599a82476098215bb2cd1e8795c3b05576336c6147365b37516c172620fa916e85b79b278302e71ab53a6b647602e81184c474886a3c57eac8351fc900849c7281973a1461d166040700ae60cbafe74482ab15f6298bbf65bab8f50ccb86bc07b6aa4fcd08e83f4576220d364115081106b76158557e5f5e8e8b86aa7f4923e9f905c4d567f7d280a8609aec77eb84a8ef5e87a0060000007ed22978b6d174baec2235badc2faba299f033da8d2a56d5ea0b83ee9284afd95bd6808c1466163be9efe1c37ec548cf50c352c34b885aeb7d5add6f19774889fc4ea250deb8baea5e34963078bbc47c0be3c55df20913e00ab0b9323a480dbf7ee1bf8246684d5817bb5d14767716ee309c0b807747aa65c5a3745e1232b0cac1014f30d3c31d7e3e4e82046a19f7541886a359bba3540366d39b7e63c2c5444c5fa3faa3f65cd35974ecb582aeadaba4f46a90d31bcad81695ce23b1f79f7a0e339ecf1440d9d11533991bfd824f55e5003f15b1c6f6eb1119e8fcfdf80b486e3d73ada7e51a4a27594f900e44016d029cf04aa82a7e981bba9d8ead05ea4b6adf257dff424641762c37fece13ea13417ee07c2447846458d0471bcfdee2002c41e8ac5dd996330385fca38a1706dc4cf325217e9e6c6dc2435d15425648c1290902ff79ec953c5e241b9dde02833ea896a403626996c541", @ANYRES16=r3, @ANYBLOB="200126bd7000fedbdf250e0000005c00040024000700080001001e0000000800040001000000080004000700000008000400070000001c0007000800040001800000080004000700000008000300000000000c00010073797a31000000000c000700080001000b0000004400070008000200050000000800020000000000080002000500000008000100010000000c000300008000000000000008000200ff0f00000c0003000900000000000000300001002c0004001400010002004e21e000000200000000000000001400020002004e23ac1414aa0000000000000000180004001400010062726f6164636173742d6c696e6b0000d80001000c00020008000400d3a400001400010069623a73797a6b616c6c657230000000380004001400010002004e21ac1414aa0000000000000000200002000a004e2400000001fe8000000000000000000000000000bb000000002400020008000200000000000800030003000000080004000100000008000300000400000c000200080001001000000044000400200001000a004e20ffffffc1ff02000000000000000000000000000103000000200002000a004e21fffffffdfe8000000000000000000000000000aaf8ffffff0800030045000000"], 0x1d4}, 0x1, 0x0, 0x0, 0x4000004}, 0x804) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:32:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000200)=ANY=[@ANYRESDEC=0x0, @ANYRESOCT, @ANYRES64=r0, @ANYBLOB="8e8906328766830fc68c7db734b7df94b0f7587fa55aedf3215fe85388f5b3999fb7627ec652c1dc12c95e06dca41833104ae39c58d2c5e1fb79289d34d5198377bb3dcfbd25acca6bd2233f036132a2b890592d780a3e37fc5e5ad9d6a02fd679d9710692301564d5b759fd1148931eb8d989c0023b946cf98711f129e28cc9e4e98137f844fc3328de5263ca8270e55074fb2f98afbe2712b4c95cdaacddc4f874219800a6a9d3cf88e241a280e8a379323601c6d218c4cd77cbb68a3edc838a778052dc4c9bfa5f9c1b1944295a1798648a685f2d76b96842cb07984cedcf8b912c9afb373b01c0ec5a99", @ANYRES16=r1, @ANYRESOCT=r1, @ANYRESHEX=r0, @ANYBLOB="b17061be5bbe1c11bbeef12b26a8d0843279d801626ce9ec938b920863ccce765c58ce9a39650e0c9308a8cc9e18cdf7a96b961723567014af413f6834a2c387087679d77421be88fd2f2d953c3452025d4ee27de20a4948cce3ee8e36ce7a91d67e1450f579ecff9331be3982049bd17264713b122f195e2e5e370be2847b37e0e52a0b5d91b6b090b2d183692a64be2f", @ANYRES64=r0, @ANYRES16=r0], @ANYRES16=r1, @ANYBLOB="030700000000000000000b000000"], 0x3}, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) recvmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000000)=0x7, 0x4) [ 1290.191219] Bluetooth: Unknown HCI packet type 5e [ 1290.197000] Bluetooth: Unknown HCI packet type 43 [ 1290.211062] FAULT_INJECTION: forcing a failure. [ 1290.211062] name failslab, interval 1, probability 0, space 0, times 0 [ 1290.224016] CPU: 0 PID: 22884 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1290.231147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.231153] Call Trace: [ 1290.231180] dump_stack+0x138/0x19c [ 1290.231200] should_fail.cold+0x10f/0x159 [ 1290.231214] should_failslab+0xdb/0x130 [ 1290.231227] kmem_cache_alloc+0x2d7/0x780 [ 1290.231242] ? find_held_lock+0x35/0x130 [ 1290.231254] ? sysfs_do_create_link_sd.isra.0+0x82/0x120 [ 1290.231267] __kernfs_new_node+0x70/0x420 [ 1290.231279] kernfs_new_node+0x80/0xf0 [ 1290.231292] kernfs_create_link+0x2c/0x170 [ 1290.231303] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1290.231314] sysfs_create_link+0x65/0xc0 [ 1290.231327] device_add+0x447/0x1490 [ 1290.231340] ? device_private_init+0x190/0x190 [ 1290.231355] rfkill_register+0x19c/0xb20 [ 1290.231369] hci_register_dev+0x34b/0x810 [ 1290.231377] ? __raw_spin_lock_init+0x2d/0x100 [ 1290.231393] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1290.231408] tty_ioctl+0x8f7/0x1320 [ 1290.231416] ? hci_uart_tty_poll+0x10/0x10 [ 1290.231426] ? tty_vhangup+0x30/0x30 [ 1290.231446] ? __might_sleep+0x93/0xb0 [ 1290.231456] ? __fget+0x210/0x370 [ 1290.231476] ? tty_vhangup+0x30/0x30 [ 1290.247026] device nr0 entered promiscuous mode [ 1290.247362] do_vfs_ioctl+0x7ae/0x1060 [ 1290.247381] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1290.353378] ? lock_downgrade+0x6e0/0x6e0 [ 1290.357516] ? ioctl_preallocate+0x1c0/0x1c0 [ 1290.361928] ? __fget+0x237/0x370 [ 1290.365415] ? security_file_ioctl+0x89/0xb0 [ 1290.369829] SyS_ioctl+0x8f/0xc0 [ 1290.373200] ? do_vfs_ioctl+0x1060/0x1060 [ 1290.377349] do_syscall_64+0x1e8/0x640 [ 1290.381231] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1290.386079] entry_SYSCALL_64_after_hwframe+0x42/0xb7 13:32:18 executing program 3: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x400100, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_opts(r2, 0x0, 0x9, 0x0, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000300)={0x7, 0x21, 0x2}, 0x7) r3 = dup(0xffffffffffffffff) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x213, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x0, @local}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd9c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f260819e24134091ec15ef28188179"}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) write$P9_RLERROR(0xffffffffffffffff, 0x0, 0x0) getpgid(0xffffffffffffffff) ioctl$SG_SET_COMMAND_Q(r3, 0x2271, &(0x7f0000000000)=0x1) sendto$inet(r2, 0x0, 0xfffffd38, 0x200007ff, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) finit_module(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000000c0), 0x4) [ 1290.391264] RIP: 0033:0x4592c9 [ 1290.394471] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1290.402366] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1290.409631] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1290.416898] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1290.424192] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1290.431544] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:32:18 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1290.447162] Bluetooth: Unknown HCI packet type 5e [ 1290.454571] Bluetooth: Unknown HCI packet type 43 [ 1290.460432] Bluetooth: Unknown HCI packet type 5e [ 1290.465630] Bluetooth: Unknown HCI packet type 50 [ 1290.471079] Bluetooth: Unknown HCI packet type 5e [ 1290.476261] Bluetooth: Unknown HCI packet type 40 13:32:18 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r2) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x200004) sendfile(r1, r4, 0x0, 0x80001d00c0d0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000000)={0x1, 0x0, [{0x5000, 0xe2, &(0x7f0000000200)=""/226}]}) 13:32:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) readv(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)=""/49, 0x31}], 0x1) fstat(0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000180)={{0x1, 0x0, 0x1f, 0x617d, 'syz1\x00', 0x693e598e}, 0x6, 0x30, 0x9, r3, 0x4, 0x7fff, 'syz1\x00', &(0x7f0000000100)=['+vmnet0\x00', 'em0\x06@,cgroupbdevcgroup\\cpusetmd5sum.**+*.-+\x00', '\x00', '@vboxnet1*eth0{systemwlan1trusted\xe1]\x00'], 0x59, [], [0x0, 0x4, 0x4, 0x2]}) sendfile(r2, r1, &(0x7f0000000000), 0x800) setgid(0x0) ftruncate(r1, 0x88001) sendfile(r0, r1, 0x0, 0x800000000024) 13:32:19 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1292.230222] Bluetooth: hci0 command 0x1003 tx timeout [ 1292.235540] Bluetooth: hci0 sending frame failed (-49) [ 1292.470165] Bluetooth: hci1 command 0x1003 tx timeout [ 1292.475530] Bluetooth: hci1 sending frame failed (-49) [ 1294.310374] Bluetooth: hci0 command 0x1001 tx timeout [ 1294.315703] Bluetooth: hci0 sending frame failed (-49) [ 1294.550176] Bluetooth: hci1 command 0x1001 tx timeout [ 1294.555497] Bluetooth: hci1 sending frame failed (-49) [ 1296.390171] Bluetooth: hci0 command 0x1009 tx timeout [ 1296.630218] Bluetooth: hci1 command 0x1009 tx timeout 13:32:29 executing program 5 (fault-call:4 fault-nth:55): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:32:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:29 executing program 4: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:32:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) readv(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)=""/49, 0x31}], 0x1) fstat(0xffffffffffffffff, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000180)={{0x1, 0x0, 0x1f, 0x617d, 'syz1\x00', 0x693e598e}, 0x6, 0x30, 0x9, r3, 0x4, 0x7fff, 'syz1\x00', &(0x7f0000000100)=['+vmnet0\x00', 'em0\x06@,cgroupbdevcgroup\\cpusetmd5sum.**+*.-+\x00', '\x00', '@vboxnet1*eth0{systemwlan1trusted\xe1]\x00'], 0x59, [], [0x0, 0x4, 0x4, 0x2]}) sendfile(r2, r1, &(0x7f0000000000), 0x800) setgid(0x0) ftruncate(r1, 0x88001) sendfile(r0, r1, 0x0, 0x800000000024) 13:32:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000080)="11dca5055e0bcfec7be070") r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x800, 0x0) ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000040)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'\x00', 0x5002}) ioctl$TUNSETOFFLOAD(r0, 0x400454d8, 0x507101) 13:32:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x400, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x8800, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000080)={0x7, 0x9}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$KVM_DEASSIGN_PCI_DEVICE(r2, 0x4040ae72, &(0x7f0000000140)={0x1e19, 0xfffffffffffffffb, 0xdc62, 0x3, 0x8}) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1301.015477] Bluetooth: Unknown HCI packet type 5e [ 1301.023638] Bluetooth: Unknown HCI packet type 43 [ 1301.054943] FAULT_INJECTION: forcing a failure. [ 1301.054943] name failslab, interval 1, probability 0, space 0, times 0 [ 1301.085316] CPU: 1 PID: 22930 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1301.092471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1301.101844] Call Trace: [ 1301.104454] dump_stack+0x138/0x19c [ 1301.108113] should_fail.cold+0x10f/0x159 [ 1301.112293] should_failslab+0xdb/0x130 [ 1301.116284] kmem_cache_alloc+0x2d7/0x780 [ 1301.120449] ? find_held_lock+0x35/0x130 [ 1301.124539] ? sysfs_do_create_link_sd.isra.0+0x82/0x120 [ 1301.130015] __kernfs_new_node+0x70/0x420 [ 1301.134188] kernfs_new_node+0x80/0xf0 [ 1301.138101] kernfs_create_link+0x2c/0x170 [ 1301.142354] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1301.147652] sysfs_create_link+0x65/0xc0 [ 1301.151730] device_add+0x4cc/0x1490 [ 1301.155468] ? device_private_init+0x190/0x190 [ 1301.161647] rfkill_register+0x19c/0xb20 [ 1301.171735] hci_register_dev+0x34b/0x810 [ 1301.171747] ? __raw_spin_lock_init+0x2d/0x100 [ 1301.171762] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1301.171777] tty_ioctl+0x8f7/0x1320 [ 1301.171786] ? hci_uart_tty_poll+0x10/0x10 [ 1301.171797] ? tty_vhangup+0x30/0x30 [ 1301.171814] ? __might_sleep+0x93/0xb0 [ 1301.171822] ? __fget+0x210/0x370 [ 1301.171836] ? tty_vhangup+0x30/0x30 [ 1301.171845] do_vfs_ioctl+0x7ae/0x1060 [ 1301.171857] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1301.171866] ? lock_downgrade+0x6e0/0x6e0 [ 1301.171876] ? ioctl_preallocate+0x1c0/0x1c0 [ 1301.171887] ? __fget+0x237/0x370 [ 1301.171904] ? security_file_ioctl+0x89/0xb0 [ 1301.171917] SyS_ioctl+0x8f/0xc0 [ 1301.171925] ? do_vfs_ioctl+0x1060/0x1060 [ 1301.171938] do_syscall_64+0x1e8/0x640 [ 1301.171947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1301.171960] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1301.171969] RIP: 0033:0x4592c9 [ 1301.171975] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1301.171986] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1301.171991] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1301.171997] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1301.172003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1301.172009] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1301.282708] Bluetooth: Unknown HCI packet type 5e [ 1301.303921] Bluetooth: Unknown HCI packet type 43 13:32:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)='\f', 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000001e00)=[{&(0x7f0000000100)=""/215, 0xd7}], 0x1}}], 0x1, 0xf0ff7f, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000200)={r0, 0x9, 0x7, "86189cbf198cfabd2b44c0fe6b21e27f28600843529d1100afc873dfc866f03e8e14fc68263672c8861f87c4b461121cc773e1051eec1073adcf0a756ce7280498a107163567a1a96c8d5a9e247e"}) 13:32:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000af5000)={0x1, &(0x7f00006dc000)=[{0x200006, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0xffffffffffffffca) sendto$inet(r0, &(0x7f0000000500)="c3401c344654f3c7d9fe1ba48c8e390002000000000000d65cffffff38e9dd18c58f6bd779650fc30f09000000ecf323c9b87010227a60d177faf6502ceab47e58034347b289546c65a5eb278de72b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d0c00"/130, 0x82, 0xffffffffffefffff, 0x0, 0x0) recvfrom(r0, &(0x7f0000001100)=""/4096, 0x1000, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xfd92, &(0x7f0000000040)}}], 0x174, 0x0, 0x0) tkill(r1, 0x14) [ 1301.314339] Bluetooth: Unknown HCI packet type 5e [ 1301.330706] Bluetooth: Unknown HCI packet type 50 [ 1301.336420] Bluetooth: Unknown HCI packet type 5e [ 1301.347107] Bluetooth: Unknown HCI packet type 40 13:32:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec9") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)='\f', 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f00000047c0)=[{{0x0, 0x0, &(0x7f0000001e00)=[{&(0x7f0000000100)=""/215, 0xd7}], 0x1}}], 0x1, 0xf0ff7f, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000200)={r0, 0x9, 0x7, "86189cbf198cfabd2b44c0fe6b21e27f28600843529d1100afc873dfc866f03e8e14fc68263672c8861f87c4b461121cc773e1051eec1073adcf0a756ce7280498a107163567a1a96c8d5a9e247e"}) 13:32:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4001000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x68, r1, 0x800, 0x70bd2c, 0x25dfdbfb, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x9, @media='eth\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x44000}, 0x4000004) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x68, r1, 0x5, 0x0, 0x0, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0xf02, @media='ib\x00'}}}}, 0x68}}, 0x0) 13:32:29 executing program 3: r0 = socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000013001707ed128064d200100005e6a5dd80000000010880000000000300f87f0000640000000000000000", 0x2e}], 0x1, 0x0, 0x0, 0x2}, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000100)={'ip6_vti0\x00'}) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000080)={r0, r1}) [ 1301.605540] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1301.728554] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1303.030233] Bluetooth: hci0 command 0x1003 tx timeout [ 1303.035831] Bluetooth: hci0 sending frame failed (-49) [ 1303.350247] Bluetooth: hci1 command 0x1003 tx timeout [ 1303.355618] Bluetooth: hci1 sending frame failed (-49) [ 1305.110191] Bluetooth: hci0 command 0x1001 tx timeout [ 1305.115550] Bluetooth: hci0 sending frame failed (-49) [ 1305.430171] Bluetooth: hci1 command 0x1001 tx timeout [ 1305.435517] Bluetooth: hci1 sending frame failed (-49) [ 1307.190137] Bluetooth: hci0 command 0x1009 tx timeout [ 1307.510235] Bluetooth: hci1 command 0x1009 tx timeout 13:32:40 executing program 5 (fault-call:4 fault-nth:56): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:32:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec9") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:40 executing program 1: mmap(&(0x7f00006f1000/0x4000)=nil, 0x4000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000040)={&(0x7f00003f2000/0x6000)=nil, 0x6000}) 13:32:40 executing program 3: r0 = socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000013001707ed128064d200100005e6a5dd80000000010880000000000300f87f0000640000000000000000", 0x2e}], 0x1, 0x0, 0x0, 0x2}, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000100)={'ip6_vti0\x00'}) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000080)={r0, r1}) 13:32:40 executing program 4: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:32:40 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) r2 = accept$packet(0xffffffffffffff9c, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r3 = dup3(r0, r0, 0x80000) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) write$FUSE_CREATE_OPEN(r3, &(0x7f00000002c0)={0xa0, 0xffffffffffffffff, 0x2, {{0x5, 0x1, 0x1, 0xe043, 0x8001, 0x5ecb, {0x2, 0x9, 0x4, 0x9, 0x6, 0x616ca981, 0xe4bd, 0x5, 0x200, 0x101, 0x5, r4, r5, 0x9, 0x4}}, {0x0, 0x9}}}, 0xa0) fcntl$setpipe(r2, 0x407, 0x6a) [ 1311.893300] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. 13:32:40 executing program 1: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, 0x0) ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32da, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) [ 1311.935515] Bluetooth: Unknown HCI packet type 5e [ 1311.943305] Bluetooth: Unknown HCI packet type 43 [ 1311.954750] FAULT_INJECTION: forcing a failure. [ 1311.954750] name failslab, interval 1, probability 0, space 0, times 0 [ 1311.974708] CPU: 1 PID: 22975 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1311.981834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1311.991190] Call Trace: [ 1311.993789] dump_stack+0x138/0x19c [ 1311.997430] should_fail.cold+0x10f/0x159 [ 1312.001591] should_failslab+0xdb/0x130 [ 1312.005635] __kmalloc_track_caller+0x2ec/0x790 [ 1312.010310] ? save_trace+0x290/0x290 [ 1312.014118] ? __mutex_unlock_slowpath+0x71/0x800 [ 1312.018969] ? __lock_is_held+0xb6/0x140 [ 1312.023070] ? tkip_mixing_phase2+0x2a0/0xdb0 [ 1312.027597] ? kstrdup_const+0x48/0x60 [ 1312.031497] kstrdup+0x3a/0x70 [ 1312.034966] kstrdup_const+0x48/0x60 [ 1312.038689] __kernfs_new_node+0x2f/0x420 [ 1312.042854] kernfs_new_node+0x80/0xf0 [ 1312.047105] kernfs_create_link+0x2c/0x170 [ 1312.051352] sysfs_do_create_link_sd.isra.0+0x90/0x120 [ 1312.056646] sysfs_create_link+0x65/0xc0 [ 1312.060724] device_add+0x735/0x1490 [ 1312.064455] ? device_private_init+0x190/0x190 [ 1312.069050] rfkill_register+0x19c/0xb20 [ 1312.073127] hci_register_dev+0x34b/0x810 [ 1312.077284] ? __raw_spin_lock_init+0x2d/0x100 [ 1312.081884] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1312.086214] tty_ioctl+0x8f7/0x1320 [ 1312.089868] ? hci_uart_tty_poll+0x10/0x10 [ 1312.094128] ? tty_vhangup+0x30/0x30 [ 1312.097872] ? __might_sleep+0x93/0xb0 [ 1312.101764] ? __fget+0x210/0x370 [ 1312.105227] ? tty_vhangup+0x30/0x30 [ 1312.109027] do_vfs_ioctl+0x7ae/0x1060 [ 1312.112927] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1312.117686] ? lock_downgrade+0x6e0/0x6e0 [ 1312.121839] ? ioctl_preallocate+0x1c0/0x1c0 [ 1312.126262] ? __fget+0x237/0x370 [ 1312.129727] ? security_file_ioctl+0x89/0xb0 [ 1312.134148] SyS_ioctl+0x8f/0xc0 [ 1312.137689] ? do_vfs_ioctl+0x1060/0x1060 [ 1312.141847] do_syscall_64+0x1e8/0x640 [ 1312.145744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1312.150603] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1312.155804] RIP: 0033:0x4592c9 [ 1312.158995] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1312.160855] device nr0 entered promiscuous mode [ 1312.166711] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1312.166717] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1312.166723] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1312.166729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1312.166735] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1312.222722] Bluetooth: Unknown HCI packet type 5e [ 1312.227951] Bluetooth: Unknown HCI packet type 43 13:32:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec9") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:40 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20002f4bf474e201cbf5d8731b68dec25ff1d3ffa8c6f5f6f7b68a5c02005fbadc3051741e26c9e4391500006b86f1a7068078a96d49a2b3bb"], 0x1}}, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ptrace$cont(0x9, r0, 0x0, 0x0) [ 1312.242723] Bluetooth: Unknown HCI packet type 5e [ 1312.247846] Bluetooth: Unknown HCI packet type 50 [ 1312.267334] Bluetooth: Unknown HCI packet type 5e [ 1312.276475] Bluetooth: Unknown HCI packet type 40 13:32:40 executing program 3: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{0xa, 0x0, 0x0, @ipv4={[], [], @local}}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) 13:32:40 executing program 3: r0 = syz_open_dev$media(&(0x7f0000002600)='/dev/media#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$EVIOCGKEY(r0, 0xc0487c04, &(0x7f0000000200)=""/226) 13:32:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1312.694522] device nr0 entered promiscuous mode [ 1313.990111] Bluetooth: hci0 command 0x1003 tx timeout [ 1313.995433] Bluetooth: hci0 sending frame failed (-49) [ 1314.230162] Bluetooth: hci1 command 0x1003 tx timeout [ 1314.235467] Bluetooth: hci1 sending frame failed (-49) [ 1316.070219] Bluetooth: hci0 command 0x1001 tx timeout [ 1316.075544] Bluetooth: hci0 sending frame failed (-49) [ 1316.310173] Bluetooth: hci1 command 0x1001 tx timeout [ 1316.315510] Bluetooth: hci1 sending frame failed (-49) [ 1318.150204] Bluetooth: hci0 command 0x1009 tx timeout [ 1318.390199] Bluetooth: hci1 command 0x1009 tx timeout 13:32:51 executing program 5 (fault-call:4 fault-nth:57): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:32:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000080)=0x8, 0x4) 13:32:51 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:32:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r2, 0x2d, 0x0, 0x0, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}}, 0x28}}, 0x0) 13:32:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000080)) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:32:51 executing program 3: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000540)='/dev/capi20\x00', 0x0, 0x0) r1 = dup(r0) ioctl$CAPI_MANUFACTURER_CMD(r1, 0xc0104320, &(0x7f00000001c0)={0xa, &(0x7f0000000100)}) 13:32:51 executing program 1: socket(0xa, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000180)) syz_open_dev$evdev(0x0, 0x3, 0x80400) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0xb69, 0x2081) write$UHID_INPUT(r0, &(0x7f0000002300)={0x8, "98571c6fcf4b7f6c5896660503e551d5b4ecb0a8a39b7996c9ab7126ab5c2a886fde126e4fbbd70f1f6e481b98dab990ee1803e1e2bdd0438c71030aa7fcc9b9bb3002747f9700c08808a5e9ca23c14693b1327dacecdd6370ddd638cb84893d9eb71ffd5c81f2b255c81cda89ffc1bd922c2dc254650c12498b20d081195156365216e3623644678c50170c959d8676082e1d3fa105fe28ef882ad3e9e1bee815d09e0f478a93a4ca4020c69527e4183ed41212593b56370bac9f22f0b02c06411fde5068feb4ce8ddd57f437aca8cb3ceab4cbcc425688dfb9e43bd992b562efe7577de621ce46653a7352f875fd29969a2486ec6af75b4c748620107e9b678562e6ad9a343d1246733671e9024733b867e4dbb27521b488163a5e0212edc9f11d6ed64621ae8af129cc38936c0a25668304ff7353cd8a666e31d53aa7727147b686286b7aac52723bad7b19e6e6892e8f0489a947bd644ab312f232fa2a4038aaae5cbad63ff4fbf6bbe2a7266f508a508b4948370953260e1e1377155a71b9ae21d9e2b5fd77d1986892ed85c5dee65b40691ce115b73caa18ad40523c265b8d044395716f7d989c88c2ed667fe75d9955aed1a41fd1afc2791c137077d159b0cb56e34e3a67b6a705e9c10bafe413b2b21b538c39ae61364d200511c109ddc03f76892e7d0e85acd68b25e0b7ddbed82ecd4c0f4db8ee48f6cce526f4fb4a5faf60857e9c4a6e9b2251854edb69fbeadc1d4caf073e36ac505effe36b71b908c5eb479b2a0e2062172464720db97341c801c9caa93ce6d9de4fa9f9bd56dcdb106c04c503d284dd6964c4ae57b977de1757b41b3fe54c2fbcdd83d7b17fe04afed4d529b416fab1b916d883d0de2de85252f8336c09a06d1d663ed1afde2e9cbeda051f4729c16f2ab6ee31a54889bc900496b3f989e8d5a20f8eb63f800ee8cfc0011da19dbfe194e3d10299cfd88d0ab12f73d4e05b6ed4534677a31e9e7d97b130c457749acc9d031bd42d0afd867220bbf06083f2d67787021362e6372995145198f3c6fe7842e3be8c87c937fbffe07c87566d97af7fc06ce3c9ccae5de77557e0b418f80f0f8bf4c93f32cf5d71099cdbb6a7f60ebd1201b1551d88d93b441b017d941b8da0880aa7aea75c6ed4922d9e2409c7059df0b71ad4fda1cabeaf2297110f76592bd6c4a62253f10061fdd6fc2150470bfd79e36016dc1c5d8bb18cf12d855883a0a5dfca0b6ae6c525b149f6dd3d2c350fbc28c54cc2fb9bbf9873a6be5e326ca5b1d349f71662339b322ed2aaad97f344645e61a2edff10e5fb7e42056bc49651bbf675406d0f13727908be81ec51d2d4c6defb42d17986eac5886e67d0d716517b7ab5c72d6e29c7dfe93a187e83b8e014187646e7b81f5f55d5b868321c5b69640dc8f149417793b2f6664f2f7117268235fab3e3573c3e9452eb05ef091f716d26ecca2766040cb91a77b264db722b22fc6b9a98e39bb35557d6426d4ffcf77f1eb19668cf3bf58fd055afdfca68aea699cbb18c689be45dc0abada9b59e90c3d16ef893d5cf980bbf6f5000576c2611fdb9a26db2a161e77b724690eb695c82c8bfc911c7f87bd861932f6332a9e1a0894b3cc572acb06d4c7305fe9f435a742e367fc003c49d88631de2a53711bc4eaa909fd3f1739f9ff832a42f8b00580913b51a1acb17689916be28519a8173d493a8f420b70ee748a2bcd57c9e0ae8ad49afd970baccd9e2f9f578083df47c904d2994f6ca2d04ccff3063d9edad6fcf45bebfd0a34823f608cf415007be6bf81b4d480032113894d098030f1105fbf885ceca8b7061ee6e0827cb605edd73b8e4ca0b69a5feb63c7d71ec4c31787547f62976981f55bb6e46b8593544c684fa928097cd92654f4627c41cad570c4c6c322195e987677c61e517184559355efda69b3ba7f0bd45efeb7388490f66f81ada3cec71ca24aafdc2321a3d9ea87c5e341ddc51eb023d97d9de274bf1d331eb4838f29933463ede0c707ccc033d34118e0233218bc273bf20742c58fe63e881f5cde391d45370759b1a82ec3a887a3b692992377857c9f48a434380d43b27529f9f12dae6ddbf303e80f902b1adc611729671d50b79644d88b853aa74e3a64fd94440f729655f339faadefacd3212ce30e8acbfe08943a1380e3a06e7597a616d5bba5814a58b4053528455e2e5cbd9f3c7a044125a2776dd70f7a277af59ee6dacf77a926cdd9f7696ef6f04118d8ebe3d112eb77fab9026aeeb7590ad2b92c284cad945251846ac77f38dc57e8f8166e504ec26c6fcce4ceb072165cba385ea71c2a1abfc765f679dd763bb3b88f48675d5cf0d7d7a02d3049f693a96279a0fca85ac8ce0910eec88bdf2b49f79cab7fac55a3418a4ff8aba1a326b9400057f879609f123cd322f707583c52474e53a983a9632353bebe8e2aa6d55970b42fa333a5930f32f2a88baa7762ab6dcb09ddc648586974b0ba4447f99460c21f447f256759aa801c86a6b5d8bbb313250e07918316ac905586544da69fb253b25844b0378d648225a5f605fd5875a2d0e09627c7266fbed2dfc28ce235fca921588cd385b10eb3c206c55783597f440a61701a3c2a79739ddd0da6fdd1d74e0d34d7d0db477db75b35f68fff334fca547df0a85fdeb7db9e8deb0870593c07714503170744e153404f5184c65ffd883884ff5da679f6239f4d054e908dc31827f1efc0ef525c8ebc0bb2d3ae330be90ba1ba7981811dc26b8d2093615ff000caceb4de34cc2b1798a16a2ff7468ca92a6a0ba2e86c63612b9a6b7ba84eabd3e4f22270904bbdd33fd1e021f4816d1f64060d784255b6d8a0808af0598495ba225e9907597cbc576577c201183d67a1db0f77b13e1370d68213d96c45befa3b2271ec40aec85da3fa172e83015f27561a54e16837bcf9f3cad9da3e13411afadcdad1c3c634f252c2caef62a80d026db05abfaa344d47438c5d9bf00ed183d4319eb57f8cd2707cbd887aed43c0f2f4211bcf93ced3ebb7daec29a6fe64cae5d13a3996399a276bd0d3b620569ea5f996bdcf17583cf758c1174edbac31558c7f134476f6dd47d02b08ac0c3ee1a69c041bd2f2ac674d059126fa6a3ca905b50523ee681dd3d2a22d330c696fb948f827392f0390a13be7fc5751dc4643f0b4f7c18635cda833d957a567d1b76bf73b1c5c5f7f6178235e00602bd6c59de3d6c050be5831106ec7c7791c6a2b938c326591faeebaab070c4001196537c17d77f9d388d84040405409792b21a8a806489edc0585a3d22c0c527831c5585acfdb85bd8896fb36effc9c468441a0beaed5f4ba911a1c3fa9b31d0702d8f708cf21b22f8016f3dedd63da231364bbb1e4a8e2493038963962d5f301d6118d0624b54c65cbf7213356015dc0e2170f74079bd67751f0cc9958fa4b935098565337d742238144c856e0c96f867ec2252b755ffdef3d70917050d5ad28afa9de063fb3d0dbecae4a2a1ea84b97b6e99d7c736a2305dc4e36c5af7130083b7cb2abb0ba3d3a40365871f48c375dec283c33dc3939e72f3cbfc3cbc3166ce4086f7a742f3d0c1d4ed1cdf6ef69b343ca19c186ff888ada3fe95ed2ca54e80c7dba1b9447011a703fbae5b29fadba2100abb47aa7d205767144b3b17bee74f4d360447bfb4ab14ca5d161a55bee42aa3656b57a23e18335dafca21f907d2746ddd63668c1249dc1fa96d8870f2adf181b066ebaaa2139e0be2a64b55f87a39f6923a5fd172ace89df00f3dd6ced1184d760a45c3f0a3dcdf3a41b2720eb380f05681a6ed476a84b2835cefc2bb52b0608a568b0e821f1cdc5821faa6d26fb767da3a8ffb6feb36eca4311fd0e6e2815e37ad10a60cf907fbb8225e1e984653eb55e586254946cac05d85e318044e638920b689557680c4198634fdab5a37639886981c04b4c7e5e2609f793f6cbc27922fa0606783b0ffec9b62ec38816542d70732f869c1366e2e813bbf10ffd51517c370303bb80202e00d0e6cdbef70f967754ac696279683b4419888d19115656bc3f677f98479a30be1df4cfa5cc0a297fc43a9c4a849feb66eb5b79d709999172715278ce632f7c7c959dd4d70044444fec83d6b47daa12310e7ac8ced8b2c5380139ee9be320542da12d003fe52ee6ed32308fe1fc92d4c93a9417c3776f89afb406f0639f07c25757df720932c803fd11748a7317b218c1945f8374903a60323f8841e1f02efc04f3b5e7f010344992e99f8656d69b8790eee8373fba768c4e2955f448cbe66d68af31587d23a57e9ee5333fd78af95119ff44194a3c12485eb3dee1ce3a79feffa66add411f6b6c573939b9e75427ae38e3d4c71f1fcd4dbafce689b991ffb519adc33d210838ce1417f7cd40e5d0567682c573050cd327c2ab20e5a3599894fb17e54ba376055eb626b396ac9454e9027c04e429690fc433414b2a14c55edfc4c5be25debf16175b8e05a979e8d35f2762483d82813154f004573bb8b9f41b56e4cfe6a733dd86357c8d25294d2fc6259f5688ee729f553da2bc646165226dc16b4a2494face3d5fe62cd824f150f2592feeee9ce84ad31a5bcc1eabacf860433659bf0b182f9393d82c9f7cb089fdfd08c112d511951bba3745ce9084a49f3bac16091277c97be468883a6ae1170e93279b5d0da829ae23f7a62b61d958bee33999b13035b28fec07b395d071a944420193693b69355ed728339a8977c3d3205ec5be5b745e729c136f3b2e163df59d77ef43720740dad97cad4f254d3778c9b65d8b168b466b81547b6c3221b7ceaee2bbdc1765ff2858cc3d3bd1ac931e9f314f9cfa8d86804762c7d74d8bb846e380b6ce233010824e5e91c139aa06e4201e3ff7248217a8a99c7db9a510f54834df71d907fd8a89b5acfc157cc37dedd42a5f0c44f89c0f19783ef6f9014099492ce5113e2e8c30aeb26efb3b446dcd97f704b5fee12c9abfae22709c55bf297ebdff1887bded57a4cdc6c8829d04a7af2a18f0f7f3f8824deac727cb23696dc9dfc3d98071f1693feb58fbc972a36e666299948fd5bc16bfa882193323f21a5342bd0e417aa5e4cf74599595ff6dbe3807e983797fb2c84876be8a61150f54c208860578d200acabf207a8070473a694cec05c672785dfc00cbc84da2eae51680ddf97b738c3951f60363996bc20a76509bffcfb82d246518286148ff95acc0264085ebcc7cb418d2dfc71793d30c1f4a6bde7c66c0e24aa361bd2b70a007d66f5813503f7a9ea53ca7211134db5e0502a2b155f0d5c40a0793398b9d1ac8059e90e786554ccdf40649253cc57d1155f0742b3d04435d7ceb46bd8d41ea3952fd024873720361c9f06d9eb2a8071061e3e94a65c653422c421f2f005b2533a36f5a3076387492624fa5f289ced912ac913f458d44ebf515f5cb38ded1a750c9e4541367cdaa8c6727bb73db63b943540acf1b826610e39ccec13c6561ffd6ab6f91ace951e8b6d0f9e354f1f05b44b00d811a87d324de505343c62991e1306ce302bde0480d5b9d776282e6e22ed818af1cf0fdd69c8bf9cc30606bb3ff062b90872fb6620e1a97e951d0f9c53dc8b2ad82253c30b4a6754ec591a87b732ce39d3ea3fff1736d7915785412ffe82ca33c470a7b04a633b3ecf36a442db0c54d30c06428b4e25b51cedb515454cf04bc1997608f5fbe50432184befef749eb49615c565f3e0c6843650859582eaf2c3a35fd749095ed8efa90cc07efc2fc8b5e580179c93e6eef9cfb0476fb38390376485f", 0x1000}, 0x1010) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') [ 1322.777616] Bluetooth: Unknown HCI packet type 5e [ 1322.782713] Bluetooth: Unknown HCI packet type 43 [ 1322.808304] FAULT_INJECTION: forcing a failure. [ 1322.808304] name failslab, interval 1, probability 0, space 0, times 0 [ 1322.826417] CPU: 1 PID: 23033 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1322.833537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1322.842888] Call Trace: [ 1322.842912] dump_stack+0x138/0x19c [ 1322.842934] should_fail.cold+0x10f/0x159 [ 1322.842952] should_failslab+0xdb/0x130 [ 1322.842967] kmem_cache_alloc+0x2d7/0x780 [ 1322.842983] ? lock_downgrade+0x6e0/0x6e0 [ 1322.842999] ? save_trace+0x290/0x290 [ 1322.849209] __kernfs_new_node+0x70/0x420 [ 1322.849225] kernfs_new_node+0x80/0xf0 [ 1322.849240] __kernfs_create_file+0x46/0x323 [ 1322.849253] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1322.849267] internal_create_group+0x232/0x7b0 [ 1322.849283] sysfs_create_groups+0x97/0x140 [ 1322.849295] device_add+0x7d8/0x1490 [ 1322.849309] ? device_private_init+0x190/0x190 [ 1322.849326] rfkill_register+0x19c/0xb20 [ 1322.849340] hci_register_dev+0x34b/0x810 [ 1322.849353] ? __raw_spin_lock_init+0x2d/0x100 [ 1322.857472] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1322.857489] tty_ioctl+0x8f7/0x1320 [ 1322.857498] ? hci_uart_tty_poll+0x10/0x10 [ 1322.857509] ? tty_vhangup+0x30/0x30 [ 1322.857528] ? __might_sleep+0x93/0xb0 [ 1322.857537] ? __fget+0x210/0x370 [ 1322.857553] ? tty_vhangup+0x30/0x30 [ 1322.857563] do_vfs_ioctl+0x7ae/0x1060 [ 1322.857575] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1322.857586] ? lock_downgrade+0x6e0/0x6e0 [ 1322.857597] ? ioctl_preallocate+0x1c0/0x1c0 [ 1322.865878] ? __fget+0x237/0x370 [ 1322.865898] ? security_file_ioctl+0x89/0xb0 [ 1322.865912] SyS_ioctl+0x8f/0xc0 [ 1322.865922] ? do_vfs_ioctl+0x1060/0x1060 [ 1322.865935] do_syscall_64+0x1e8/0x640 [ 1322.865944] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1322.865959] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1322.865968] RIP: 0033:0x4592c9 [ 1322.865974] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1322.865985] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1322.865992] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1322.865997] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:32:51 executing program 3: 13:32:51 executing program 1: [ 1322.866002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1322.866008] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1322.959335] Bluetooth: Unknown HCI packet type 5e [ 1322.969432] Bluetooth: Unknown HCI packet type 43 [ 1323.053600] Bluetooth: Unknown HCI packet type 5e [ 1323.058761] Bluetooth: Unknown HCI packet type 50 [ 1323.063900] Bluetooth: Unknown HCI packet type 5e [ 1323.069086] Bluetooth: Unknown HCI packet type 40 13:32:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:32:51 executing program 1: [ 1324.790262] Bluetooth: hci0 command 0x1003 tx timeout [ 1324.795641] Bluetooth: hci0 sending frame failed (-49) [ 1325.030268] Bluetooth: hci1 command 0x1003 tx timeout [ 1325.035626] Bluetooth: hci1 sending frame failed (-49) [ 1326.870224] Bluetooth: hci0 command 0x1001 tx timeout [ 1326.875593] Bluetooth: hci0 sending frame failed (-49) [ 1327.110216] Bluetooth: hci1 command 0x1001 tx timeout [ 1327.115793] Bluetooth: hci1 sending frame failed (-49) [ 1328.950157] Bluetooth: hci0 command 0x1009 tx timeout [ 1329.190159] Bluetooth: hci1 command 0x1009 tx timeout 13:33:02 executing program 5 (fault-call:4 fault-nth:58): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:33:02 executing program 3: 13:33:02 executing program 1: 13:33:02 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4e") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:02 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:33:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x100, 0x0) write$P9_RWALK(r1, &(0x7f0000000180)={0x30, 0x6f, 0x1, {0x3, [{0x8, 0x4}, {0xc, 0x4, 0x6}, {0x4, 0x0, 0x8}]}}, 0x30) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) recvfrom$x25(r1, &(0x7f0000000200)=""/199, 0xc7, 0x122, 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x4) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x100, 0x0) write$FUSE_WRITE(r3, &(0x7f0000000080)={0x18, 0x0, 0x5, {0xe8c}}, 0x18) ioctl$TIOCSETD(r3, 0x5412, &(0x7f00000001c0)=0x3) 13:33:02 executing program 1: [ 1333.649942] Bluetooth: Unknown HCI packet type 5e [ 1333.655437] Bluetooth: Unknown HCI packet type 43 [ 1333.661872] Unknown ioctl 21522 [ 1333.676096] Bluetooth: Unknown HCI packet type 5e [ 1333.690412] Bluetooth: Unknown HCI packet type 50 [ 1333.695390] Bluetooth: Unknown HCI packet type 5e 13:33:02 executing program 3: [ 1333.700592] Bluetooth: Unknown HCI packet type 40 [ 1333.706517] FAULT_INJECTION: forcing a failure. [ 1333.706517] name failslab, interval 1, probability 0, space 0, times 0 [ 1333.727196] CPU: 0 PID: 23066 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1333.734595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1333.734601] Call Trace: [ 1333.734619] dump_stack+0x138/0x19c [ 1333.734637] should_fail.cold+0x10f/0x159 [ 1333.734651] should_failslab+0xdb/0x130 [ 1333.734665] kmem_cache_alloc+0x2d7/0x780 [ 1333.734680] ? lock_downgrade+0x6e0/0x6e0 [ 1333.734688] ? save_trace+0x290/0x290 [ 1333.734703] __kernfs_new_node+0x70/0x420 [ 1333.734718] kernfs_new_node+0x80/0xf0 [ 1333.734732] __kernfs_create_file+0x46/0x323 [ 1333.734745] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1333.734761] internal_create_group+0x232/0x7b0 [ 1333.734780] sysfs_create_groups+0x97/0x140 13:33:02 executing program 1: [ 1333.734794] device_add+0x7d8/0x1490 [ 1333.734809] ? device_private_init+0x190/0x190 [ 1333.734827] rfkill_register+0x19c/0xb20 [ 1333.734841] hci_register_dev+0x34b/0x810 [ 1333.734850] ? __raw_spin_lock_init+0x2d/0x100 [ 1333.734868] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1333.734882] tty_ioctl+0x8f7/0x1320 [ 1333.734891] ? hci_uart_tty_poll+0x10/0x10 [ 1333.734903] ? tty_vhangup+0x30/0x30 [ 1333.734923] ? __might_sleep+0x93/0xb0 [ 1333.734932] ? __fget+0x210/0x370 [ 1333.734949] ? tty_vhangup+0x30/0x30 [ 1333.734961] do_vfs_ioctl+0x7ae/0x1060 [ 1333.734973] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1333.734983] ? lock_downgrade+0x6e0/0x6e0 [ 1333.734994] ? ioctl_preallocate+0x1c0/0x1c0 [ 1333.735006] ? __fget+0x237/0x370 [ 1333.735023] ? security_file_ioctl+0x89/0xb0 [ 1333.735035] SyS_ioctl+0x8f/0xc0 [ 1333.735045] ? do_vfs_ioctl+0x1060/0x1060 [ 1333.735059] do_syscall_64+0x1e8/0x640 [ 1333.735068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1333.735084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1333.735094] RIP: 0033:0x4592c9 13:33:02 executing program 1: [ 1333.735100] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1333.735112] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1333.735118] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1333.735123] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1333.735130] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1333.735136] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1333.823250] Bluetooth: Unknown HCI packet type 5e 13:33:02 executing program 3: 13:33:02 executing program 1: [ 1333.835523] Bluetooth: Unknown HCI packet type 43 [ 1333.844822] Bluetooth: Unknown HCI packet type 5e [ 1333.867134] Bluetooth: Unknown HCI packet type 50 [ 1333.907121] Bluetooth: Unknown HCI packet type 5e [ 1333.932849] Bluetooth: Unknown HCI packet type 40 [ 1335.670139] Bluetooth: hci0 command 0x1003 tx timeout [ 1335.675472] Bluetooth: hci0 sending frame failed (-49) [ 1335.830095] Bluetooth: hci1 command 0x1003 tx timeout [ 1335.835483] Bluetooth: hci1 sending frame failed (-49) [ 1337.750264] Bluetooth: hci0 command 0x1001 tx timeout [ 1337.755635] Bluetooth: hci0 sending frame failed (-49) [ 1337.910234] Bluetooth: hci1 command 0x1001 tx timeout [ 1337.915676] Bluetooth: hci1 sending frame failed (-49) [ 1339.830141] Bluetooth: hci0 command 0x1009 tx timeout [ 1339.990222] Bluetooth: hci1 command 0x1009 tx timeout 13:33:12 executing program 5 (fault-call:4 fault-nth:59): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:33:12 executing program 3: 13:33:12 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = socket$inet(0x2, 0x0, 0x0) ioctl$KIOCSOUND(r0, 0x4b2f, 0x0) 13:33:12 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4e") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:12 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept(r1, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000080), 0x4) r3 = dup(r2) write$P9_RXATTRWALK(r3, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r0, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:33:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) getresgid(&(0x7f00000002c0), &(0x7f0000000080), &(0x7f0000000140)=0x0) getresgid(&(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200)) r4 = getgid() ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000280)) getgroups(0x3, &(0x7f0000000240)=[r2, r3, r4]) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:33:12 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockname(0xffffffffffffff9c, &(0x7f0000000440)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x0) write$P9_RXATTRWALK(r0, 0x0, 0x0) [ 1343.945361] Bluetooth: Unknown HCI packet type 5e [ 1343.952276] Bluetooth: Unknown HCI packet type 43 [ 1343.957646] FAULT_INJECTION: forcing a failure. [ 1343.957646] name failslab, interval 1, probability 0, space 0, times 0 [ 1343.979417] CPU: 0 PID: 23092 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1343.986573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1343.986580] Call Trace: [ 1343.986602] dump_stack+0x138/0x19c [ 1343.986625] should_fail.cold+0x10f/0x159 [ 1343.986642] should_failslab+0xdb/0x130 [ 1344.010352] kmem_cache_alloc+0x2d7/0x780 [ 1344.014530] ? lock_downgrade+0x6e0/0x6e0 [ 1344.018717] ? save_trace+0x290/0x290 [ 1344.022535] __kernfs_new_node+0x70/0x420 [ 1344.026714] kernfs_new_node+0x80/0xf0 [ 1344.026730] __kernfs_create_file+0x46/0x323 [ 1344.026744] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1344.026763] internal_create_group+0x232/0x7b0 [ 1344.044351] sysfs_create_groups+0x97/0x140 [ 1344.048677] device_add+0x7d8/0x1490 [ 1344.048691] ? device_private_init+0x190/0x190 [ 1344.048710] rfkill_register+0x19c/0xb20 [ 1344.048724] hci_register_dev+0x34b/0x810 [ 1344.048735] ? __raw_spin_lock_init+0x2d/0x100 [ 1344.048751] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1344.069886] tty_ioctl+0x8f7/0x1320 [ 1344.069899] ? hci_uart_tty_poll+0x10/0x10 [ 1344.069911] ? tty_vhangup+0x30/0x30 [ 1344.069934] ? __might_sleep+0x93/0xb0 [ 1344.089843] ? __fget+0x210/0x370 13:33:12 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockname(0xffffffffffffff9c, &(0x7f0000000440)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x0) ioctl$TIOCOUTQ(r0, 0x5411, 0x0) [ 1344.089865] ? tty_vhangup+0x30/0x30 [ 1344.089877] do_vfs_ioctl+0x7ae/0x1060 [ 1344.089891] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1344.089905] ? lock_downgrade+0x6e0/0x6e0 [ 1344.097079] ? ioctl_preallocate+0x1c0/0x1c0 [ 1344.097093] ? __fget+0x237/0x370 [ 1344.097112] ? security_file_ioctl+0x89/0xb0 [ 1344.097124] SyS_ioctl+0x8f/0xc0 [ 1344.097135] ? do_vfs_ioctl+0x1060/0x1060 [ 1344.105774] do_syscall_64+0x1e8/0x640 [ 1344.114334] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1344.114353] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1344.114362] RIP: 0033:0x4592c9 [ 1344.114368] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1344.114380] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1344.114389] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1344.122225] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1344.122231] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1344.122237] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1344.206411] device nr0 entered promiscuous mode 13:33:12 executing program 3: r0 = socket(0x200000000000011, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'sit0\x00\x00\xff\xff\xff\xff\xa0\x00Q\xfc\x03\x00', 0x141}) 13:33:12 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4e") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1344.263714] Bluetooth: Unknown HCI packet type 5e [ 1344.269001] Bluetooth: Unknown HCI packet type 43 [ 1344.274947] Bluetooth: Unknown HCI packet type 5e [ 1344.280261] Bluetooth: Unknown HCI packet type 50 [ 1344.285346] Bluetooth: Unknown HCI packet type 5e [ 1344.290791] Bluetooth: Unknown HCI packet type 40 13:33:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1344.395969] device sit0 entered promiscuous mode 13:33:12 executing program 3: epoll_pwait(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfffffffffffffecb) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x100, 0x0) epoll_pwait(r0, &(0x7f00000000c0)=[{}], 0x1, 0x1f, &(0x7f0000000100), 0x8) [ 1345.990347] Bluetooth: hci0 command 0x1003 tx timeout [ 1345.995747] Bluetooth: hci0 sending frame failed (-49) [ 1346.310203] Bluetooth: hci1 command 0x1003 tx timeout [ 1346.315625] Bluetooth: hci1 sending frame failed (-49) [ 1348.070508] Bluetooth: hci0 command 0x1001 tx timeout [ 1348.075873] Bluetooth: hci0 sending frame failed (-49) [ 1348.390241] Bluetooth: hci1 command 0x1001 tx timeout [ 1348.395607] Bluetooth: hci1 sending frame failed (-49) [ 1350.150484] Bluetooth: hci0 command 0x1009 tx timeout [ 1350.470139] Bluetooth: hci1 command 0x1009 tx timeout 13:33:23 executing program 5 (fault-call:4 fault-nth:60): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:33:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x2}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x336) r2 = fcntl$dupfd(r0, 0x406, r0) write$capi20(r2, &(0x7f0000000000)={0x10, 0x572, 0x0, 0x80, 0x8, 0x7}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000c40)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd7\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0=p\xd6\xe3\xe4W:\xd2\xf6\xfc\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xdb\x17\xf9\xcf#)T\xcdj^\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:') sendmsg$nl_crypto(r2, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=@alg={0x128, 0x10, 0x200, 0x70bd26, 0x25dfdbfd, {{'ecb(serpent)\x00'}, [], [], 0x2400, 0x2000}, [{0x8, 0x1, 0x9}, {0x8, 0x1, 0xfffffffffffffc01}, {0x8, 0x1, 0x1000}, {0x8, 0x1, 0x3}, {0x8}, {0x8, 0x1, 0x7}, {0x8, 0x1, 0x46}, {0x8, 0x1, 0x800}, {0x8, 0x1, 0x6481}]}, 0x128}, 0x1, 0x0, 0x0, 0x804}, 0x8010) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f0000000040)={[{0x1, 0x3, 0x3ff, 0x81, 0x1, 0x3a73, 0x7fffffff, 0x6, 0x598, 0x6, 0x0, 0x0, 0x9}, {0x400000000, 0x4049, 0x2af, 0xaf42, 0x0, 0xeb, 0x7, 0x8, 0x5, 0x10000, 0x0, 0x9, 0x6}, {0x100, 0x7, 0x9, 0x5, 0x8, 0x4, 0xf5, 0x6, 0x6, 0x6, 0x5, 0x80, 0x9}], 0x8001}) 13:33:23 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec5") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:23 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:33:23 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000000)) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1354.776371] Bluetooth: Unknown HCI packet type 5e [ 1354.806522] FAULT_INJECTION: forcing a failure. [ 1354.806522] name failslab, interval 1, probability 0, space 0, times 0 [ 1354.821743] CPU: 1 PID: 23137 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1354.828867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1354.838318] Call Trace: [ 1354.840915] dump_stack+0x138/0x19c [ 1354.844557] should_fail.cold+0x10f/0x159 [ 1354.848718] should_failslab+0xdb/0x130 [ 1354.852699] kmem_cache_alloc+0x2d7/0x780 [ 1354.856851] ? lock_downgrade+0x6e0/0x6e0 [ 1354.860997] ? save_trace+0x290/0x290 [ 1354.864805] __kernfs_new_node+0x70/0x420 [ 1354.868963] kernfs_new_node+0x80/0xf0 [ 1354.872854] __kernfs_create_file+0x46/0x323 [ 1354.877347] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1354.882022] internal_create_group+0x232/0x7b0 [ 1354.886614] sysfs_create_groups+0x97/0x140 [ 1354.890940] device_add+0x7d8/0x1490 [ 1354.894661] ? device_private_init+0x190/0x190 [ 1354.899357] rfkill_register+0x19c/0xb20 [ 1354.903430] hci_register_dev+0x34b/0x810 [ 1354.907604] ? __raw_spin_lock_init+0x2d/0x100 [ 1354.912283] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1354.916622] tty_ioctl+0x8f7/0x1320 [ 1354.920252] ? hci_uart_tty_poll+0x10/0x10 [ 1354.924485] ? tty_vhangup+0x30/0x30 [ 1354.928210] ? __might_sleep+0x93/0xb0 [ 1354.932102] ? __fget+0x210/0x370 [ 1354.935560] ? tty_vhangup+0x30/0x30 [ 1354.939272] do_vfs_ioctl+0x7ae/0x1060 [ 1354.943163] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1354.947919] ? lock_downgrade+0x6e0/0x6e0 [ 1354.952066] ? ioctl_preallocate+0x1c0/0x1c0 [ 1354.956471] ? __fget+0x237/0x370 [ 1354.959928] ? security_file_ioctl+0x89/0xb0 [ 1354.964336] SyS_ioctl+0x8f/0xc0 [ 1354.967700] ? do_vfs_ioctl+0x1060/0x1060 [ 1354.971850] do_syscall_64+0x1e8/0x640 [ 1354.975739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1354.980588] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1354.985770] RIP: 0033:0x4592c9 [ 1354.988952] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1354.996750] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1355.004540] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1355.011813] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1355.019081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1355.026347] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1355.051898] device nr0 entered promiscuous mode 13:33:23 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec5") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:23 executing program 3: r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0x40047211, &(0x7f00000000c0)) sendto$inet(r0, &(0x7f0000000100)="53da79916cd7592581ac3ded9c0539642bacb4acb484d1edd87ce2cbc26a07d71bc13f1e75642cae8ba2fdfd634682ed2e0659ebef058436eadc02fd4553b8029acdcbe5deffddf5b9892059cef4e1d7cbaa7ed050a7a7fee2535c93b8072aef9a2d8bbcf83ef0446f607656647db0aff4eef848ed0cc22b4303542422d701dcc3c9bc0437c940d62faeef3c2e82f29b820408126d4e72fef495aca270880644c0d91a7899433ecb2adf9b8b81421b1f23c6772e2a81c9caf277121448a9a20a96501bd0f15df7fd406d9221694c57298ca9bc2cd4df6c678db8a4022af696001d524d31f147fb53", 0xe8, 0x80, 0x0, 0x0) 13:33:23 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:23 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f0000000100)={0x1, 0x0, @raw_data=[0x8001, 0x8, 0x6, 0x2, 0x0, 0x1be, 0x4, 0x4, 0xfff, 0x6, 0x3, 0xff, 0x5e, 0x1, 0xfffffffffffffff8, 0x7]}) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, r1, 0x318, 0x70bd2b, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x48000) r2 = socket(0x10, 0x3, 0x0) syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x1ff, 0xc0080) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@bridge_getneigh={0x20, 0x11, 0x601}, 0x20}}, 0x0) 13:33:23 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec5") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:23 executing program 1: pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) write$binfmt_script(r1, &(0x7f0000000380)=ANY=[], 0xfffffed5) connect$bt_rfcomm(r1, &(0x7f0000000000)={0x1f, {0x6, 0x0, 0x7, 0x4, 0x6, 0x8}, 0xffffffff}, 0xa) bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) fcntl$setpipe(r1, 0x408, 0x0) [ 1355.323490] PF_BRIDGE: RTM_SETLINK with unknown ifindex [ 1355.332011] PF_BRIDGE: RTM_SETLINK with unknown ifindex [ 1356.790130] Bluetooth: hci0 command 0x1003 tx timeout [ 1356.795475] Bluetooth: hci0 sending frame failed (-49) [ 1357.110193] Bluetooth: hci1 command 0x1003 tx timeout [ 1357.115549] Bluetooth: hci1 sending frame failed (-49) [ 1358.870179] Bluetooth: hci0 command 0x1001 tx timeout [ 1358.875513] Bluetooth: hci0 sending frame failed (-49) [ 1359.190304] Bluetooth: hci1 command 0x1001 tx timeout [ 1359.195630] Bluetooth: hci1 sending frame failed (-49) [ 1360.950242] Bluetooth: hci0 command 0x1009 tx timeout [ 1361.270334] Bluetooth: hci1 command 0x1009 tx timeout 13:33:34 executing program 5 (fault-call:4 fault-nth:61): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:33:34 executing program 3: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x40, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x78, r1, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x26}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_NODE={0x38, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xbdc}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6000000000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x78}}, 0x40) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r3 = getpid() getpriority(0x4, r3) 13:33:34 executing program 1: setresuid(0x0, 0xfffe, 0x0) r0 = geteuid() setresuid(r0, 0x0, 0x0) add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = msgget$private(0x0, 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) getgroups(0x7, &(0x7f0000000100)=[0xee01, 0xffffffffffffffff, 0xee01, 0xffffffffffffffff, 0x0, 0xee00, 0xee00]) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000180)=0xc) r5 = getpgrp(0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f00000001c0)={{0x37df, r0, r2, r0, r3, 0x128}, 0x100, 0x4, 0x3f, 0x6, 0x9, 0x7ff, r4, r5}) 13:33:34 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:33:34 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000180)={0x0, 0x9, 0x4}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x5) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:33:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dc8a235e0bcfec7be070") r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) fsetxattr(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="73656375726974792e706f7369785f61636c5f61636366ef253447db587fed0b36fa00aacf6db10000"], &(0x7f00000000c0)='%keyring\\eth0wlan0)mime_type\'nodev\x00', 0x23, 0x1) r3 = dup2(r2, r1) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000140)={@multicast2, @empty}, &(0x7f0000000180)=0xc) [ 1365.709391] FAULT_INJECTION: forcing a failure. [ 1365.709391] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.750905] CPU: 1 PID: 23186 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1365.751174] device nr0 entered promiscuous mode [ 1365.758040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1365.758048] Call Trace: [ 1365.758072] dump_stack+0x138/0x19c [ 1365.758101] should_fail.cold+0x10f/0x159 [ 1365.758120] should_failslab+0xdb/0x130 [ 1365.758137] kmem_cache_alloc+0x2d7/0x780 [ 1365.758150] ? wait_for_completion+0x420/0x420 [ 1365.758171] __kernfs_new_node+0x70/0x420 [ 1365.799583] kernfs_new_node+0x80/0xf0 [ 1365.803465] __kernfs_create_file+0x46/0x323 [ 1365.807860] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1365.812517] internal_create_group+0x232/0x7b0 [ 1365.817199] sysfs_create_groups+0x97/0x140 [ 1365.821510] device_add+0x7d8/0x1490 [ 1365.825208] ? device_private_init+0x190/0x190 [ 1365.829780] rfkill_register+0x19c/0xb20 [ 1365.833912] hci_register_dev+0x34b/0x810 [ 1365.838042] ? __raw_spin_lock_init+0x2d/0x100 [ 1365.842785] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1365.847130] tty_ioctl+0x8f7/0x1320 [ 1365.850738] ? hci_uart_tty_poll+0x10/0x10 [ 1365.854977] ? tty_vhangup+0x30/0x30 [ 1365.858679] ? __might_sleep+0x93/0xb0 [ 1365.862567] ? __fget+0x210/0x370 [ 1365.866011] ? tty_vhangup+0x30/0x30 [ 1365.869734] do_vfs_ioctl+0x7ae/0x1060 [ 1365.873645] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1365.878385] ? lock_downgrade+0x6e0/0x6e0 [ 1365.882536] ? ioctl_preallocate+0x1c0/0x1c0 [ 1365.886928] ? __fget+0x237/0x370 [ 1365.890371] ? security_file_ioctl+0x89/0xb0 [ 1365.894763] SyS_ioctl+0x8f/0xc0 [ 1365.898111] ? do_vfs_ioctl+0x1060/0x1060 [ 1365.902246] do_syscall_64+0x1e8/0x640 [ 1365.906144] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1365.910977] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1365.916158] RIP: 0033:0x4592c9 [ 1365.919333] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1365.927019] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1365.934285] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1365.941536] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:33:34 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="c0dca5055e0bcfec7be070") getegid() ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x6, 0x60, 0x4e3b, 0x3ff, 0x2, "931b72141e6fe3a7db7a5f2c6c6b209eb18700", 0xf3, 0x81}) r2 = syz_open_pts(r0, 0x0) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000180)={0x8, 0x0, 0x0, 0xffffffffffffffff}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0xffffffff}) 13:33:34 executing program 1: unshare(0x400) r0 = memfd_create(&(0x7f0000000200)='eth0-(eth0:\x00', 0x0) fremovexattr(r0, &(0x7f0000000000)=@known='system.posix_acl_default\x00') [ 1365.948790] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1365.956052] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1365.976735] Bluetooth: Unknown HCI packet type 5e 13:33:34 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:34 executing program 1: r0 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x6, 0x4000) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000100)) creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) 13:33:34 executing program 3: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000480)=ANY=[], 0x2e7) open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x100) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xa198) [ 1366.000744] Bluetooth: Unknown HCI packet type 43 [ 1366.006923] Bluetooth: Unknown HCI packet type 5e [ 1366.012868] Bluetooth: Unknown HCI packet type 50 [ 1366.018704] Bluetooth: Unknown HCI packet type 5e [ 1366.025878] Bluetooth: Unknown HCI packet type 40 [ 1366.115716] rpcbind: RPC call returned error 22 [ 1366.135676] audit: type=1804 audit(1561037614.539:208): pid=23210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir008101599/syzkaller.DIezak/692/file0" dev="sda1" ino=16939 res=1 [ 1366.403549] audit: type=1804 audit(1561037614.809:209): pid=23216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir008101599/syzkaller.DIezak/692/file0" dev="sda1" ino=16939 res=1 [ 1367.750158] Bluetooth: hci0 command 0x1003 tx timeout [ 1367.755530] Bluetooth: hci0 sending frame failed (-49) [ 1367.990158] Bluetooth: hci1 command 0x1003 tx timeout [ 1367.995498] Bluetooth: hci1 sending frame failed (-49) [ 1369.830238] Bluetooth: hci0 command 0x1001 tx timeout [ 1369.835603] Bluetooth: hci0 sending frame failed (-49) [ 1370.070224] Bluetooth: hci1 command 0x1001 tx timeout [ 1370.075565] Bluetooth: hci1 sending frame failed (-49) [ 1371.910199] Bluetooth: hci0 command 0x1009 tx timeout [ 1372.150265] Bluetooth: hci1 command 0x1009 tx timeout 13:33:44 executing program 5 (fault-call:4 fault-nth:62): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:33:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r2, 0x8040ae69, &(0x7f0000000080)={0x0, 0x80000001, 0x5, 0x1, 0x9}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0xffffffae) ioctl$KVM_SMI(r4, 0xaeb7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0x8090ae81, 0x0) 13:33:44 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:33:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x20000, 0x0) bind$vsock_dgram(r2, &(0x7f0000000100)={0x28, 0x0, 0x2711, @hyper}, 0x10) listen(r1, 0x0) write$binfmt_aout(r0, &(0x7f0000000180)={{0x108, 0x100000001, 0xfff, 0x24a, 0x37d, 0x0, 0x1a2, 0x3}, "302526732dddc552bc2a8fef24b4a887b27e01100d09878c59f28593e04cba921f2728e0ca8192af7a9beefba1d96775410faa19d84058b4695dea7685a66ab138e552492a6c67b4a7", [[], [], [], [], [], [], []]}, 0x769) sendto$inet6(r0, 0x0, 0x0, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x2, @loopback}, 0x1c) socket$bt_hidp(0x1f, 0x3, 0x6) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r0, &(0x7f00000005c0), 0xffffffffffffffc1, 0x0, 0x0, 0xaff49bbcdbe0bbb) 13:33:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x200, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x6, {{0x2, 0x4e23, @multicast1}}}, 0x88) flock(r2, 0x1000000000001) ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000140)=0x1) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0xa00, 0x0) ioctl$PPPIOCDISCONN(r3, 0x7439) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1376.513170] Bluetooth: Unknown HCI packet type 5e [ 1376.518696] Bluetooth: Unknown HCI packet type 43 [ 1376.524920] QAT: Invalid ioctl [ 1376.539881] Bluetooth: Unknown HCI packet type 5e [ 1376.594173] FAULT_INJECTION: forcing a failure. [ 1376.594173] name failslab, interval 1, probability 0, space 0, times 0 13:33:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0xfff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='sit0\x00', 0x10) sendto$inet(r0, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r0, 0x400000000000001) mkdir(0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x10) [ 1376.689416] device nr0 entered promiscuous mode [ 1376.713402] CPU: 1 PID: 23231 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1376.720540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.729902] Call Trace: [ 1376.732504] dump_stack+0x138/0x19c [ 1376.736146] should_fail.cold+0x10f/0x159 [ 1376.740306] should_failslab+0xdb/0x130 [ 1376.744287] kmem_cache_alloc+0x2d7/0x780 [ 1376.748437] ? wait_for_completion+0x420/0x420 [ 1376.753035] __kernfs_new_node+0x70/0x420 [ 1376.757194] kernfs_new_node+0x80/0xf0 13:33:45 executing program 3: r0 = socket$inet6(0xa, 0x100000000000003, 0xbc) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c) writev(r0, &(0x7f00000024c0)=[{&(0x7f0000000080)='#', 0x1}], 0x1) [ 1376.761100] __kernfs_create_file+0x46/0x323 [ 1376.765505] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1376.770181] internal_create_group+0x232/0x7b0 [ 1376.774795] sysfs_create_groups+0x97/0x140 [ 1376.779131] device_add+0x7d8/0x1490 [ 1376.782865] ? device_private_init+0x190/0x190 [ 1376.787461] rfkill_register+0x19c/0xb20 [ 1376.791540] hci_register_dev+0x34b/0x810 [ 1376.795692] ? __raw_spin_lock_init+0x2d/0x100 [ 1376.800289] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1376.804618] tty_ioctl+0x8f7/0x1320 [ 1376.808256] ? hci_uart_tty_poll+0x10/0x10 [ 1376.812505] ? tty_vhangup+0x30/0x30 [ 1376.816232] ? __might_sleep+0x93/0xb0 [ 1376.820126] ? __fget+0x210/0x370 [ 1376.823591] ? tty_vhangup+0x30/0x30 [ 1376.827325] do_vfs_ioctl+0x7ae/0x1060 [ 1376.831219] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1376.835982] ? lock_downgrade+0x6e0/0x6e0 [ 1376.840144] ? ioctl_preallocate+0x1c0/0x1c0 [ 1376.844562] ? __fget+0x237/0x370 [ 1376.848031] ? security_file_ioctl+0x89/0xb0 [ 1376.852450] SyS_ioctl+0x8f/0xc0 [ 1376.855827] ? do_vfs_ioctl+0x1060/0x1060 [ 1376.859979] do_syscall_64+0x1e8/0x640 [ 1376.863895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1376.868747] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1376.868757] RIP: 0033:0x4592c9 [ 1376.868763] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1376.868775] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1376.868780] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1376.868784] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:33:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@ra={0x94, 0x6, 0x7fffffff}, @cipso={0x86, 0x6}]}}}], 0x20}, 0x48c0) 13:33:45 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ifreq(r1, 0x8922, &(0x7f0000000100)={'bond0\x00', @ifru_map={0x1ff}}) ioctl$sock_ifreq(r2, 0x8922, &(0x7f0000000080)={'bond0\x00', @ifru_flags=0x6dbbce78125ac468}) 13:33:45 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1376.868789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1376.868795] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:33:45 executing program 1: syz_emit_ethernet(0x66, &(0x7f0000000080)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x14, 0x2], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3803, 0x3, 0x0, 0x0, 0x4]}, @mcast2}}}}}}}, 0x0) [ 1378.550233] Bluetooth: hci0 command 0x1003 tx timeout [ 1378.555581] Bluetooth: hci0 sending frame failed (-49) [ 1378.950175] Bluetooth: hci1 command 0x1003 tx timeout [ 1378.955536] Bluetooth: hci1 sending frame failed (-49) [ 1380.630152] Bluetooth: hci0 command 0x1001 tx timeout [ 1380.635484] Bluetooth: hci0 sending frame failed (-49) [ 1381.030311] Bluetooth: hci1 command 0x1001 tx timeout [ 1381.035641] Bluetooth: hci1 sending frame failed (-49) [ 1382.710200] Bluetooth: hci0 command 0x1009 tx timeout [ 1383.110190] Bluetooth: hci1 command 0x1009 tx timeout 13:33:55 executing program 5 (fault-call:4 fault-nth:63): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:33:55 executing program 3: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000000)="a2e6fa9a", 0x4) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendto$inet6(r0, &(0x7f0000000100)="ce841000fa13000400910efc1fb35c22cc6dc3798ca5493fe155208f80002900257faf5ec2cc0542050000002e9b64c47af6363bbd84500000000080000001b3f60b3b9652c62ae5d6d5949cdabe2c6646f85ecd5ca7958ac07e8994b45898b64a9e2a308fdbf1a3", 0x68, 0x40, 0x0, 0x0) 13:33:55 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000000)="a2e6fa9a", 0x4) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendto$inet6(r0, &(0x7f0000000180)="ce841000fa13000400910efc1fb35c22cc6dc3798ca5493fe155208f80002900257faf5ec2cc0542050000002e9b64c47af6363bbd84500000000080000001b3f60b3b9652c606e5d6d5949cdabe2c6646f85ecd5ca7958ac07e8994b45898b64a9e2a308fdbf1a3", 0x68, 0x0, 0x0, 0x0) 13:33:55 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:33:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:33:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r2, 0x4, 0x70bd2d, 0x25dfdbfe, {{}, 0x0, 0x800b, 0x0, {0x8, 0x2, 0x1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0xa1f3cd61debad4f5}, 0x80) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) setxattr$security_evm(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='security.evm\x00', &(0x7f00000002c0)=@v2={0x7, 0x2, 0x3, 0x8, 0x60, "87f2007c4d908a816eb578001409a9c66bacde128a6978b8c542173f4a62278bb02c4a4cead5fcc5b4ec871257ab35598e59480cd49b89200e765be59277a4ae26652cd61baa63240a14611b1bffc60a2a4304399ad8f059f14316ef7498781e"}, 0x6a, 0x2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x4) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000100)=0x3) [ 1387.388766] Bluetooth: Unknown HCI packet type 5e [ 1387.394141] Bluetooth: Unknown HCI packet type 43 13:33:55 executing program 3: r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000500), 0x4) [ 1387.444774] FAULT_INJECTION: forcing a failure. [ 1387.444774] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.456919] CPU: 1 PID: 23276 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1387.464040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1387.473398] Call Trace: [ 1387.473424] dump_stack+0x138/0x19c [ 1387.473443] should_fail.cold+0x10f/0x159 [ 1387.473460] should_failslab+0xdb/0x130 [ 1387.473474] kmem_cache_alloc+0x2d7/0x780 13:33:55 executing program 3: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000003c0)={0x0, 0x0, 0x69c4}) r1 = dup2(r0, r0) write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18, 0x8384}, 0x18) [ 1387.473488] ? wait_for_completion+0x420/0x420 [ 1387.473509] __kernfs_new_node+0x70/0x420 [ 1387.500730] kernfs_new_node+0x80/0xf0 [ 1387.504644] __kernfs_create_file+0x46/0x323 [ 1387.509109] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1387.513795] internal_create_group+0x232/0x7b0 [ 1387.518398] sysfs_create_groups+0x97/0x140 [ 1387.522731] device_add+0x7d8/0x1490 [ 1387.526465] ? device_private_init+0x190/0x190 [ 1387.526483] rfkill_register+0x19c/0xb20 [ 1387.535154] hci_register_dev+0x34b/0x810 [ 1387.539312] ? __raw_spin_lock_init+0x2d/0x100 13:33:55 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$inet(0x2, 0x3, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, 0x0) clock_nanosleep(0x2, 0x1, &(0x7f0000000140)={0x0, 0x989680}, &(0x7f0000000180)) [ 1387.543994] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1387.544011] tty_ioctl+0x8f7/0x1320 [ 1387.544020] ? hci_uart_tty_poll+0x10/0x10 [ 1387.544031] ? tty_vhangup+0x30/0x30 [ 1387.544051] ? __might_sleep+0x93/0xb0 [ 1387.544061] ? __fget+0x210/0x370 [ 1387.544077] ? tty_vhangup+0x30/0x30 [ 1387.544094] do_vfs_ioctl+0x7ae/0x1060 [ 1387.544106] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1387.544117] ? lock_downgrade+0x6e0/0x6e0 [ 1387.544127] ? ioctl_preallocate+0x1c0/0x1c0 [ 1387.544139] ? __fget+0x237/0x370 [ 1387.544163] ? security_file_ioctl+0x89/0xb0 [ 1387.552139] SyS_ioctl+0x8f/0xc0 [ 1387.552150] ? do_vfs_ioctl+0x1060/0x1060 [ 1387.552164] do_syscall_64+0x1e8/0x640 [ 1387.552174] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1387.552189] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1387.552197] RIP: 0033:0x4592c9 [ 1387.552203] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1387.552214] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1387.552220] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1387.552225] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1387.552230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1387.552235] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1387.594519] Bluetooth: Unknown HCI packet type 5e [ 1387.594525] Bluetooth: Unknown HCI packet type 43 [ 1387.594530] Bluetooth: Unknown HCI packet type 5e [ 1387.594535] Bluetooth: Unknown HCI packet type 50 [ 1387.594539] Bluetooth: Unknown HCI packet type 5e 13:33:56 executing program 3: mmap(&(0x7f0000605000/0x2000)=nil, 0x2000, 0x0, 0x10000000000031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0) mbind(&(0x7f0000126000/0x3000)=nil, 0x3321a8df32ee8487, 0x0, &(0x7f000016e000), 0x5, 0x0) [ 1387.594543] Bluetooth: Unknown HCI packet type 40 13:33:56 executing program 3: r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, 0x0, 0x0) 13:33:56 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1389.430138] Bluetooth: hci0 command 0x1003 tx timeout [ 1389.435500] Bluetooth: hci0 sending frame failed (-49) [ 1389.670379] Bluetooth: hci1 command 0x1003 tx timeout [ 1389.675715] Bluetooth: hci1 sending frame failed (-49) [ 1391.510260] Bluetooth: hci0 command 0x1001 tx timeout [ 1391.515601] Bluetooth: hci0 sending frame failed (-49) [ 1391.750363] Bluetooth: hci1 command 0x1001 tx timeout [ 1391.755693] Bluetooth: hci1 sending frame failed (-49) [ 1393.590214] Bluetooth: hci0 command 0x1009 tx timeout [ 1393.830432] Bluetooth: hci1 command 0x1009 tx timeout 13:34:06 executing program 5 (fault-call:4 fault-nth:64): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:06 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x14, 0x4, 0x4, 0x400, 0x0, 0x1}, 0x2c) socket$inet6(0xa, 0x2, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r0, &(0x7f0000f67fe4), 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) 13:34:06 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:06 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x1, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x17) 13:34:06 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x18, 0x4) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:34:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000000c0)={0x0, r2}) [ 1398.305535] Bluetooth: Unknown HCI packet type 5e 13:34:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, &(0x7f0000000040)=""/67, 0xfffffeb7, 0x0, 0x0, 0x0) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xff46, 0x0, 0x0, 0x800e00721) shutdown(r1, 0x0) read(r2, &(0x7f00000000c0)=""/113, 0x71) shutdown(r2, 0x0) [ 1398.383990] FAULT_INJECTION: forcing a failure. [ 1398.383990] name failslab, interval 1, probability 0, space 0, times 0 [ 1398.398118] CPU: 0 PID: 23320 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1398.405261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.414633] Call Trace: [ 1398.417254] dump_stack+0x138/0x19c [ 1398.420899] should_fail.cold+0x10f/0x159 [ 1398.425095] should_failslab+0xdb/0x130 [ 1398.429086] kmem_cache_alloc+0x2d7/0x780 [ 1398.433247] ? wait_for_completion+0x420/0x420 [ 1398.437861] __kernfs_new_node+0x70/0x420 [ 1398.442032] kernfs_new_node+0x80/0xf0 [ 1398.445940] __kernfs_create_file+0x46/0x323 [ 1398.450365] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1398.455057] internal_create_group+0x232/0x7b0 [ 1398.459666] sysfs_create_groups+0x97/0x140 [ 1398.464115] device_add+0x7d8/0x1490 [ 1398.467858] ? device_private_init+0x190/0x190 [ 1398.472465] rfkill_register+0x19c/0xb20 [ 1398.476550] hci_register_dev+0x34b/0x810 [ 1398.480731] ? __raw_spin_lock_init+0x2d/0x100 [ 1398.485338] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1398.489687] tty_ioctl+0x8f7/0x1320 [ 1398.493329] ? hci_uart_tty_poll+0x10/0x10 [ 1398.497582] ? tty_vhangup+0x30/0x30 [ 1398.501326] ? __might_sleep+0x93/0xb0 [ 1398.505228] ? __fget+0x210/0x370 [ 1398.508703] ? tty_vhangup+0x30/0x30 [ 1398.512434] do_vfs_ioctl+0x7ae/0x1060 [ 1398.516332] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1398.521095] ? lock_downgrade+0x6e0/0x6e0 [ 1398.525260] ? ioctl_preallocate+0x1c0/0x1c0 [ 1398.529684] ? __fget+0x237/0x370 [ 1398.533153] ? security_file_ioctl+0x89/0xb0 [ 1398.537579] SyS_ioctl+0x8f/0xc0 [ 1398.540959] ? do_vfs_ioctl+0x1060/0x1060 [ 1398.545124] do_syscall_64+0x1e8/0x640 [ 1398.549022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1398.553880] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1398.559085] RIP: 0033:0x4592c9 [ 1398.562274] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1398.569997] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1398.577276] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 13:34:07 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1398.584561] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1398.591847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1398.599135] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:34:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000800)=""/4096, 0x1000}], 0x1}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x6e0aeed7badb2a0f, 0x0, 0x0, 0x800e0084a) shutdown(r1, 0x0) recvmsg(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)=""/208, 0xd0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5}, 0x0) shutdown(r2, 0x0) [ 1398.648644] Bluetooth: hci1 sending frame failed (-49) 13:34:07 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdir(&(0x7f0000000100)='./file1\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) close(r0) close(r1) socketpair$unix(0x1, 0x20000000005, 0x0, &(0x7f0000000140)) setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000000)=0x9, 0x4) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffd8a) recvfrom$inet(r0, 0x0, 0x25, 0x0, 0x0, 0x800e00d46) [ 1400.310198] Bluetooth: hci0 command 0x1003 tx timeout [ 1400.315554] Bluetooth: hci0 sending frame failed (-49) [ 1400.710502] Bluetooth: hci1 command 0x1003 tx timeout [ 1400.715826] Bluetooth: hci1 sending frame failed (-49) [ 1402.390247] Bluetooth: hci0 command 0x1001 tx timeout [ 1402.395580] Bluetooth: hci0 sending frame failed (-49) [ 1402.790134] Bluetooth: hci1 command 0x1001 tx timeout [ 1402.795473] Bluetooth: hci1 sending frame failed (-49) [ 1404.470154] Bluetooth: hci0 command 0x1009 tx timeout [ 1404.870160] Bluetooth: hci1 command 0x1009 tx timeout 13:34:17 executing program 5 (fault-call:4 fault-nth:65): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:17 executing program 3: 13:34:17 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:17 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$TCSBRKP(r1, 0x5425, 0x8) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000180)={0x0, r2, 0x0, 0x1}, 0x14) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000000)='./file0\x00', r2}, 0x10) 13:34:17 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x10) munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x800e002e6) [ 1409.172727] FAULT_INJECTION: forcing a failure. [ 1409.172727] name failslab, interval 1, probability 0, space 0, times 0 [ 1409.186950] CPU: 0 PID: 23358 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1409.194136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.203518] Call Trace: [ 1409.206626] dump_stack+0x138/0x19c [ 1409.210306] should_fail.cold+0x10f/0x159 [ 1409.214477] should_failslab+0xdb/0x130 [ 1409.218486] kmem_cache_alloc+0x2d7/0x780 [ 1409.222642] ? kernfs_find_and_get_ns+0x4b/0x60 [ 1409.227322] __kernfs_new_node+0x70/0x420 [ 1409.231474] ? lock_downgrade+0x6e0/0x6e0 [ 1409.235630] kernfs_new_node+0x80/0xf0 [ 1409.239538] __kernfs_create_file+0x46/0x323 [ 1409.243950] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1409.248631] sysfs_add_file+0x4f/0x60 [ 1409.252432] sysfs_merge_group+0xe2/0x210 [ 1409.256681] dpm_sysfs_add+0x121/0x1b0 [ 1409.260582] device_add+0x968/0x1490 [ 1409.264311] ? device_private_init+0x190/0x190 [ 1409.268909] rfkill_register+0x19c/0xb20 [ 1409.272985] hci_register_dev+0x34b/0x810 [ 1409.277230] ? __raw_spin_lock_init+0x2d/0x100 [ 1409.281838] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1409.286185] tty_ioctl+0x8f7/0x1320 [ 1409.289877] ? hci_uart_tty_poll+0x10/0x10 [ 1409.294134] ? tty_vhangup+0x30/0x30 [ 1409.297975] ? __might_sleep+0x93/0xb0 [ 1409.301893] ? __fget+0x210/0x370 [ 1409.305369] ? tty_vhangup+0x30/0x30 [ 1409.309100] do_vfs_ioctl+0x7ae/0x1060 [ 1409.313007] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1409.317778] ? lock_downgrade+0x6e0/0x6e0 [ 1409.321944] ? ioctl_preallocate+0x1c0/0x1c0 [ 1409.326368] ? __fget+0x237/0x370 [ 1409.329870] ? security_file_ioctl+0x89/0xb0 [ 1409.334296] SyS_ioctl+0x8f/0xc0 [ 1409.337677] ? do_vfs_ioctl+0x1060/0x1060 [ 1409.341846] do_syscall_64+0x1e8/0x640 [ 1409.345744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1409.350614] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1409.355818] RIP: 0033:0x4592c9 [ 1409.359011] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:34:17 executing program 3: [ 1409.366910] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1409.374194] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1409.381475] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1409.388843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1409.396141] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:34:17 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1409.421693] Bluetooth: Unknown HCI packet type 5e [ 1409.426746] Bluetooth: Unknown HCI packet type 43 [ 1409.432486] Bluetooth: Unknown HCI packet type 5e [ 1409.437480] Bluetooth: Unknown HCI packet type 5e [ 1409.450390] Bluetooth: Unknown HCI packet type 43 [ 1409.466360] Bluetooth: Unknown HCI packet type 5e 13:34:17 executing program 3: [ 1409.471377] Bluetooth: Unknown HCI packet type 50 [ 1409.476237] Bluetooth: Unknown HCI packet type 5e [ 1409.483955] Bluetooth: Unknown HCI packet type 50 [ 1409.488833] Bluetooth: Unknown HCI packet type 5e [ 1409.497590] Bluetooth: Unknown HCI packet type 40 [ 1409.503028] Bluetooth: Unknown HCI packet type 40 13:34:17 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2842, 0x0) io_setup(0x2, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f0000000200)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}]) 13:34:18 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:18 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000001440)='/dev/ion\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") r2 = memfd_create(&(0x7f0000000380)='keyringlo\x00\xf9\xe32\x10\xd4w\xf0\xfb\xca\x82\xbf\xc2K\x1c\x95\xaaPv\xben\x8b\xd7\xaf\fn\xdd\xf0\x18\'\"\xfe\xff+\x9a\x00\xce\xf0\xfbi\x84\xe5``\xde\xb0\x90\x81]\x9e\xf9\xfb\xc9\xfe\xbc\xd2e}\x98\x06_c\x0f\x14\xbc\xe0\xd3.,\x81\xa5\xbf4\xf6\x03D\xd5\xd1tU\xfd\x1b\x7f&`+t\xc3F<\x13\xbf\xbd\xc2c\xe8\xe6\xc0\xe4\xfd\xb0\xb3S\xd9n\x05\xf4\xaf\xda\xa5\xe9\xa21\x1e\v\x047\xb3\xd7yO\xd3>\xcc\x81\x1fm\xb8\x06\xdaT\xef+:\xc6l\xdbA\xbd\xb6B-8\x9e\xf5;\x01l\xb1\'\xcb\xae|ggX\xe1\x99u$\xeaoW\xfe\x8e1X\xa0\xb8\x939\xf5Mm\x86\xb3\xf1\xd5\xebN\x93.J\"\xb6\xda\r\x1d>\xaf\xf99\xd91 \x19\xfc\x98\x82\xc3{d\xcc?\xf3\xe0\x01(\x1cv#\xc8\x91\x16\xa7\xdd\x8a\xefj!\x10\xb5\xc8\"q}\x7f\x9d\x03\x01a(\xean\x95\xa6ok\xb4\x17X;\xf0\xddT\xd1\xcd\x01[0\xf2\x96\xd8\xf6\xe5\xeeC\x8b&|\xf4\x03\x9a\x90_j\x83\t\x92v\x96\xe6\xdc\xfb\xa6\x1b\x16\x10u\x85\xa2\xa1\x88\xba\x10\xeaWk\xd6\x99\xbc\x90x\xd3\xed\xec\xcf\xbd\xbf\xc5_C\xdd\x899\x9e\xd3XD\xe7{\xf9[\xa7\x9f\x17\xbb\x93\xbf\x85\xe1l\xf6*\x13\xb5,%\xc2R\xb7\xe4QO\x01\x1c\x9d\xa6\xb2\xcb\x7f\x19\b\xfeX\xceer\x16\xb2\xa5\x19\x0e\nrp\x99\xab\r\x83\xcc\xdd\xdb\xaag\x92\xf2\xbe\xbf\x9a\x8bqk=\xd8\x8d\x15\x90\xc1\xd4\xfc\xc1\xe8\x18\xdc\x822F\xd6\xd5\x9eD\x9f\xcf\xf4\x97\x0f\xf8\x88\xefc\xc1\'}v\xc8Y\xf6\xeb\xa0\x8c\x01=+\xba\ry\x18t\x03\xbf\xe4]\"\xa2\xb8\xdc\xb5\xffg\x9et\x81V\xc5{2e%os\x97\xf6\xc1\x8c\x91\"\xdb[\xdf\xb6pv\xee\x1a\x04\xdc\xcf\xd3&\x99\xaa\xd4q\x99\xbd\xe5\x05', 0x0) writev(r2, &(0x7f0000000280)=[{&(0x7f00000001c0)="9c7ad8a3e2d794952ba1b3469e167d74a4c01c2b5f8ec56e637f4c82b37beeb2fa2b74757d7dbc7846320b391acd80d065de7de91280b4cb2b90906f195881a629f424d87e", 0x45}], 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) ioctl(r0, 0x4000c0084905, &(0x7f0000000040)) [ 1411.430135] Bluetooth: hci0 command 0x1003 tx timeout [ 1411.435458] Bluetooth: hci0 sending frame failed (-49) [ 1411.510175] Bluetooth: hci1 command 0x1003 tx timeout [ 1411.515513] Bluetooth: hci1 sending frame failed (-49) [ 1413.510205] Bluetooth: hci0 command 0x1001 tx timeout [ 1413.515577] Bluetooth: hci0 sending frame failed (-49) [ 1413.590256] Bluetooth: hci1 command 0x1001 tx timeout [ 1413.595659] Bluetooth: hci1 sending frame failed (-49) [ 1415.590147] Bluetooth: hci0 command 0x1009 tx timeout [ 1415.670307] Bluetooth: hci1 command 0x1009 tx timeout 13:34:28 executing program 5 (fault-call:4 fault-nth:66): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:28 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007d80), 0x6, 0x0) 13:34:28 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x2) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:update_modules_exec_t:s0\x00', 0x2b, 0x3) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:28 executing program 1: 13:34:28 executing program 1: 13:34:28 executing program 3: [ 1420.105946] FAULT_INJECTION: forcing a failure. [ 1420.105946] name failslab, interval 1, probability 0, space 0, times 0 [ 1420.125349] CPU: 1 PID: 23402 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1420.132484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1420.141937] Call Trace: [ 1420.144547] dump_stack+0x138/0x19c [ 1420.148200] should_fail.cold+0x10f/0x159 13:34:28 executing program 1: 13:34:28 executing program 3: [ 1420.152508] should_failslab+0xdb/0x130 [ 1420.156498] kmem_cache_alloc+0x2d7/0x780 [ 1420.160661] ? wait_for_completion+0x420/0x420 [ 1420.165344] __kernfs_new_node+0x70/0x420 [ 1420.169498] kernfs_new_node+0x80/0xf0 [ 1420.173395] __kernfs_create_file+0x46/0x323 [ 1420.177815] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1420.182528] internal_create_group+0x232/0x7b0 [ 1420.187134] sysfs_create_groups+0x97/0x140 [ 1420.191469] device_add+0x7d8/0x1490 [ 1420.195195] ? device_private_init+0x190/0x190 [ 1420.199791] rfkill_register+0x19c/0xb20 13:34:28 executing program 1: [ 1420.203853] hci_register_dev+0x34b/0x810 [ 1420.203864] ? __raw_spin_lock_init+0x2d/0x100 [ 1420.203880] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1420.203893] tty_ioctl+0x8f7/0x1320 [ 1420.203902] ? hci_uart_tty_poll+0x10/0x10 [ 1420.203913] ? tty_vhangup+0x30/0x30 [ 1420.230091] ? __might_sleep+0x93/0xb0 [ 1420.234002] ? __fget+0x210/0x370 [ 1420.237479] ? tty_vhangup+0x30/0x30 [ 1420.241203] do_vfs_ioctl+0x7ae/0x1060 [ 1420.245115] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1420.249877] ? lock_downgrade+0x6e0/0x6e0 13:34:28 executing program 1: [ 1420.254037] ? ioctl_preallocate+0x1c0/0x1c0 [ 1420.258460] ? __fget+0x237/0x370 [ 1420.261943] ? security_file_ioctl+0x89/0xb0 [ 1420.266343] SyS_ioctl+0x8f/0xc0 [ 1420.269706] ? do_vfs_ioctl+0x1060/0x1060 [ 1420.273869] do_syscall_64+0x1e8/0x640 [ 1420.277964] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1420.282821] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1420.288124] RIP: 0033:0x4592c9 [ 1420.291312] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1420.299226] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1420.306489] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1420.313768] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1420.321042] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1420.328306] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1422.390151] Bluetooth: hci0 command 0x1003 tx timeout [ 1422.395513] Bluetooth: hci0 sending frame failed (-49) [ 1424.470160] Bluetooth: hci0 command 0x1001 tx timeout [ 1424.475731] Bluetooth: hci0 sending frame failed (-49) [ 1426.550134] Bluetooth: hci0 command 0x1009 tx timeout 13:34:39 executing program 5 (fault-call:4 fault-nth:67): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:39 executing program 1: 13:34:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0x3) r1 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x1, 0x2) ioctl$PPPIOCCONNECT(r1, 0x4004743a, &(0x7f00000001c0)=0x2) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000200)=0x5) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/checkreqprot\x00', 0x400000, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x28, &(0x7f0000000080)}, 0x10) preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000280)=""/166, 0xa6}, {&(0x7f0000000340)=""/251, 0xfb}, {&(0x7f0000000440)=""/120, 0x78}, {&(0x7f00000004c0)=""/130, 0x82}], 0x4, 0x9) 13:34:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:39 executing program 3: 13:34:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:39 executing program 1: 13:34:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00006a3000/0x3000)=nil, 0x3000, 0xc) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) fcntl$notify(r1, 0x402, 0x82000001) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x10000, 0x0) 13:34:39 executing program 3: 13:34:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x25, 0x200) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000140)={0x80, 0x4f400000000000, 0x80000001}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1430.919015] FAULT_INJECTION: forcing a failure. [ 1430.919015] name failslab, interval 1, probability 0, space 0, times 0 [ 1430.937990] CPU: 1 PID: 23424 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1430.945104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1430.954555] Call Trace: [ 1430.957679] dump_stack+0x138/0x19c [ 1430.961406] should_fail.cold+0x10f/0x159 13:34:39 executing program 1: [ 1430.965589] should_failslab+0xdb/0x130 [ 1430.969696] kmem_cache_alloc+0x2d7/0x780 [ 1430.973954] ? kernfs_find_and_get_ns+0x4b/0x60 [ 1430.978627] __kernfs_new_node+0x70/0x420 [ 1430.982841] ? lock_downgrade+0x6e0/0x6e0 [ 1430.986989] kernfs_new_node+0x80/0xf0 [ 1430.986999] __kernfs_create_file+0x46/0x323 [ 1430.987007] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1430.987015] sysfs_add_file+0x4f/0x60 [ 1430.987021] sysfs_merge_group+0xe2/0x210 [ 1430.987030] dpm_sysfs_add+0x121/0x1b0 [ 1430.987037] device_add+0x968/0x1490 13:34:39 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x0, 0xff}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0x1}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffd8) [ 1430.987044] ? device_private_init+0x190/0x190 [ 1430.987058] rfkill_register+0x19c/0xb20 [ 1430.995390] hci_register_dev+0x34b/0x810 [ 1430.995398] ? __raw_spin_lock_init+0x2d/0x100 [ 1430.995408] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1430.995417] tty_ioctl+0x8f7/0x1320 [ 1430.995422] ? hci_uart_tty_poll+0x10/0x10 [ 1430.995428] ? tty_vhangup+0x30/0x30 [ 1430.995439] ? __might_sleep+0x93/0xb0 [ 1430.995445] ? __fget+0x210/0x370 [ 1430.995454] ? tty_vhangup+0x30/0x30 [ 1430.995460] do_vfs_ioctl+0x7ae/0x1060 [ 1430.995468] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1430.995476] ? lock_downgrade+0x6e0/0x6e0 [ 1430.995483] ? ioctl_preallocate+0x1c0/0x1c0 [ 1430.995489] ? __fget+0x237/0x370 [ 1430.995500] ? security_file_ioctl+0x89/0xb0 [ 1431.056668] SyS_ioctl+0x8f/0xc0 [ 1431.056677] ? do_vfs_ioctl+0x1060/0x1060 [ 1431.056691] do_syscall_64+0x1e8/0x640 [ 1431.064280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1431.064293] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1431.064299] RIP: 0033:0x4592c9 [ 1431.064308] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 [ 1431.073258] ORIG_RAX: 0000000000000010 [ 1431.073264] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1431.073267] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1431.073270] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1431.073274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1431.073277] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1431.169440] Bluetooth: hci1 sending frame failed (-49) 13:34:39 executing program 5 (fault-call:4 fault-nth:68): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:39 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000001280)={0xa, 0x84, 0x40800000ec2, 0x4000000000002, 0x2}, 0x2c) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000000080)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x29) bpf$MAP_CREATE(0x2, &(0x7f00000000c0)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) 13:34:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="c0dc40005e0bcf0b7ce070") r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x801, 0x0) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000000)) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz1\x00', {}, 0x0, [], [], [0xa1c7]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) write$uinput_user_dev(r1, &(0x7f0000000b40)={'syz0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\xfa\xff\xff\xff\x00'}, 0x45c) [ 1431.299912] FAULT_INJECTION: forcing a failure. [ 1431.299912] name failslab, interval 1, probability 0, space 0, times 0 [ 1431.324035] CPU: 1 PID: 23452 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1431.331329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.341011] Call Trace: [ 1431.343628] dump_stack+0x138/0x19c 13:34:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1431.347286] should_fail.cold+0x10f/0x159 [ 1431.351460] should_failslab+0xdb/0x130 [ 1431.355460] kmem_cache_alloc+0x2d7/0x780 [ 1431.359620] ? wait_for_completion+0x420/0x420 [ 1431.364222] __kernfs_new_node+0x70/0x420 [ 1431.368390] kernfs_new_node+0x80/0xf0 [ 1431.372388] __kernfs_create_file+0x46/0x323 [ 1431.376807] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1431.381491] sysfs_add_file+0x4f/0x60 [ 1431.385324] sysfs_merge_group+0xe2/0x210 [ 1431.385340] dpm_sysfs_add+0x121/0x1b0 [ 1431.385351] device_add+0x968/0x1490 [ 1431.385365] ? device_private_init+0x190/0x190 [ 1431.385383] rfkill_register+0x19c/0xb20 [ 1431.385397] hci_register_dev+0x34b/0x810 [ 1431.385408] ? __raw_spin_lock_init+0x2d/0x100 [ 1431.385423] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1431.393471] tty_ioctl+0x8f7/0x1320 [ 1431.393484] ? hci_uart_tty_poll+0x10/0x10 [ 1431.393493] ? tty_vhangup+0x30/0x30 [ 1431.393512] ? __might_sleep+0x93/0xb0 [ 1431.393521] ? __fget+0x210/0x370 [ 1431.393536] ? tty_vhangup+0x30/0x30 [ 1431.393546] do_vfs_ioctl+0x7ae/0x1060 [ 1431.393560] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1431.401853] ? lock_downgrade+0x6e0/0x6e0 [ 1431.401868] ? ioctl_preallocate+0x1c0/0x1c0 [ 1431.401879] ? __fget+0x237/0x370 [ 1431.401896] ? security_file_ioctl+0x89/0xb0 [ 1431.401908] SyS_ioctl+0x8f/0xc0 [ 1431.401916] ? do_vfs_ioctl+0x1060/0x1060 [ 1431.401929] do_syscall_64+0x1e8/0x640 [ 1431.401938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1431.401954] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1431.401963] RIP: 0033:0x4592c9 [ 1431.401968] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1431.401980] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1431.401986] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1431.401992] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1431.401998] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1431.402007] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1431.448962] input: syz1 as /devices/virtual/input/input11 [ 1431.585939] input: syz1 as /devices/virtual/input/input12 [ 1431.603445] Bluetooth: Unknown HCI packet type 5e [ 1431.608975] Bluetooth: Unknown HCI packet type 43 [ 1431.638473] Bluetooth: Unknown HCI packet type 5e [ 1431.658505] Bluetooth: Unknown HCI packet type 50 [ 1431.675212] Bluetooth: Unknown HCI packet type 5e [ 1431.676015] device nr0 entered promiscuous mode 13:34:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:40 executing program 3: getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000100)=0x8) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="e1dca5055e0bcfec7be070") ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000180)={0x0, {0x2, 0x4e20, @dev}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @broadcast}, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x3}) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000200)={0x1, 0x3a, "1e76f726102b585809b64c0e7165ec2e19d6fc10735d00bef28bf876199affa05dc282952ae0c1cf65d96db16bfd6ea5975aa71d389a1f26e3a9"}) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) 13:34:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001300)="11dca5155e0bcfee7be070") r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) sendmsg$alg(r0, &(0x7f0000003640)={0x0, 0x0, &(0x7f00000024c0)=[{0x0}], 0x1}, 0x8000) write$P9_RWALK(r1, &(0x7f00000000c0)={0x16, 0x6f, 0x2, {0x1, [{0x20, 0x4, 0x5}]}}, 0x16) timer_create(0x3, 0x0, &(0x7f00000002c0)) r2 = socket$inet6(0xa, 0x801, 0x0) r3 = dup(r2) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback, 0x2}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r4, 0x2007fff) sendfile(r3, r4, 0x0, 0x8000fffffffe) [ 1431.684307] Bluetooth: Unknown HCI packet type 40 13:34:40 executing program 3: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r1, &(0x7f0000000200)={&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x1c, 0x1, 0x1, [r1, r0, r1]}}], 0x20}, 0x0) [ 1433.190136] Bluetooth: hci1 command 0x1003 tx timeout [ 1433.195502] Bluetooth: hci1 sending frame failed (-49) [ 1433.670133] Bluetooth: hci0 command 0x1003 tx timeout [ 1433.675475] Bluetooth: hci0 sending frame failed (-49) [ 1435.270356] Bluetooth: hci1 command 0x1001 tx timeout [ 1435.275719] Bluetooth: hci1 sending frame failed (-49) [ 1435.750168] Bluetooth: hci0 command 0x1001 tx timeout [ 1435.755499] Bluetooth: hci0 sending frame failed (-49) [ 1437.350217] Bluetooth: hci1 command 0x1009 tx timeout [ 1437.830268] Bluetooth: hci0 command 0x1009 tx timeout 13:34:50 executing program 1: 13:34:50 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:50 executing program 3: 13:34:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0b") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x3) openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x12) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:34:50 executing program 5 (fault-call:4 fault-nth:69): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:34:50 executing program 1: 13:34:50 executing program 3: [ 1441.842139] FAULT_INJECTION: forcing a failure. [ 1441.842139] name failslab, interval 1, probability 0, space 0, times 0 13:34:50 executing program 1: [ 1441.891542] CPU: 1 PID: 23496 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1441.898707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1441.898712] Call Trace: [ 1441.898737] dump_stack+0x138/0x19c [ 1441.898758] should_fail.cold+0x10f/0x159 [ 1441.898777] should_failslab+0xdb/0x130 [ 1441.898796] kmem_cache_alloc+0x2d7/0x780 [ 1441.898812] ? kernfs_find_and_get_ns+0x4b/0x60 [ 1441.898832] __kernfs_new_node+0x70/0x420 [ 1441.898851] ? lock_downgrade+0x6e0/0x6e0 13:34:50 executing program 3: [ 1441.939696] kernfs_new_node+0x80/0xf0 [ 1441.943602] __kernfs_create_file+0x46/0x323 [ 1441.943617] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1441.943632] sysfs_add_file+0x4f/0x60 [ 1441.943643] sysfs_merge_group+0xe2/0x210 [ 1441.943660] dpm_sysfs_add+0x121/0x1b0 [ 1441.943670] device_add+0x968/0x1490 [ 1441.943682] ? device_private_init+0x190/0x190 [ 1441.943697] rfkill_register+0x19c/0xb20 [ 1441.943711] hci_register_dev+0x34b/0x810 [ 1441.943720] ? __raw_spin_lock_init+0x2d/0x100 [ 1441.943735] hci_uart_tty_ioctl+0x6a8/0xa20 13:34:50 executing program 1: syz_open_dev$usb(0x0, 0x400, 0x40000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000180)) ioprio_get$uid(0x0, 0x0) syz_open_dev$evdev(0x0, 0x3, 0x80400) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0xb69, 0x2081) write$UHID_INPUT(r0, &(0x7f0000002300)={0x8, "98571c6fcf4b7f6c5896660503e551d5b4ecb0a8a39b7996c9ab7126ab5c2a886fde126e4fbbd70f1f6e481b98dab990ee1803e1e2bdd0438c71030aa7fcc9b9bb3002747f9700c08808a5e9ca23c14693b1327dacecdd6370ddd638cb84893d9eb71ffd5c81f2b255c81cda89ffc1bd922c2dc254650c12498b20d081195156365216e3623644678c50170c959d8676082e1d3fa105fe28ef882ad3e9e1bee815d09e0f478a93a4ca4020c69527e4183ed41212593b56370bac9f22f0b02c06411fde5068feb4ce8ddd57f437aca8cb3ceab4cbcc425688dfb9e43bd992b562efe7577de621ce46653a7352f875fd29969a2486ec6af75b4c748620107e9b678562e6ad9a343d1246733671e9024733b867e4dbb27521b488163a5e0212edc9f11d6ed64621ae8af129cc38936c0a25668304ff7353cd8a666e31d53aa7727147b686286b7aac52723bad7b19e6e6892e8f0489a947bd644ab312f232fa2a4038aaae5cbad63ff4fbf6bbe2a7266f508a508b4948370953260e1e1377155a71b9ae21d9e2b5fd77d1986892ed85c5dee65b40691ce115b73caa18ad40523c265b8d044395716f7d989c88c2ed667fe75d9955aed1a41fd1afc2791c137077d159b0cb56e34e3a67b6a705e9c10bafe413b2b21b538c39ae61364d200511c109ddc03f76892e7d0e85acd68b25e0b7ddbed82ecd4c0f4db8ee48f6cce526f4fb4a5faf60857e9c4a6e9b2251854edb69fbeadc1d4caf073e36ac505effe36b71b908c5eb479b2a0e2062172464720db97341c801c9caa93ce6d9de4fa9f9bd56dcdb106c04c503d284dd6964c4ae57b977de1757b41b3fe54c2fbcdd83d7b17fe04afed4d529b416fab1b916d883d0de2de85252f8336c09a06d1d663ed1afde2e9cbeda051f4729c16f2ab6ee31a54889bc900496b3f989e8d5a20f8eb63f800ee8cfc0011da19dbfe194e3d10299cfd88d0ab12f73d4e05b6ed4534677a31e9e7d97b130c457749acc9d031bd42d0afd867220bbf06083f2d67787021362e6372995145198f3c6fe7842e3be8c87c937fbffe07c87566d97af7fc06ce3c9ccae5de77557e0b418f80f0f8bf4c93f32cf5d71099cdbb6a7f60ebd1201b1551d88d93b441b017d941b8da0880aa7aea75c6ed4922d9e2409c7059df0b71ad4fda1cabeaf2297110f76592bd6c4a62253f10061fdd6fc2150470bfd79e36016dc1c5d8bb18cf12d855883a0a5dfca0b6ae6c525b149f6dd3d2c350fbc28c54cc2fb9bbf9873a6be5e326ca5b1d349f71662339b322ed2aaad97f344645e61a2edff10e5fb7e42056bc49651bbf675406d0f13727908be81ec51d2d4c6defb42d17986eac5886e67d0d716517b7ab5c72d6e29c7dfe93a187e83b8e014187646e7b81f5f55d5b868321c5b69640dc8f149417793b2f6664f2f7117268235fab3e3573c3e9452eb05ef091f716d26ecca2766040cb91a77b264db722b22fc6b9a98e39bb35557d6426d4ffcf77f1eb19668cf3bf58fd055afdfca68aea699cbb18c689be45dc0abada9b59e90c3d16ef893d5cf980bbf6f5000576c2611fdb9a26db2a161e77b724690eb695c82c8bfc911c7f87bd861932f6332a9e1a0894b3cc572acb06d4c7305fe9f435a742e367fc003c49d88631de2a53711bc4eaa909fd3f1739f9ff832a42f8b00580913b51a1acb17689916be28519a8173d493a8f420b70ee748a2bcd57c9e0ae8ad49afd970baccd9e2f9f578083df47c904d2994f6ca2d04ccff3063d9edad6fcf45bebfd0a34823f608cf415007be6bf81b4d480032113894d098030f1105fbf885ceca8b7061ee6e0827cb605edd73b8e4ca0b69a5feb63c7d71ec4c31787547f62976981f55bb6e46b8593544c684fa928097cd92654f4627c41cad570c4c6c322195e987677c61e517184559355efda69b3ba7f0bd45efeb7388490f66f81ada3cec71ca24aafdc2321a3d9ea87c5e341ddc51eb023d97d9de274bf1d331eb4838f29933463ede0c707ccc033d34118e0233218bc273bf20742c58fe63e881f5cde391d45370759b1a82ec3a887a3b692992377857c9f48a434380d43b27529f9f12dae6ddbf303e80f902b1adc611729671d50b79644d88b853aa74e3a64fd94440f729655f339faadefacd3212ce30e8acbfe08943a1380e3a06e7597a616d5bba5814a58b4053528455e2e5cbd9f3c7a044125a2776dd70f7a277af59ee6dacf77a926cdd9f7696ef6f04118d8ebe3d112eb77fab9026aeeb7590ad2b92c284cad945251846ac77f38dc57e8f8166e504ec26c6fcce4ceb072165cba385ea71c2a1abfc765f679dd763bb3b88f48675d5cf0d7d7a02d3049f693a96279a0fca85ac8ce0910eec88bdf2b49f79cab7fac55a3418a4ff8aba1a326b9400057f879609f123cd322f707583c52474e53a983a9632353bebe8e2aa6d55970b42fa333a5930f32f2a88baa7762ab6dcb09ddc648586974b0ba4447f99460c21f447f256759aa801c86a6b5d8bbb313250e07918316ac905586544da69fb253b25844b0378d648225a5f605fd5875a2d0e09627c7266fbed2dfc28ce235fca921588cd385b10eb3c206c55783597f440a61701a3c2a79739ddd0da6fdd1d74e0d34d7d0db477db75b35f68fff334fca547df0a85fdeb7db9e8deb0870593c07714503170744e153404f5184c65ffd883884ff5da679f6239f4d054e908dc31827f1efc0ef525c8ebc0bb2d3ae330be90ba1ba7981811dc26b8d2093615ff000caceb4de34cc2b1798a16a2ff7468ca92a6a0ba2e86c63612b9a6b7ba84eabd3e4f22270904bbdd33fd1e021f4816d1f64060d784255b6d8a0808af0598495ba225e9907597cbc576577c201183d67a1db0f77b13e1370d68213d96c45befa3b2271ec40aec85da3fa172e83015f27561a54e16837bcf9f3cad9da3e13411afadcdad1c3c634f252c2caef62a80d026db05abfaa344d47438c5d9bf00ed183d4319eb57f8cd2707cbd887aed43c0f2f4211bcf93ced3ebb7daec29a6fe64cae5d13a3996399a276bd0d3b620569ea5f996bdcf17583cf758c1174edbac31558c7f134476f6dd47d02b08ac0c3ee1a69c041bd2f2ac674d059126fa6a3ca905b50523ee681dd3d2a22d330c696fb948f827392f0390a13be7fc5751dc4643f0b4f7c18635cda833d957a567d1b76bf73b1c5c5f7f6178235e00602bd6c59de3d6c050be5831106ec7c7791c6a2b938c326591faeebaab070c4001196537c17d77f9d388d84040405409792b21a8a806489edc0585a3d22c0c527831c5585acfdb85bd8896fb36effc9c468441a0beaed5f4ba911a1c3fa9b31d0702d8f708cf21b22f8016f3dedd63da231364bbb1e4a8e2493038963962d5f301d6118d0624b54c65cbf7213356015dc0e2170f74079bd67751f0cc9958fa4b935098565337d742238144c856e0c96f867ec2252b755ffdef3d70917050d5ad28afa9de063fb3d0dbecae4a2a1ea84b97b6e99d7c736a2305dc4e36c5af7130083b7cb2abb0ba3d3a40365871f48c375dec283c33dc3939e72f3cbfc3cbc3166ce4086f7a742f3d0c1d4ed1cdf6ef69b343ca19c186ff888ada3fe95ed2ca54e80c7dba1b9447011a703fbae5b29fadba2100abb47aa7d205767144b3b17bee74f4d360447bfb4ab14ca5d161a55bee42aa3656b57a23e18335dafca21f907d2746ddd63668c1249dc1fa96d8870f2adf181b066ebaaa2139e0be2a64b55f87a39f6923a5fd172ace89df00f3dd6ced1184d760a45c3f0a3dcdf3a41b2720eb380f05681a6ed476a84b2835cefc2bb52b0608a568b0e821f1cdc5821faa6d26fb767da3a8ffb6feb36eca4311fd0e6e2815e37ad10a60cf907fbb8225e1e984653eb55e586254946cac05d85e318044e638920b689557680c4198634fdab5a37639886981c04b4c7e5e2609f793f6cbc27922fa0606783b0ffec9b62ec38816542d70732f869c1366e2e813bbf10ffd51517c370303bb80202e00d0e6cdbef70f967754ac696279683b4419888d19115656bc3f677f98479a30be1df4cfa5cc0a297fc43a9c4a849feb66eb5b79d709999172715278ce632f7c7c959dd4d70044444fec83d6b47daa12310e7ac8ced8b2c5380139ee9be320542da12d003fe52ee6ed32308fe1fc92d4c93a9417c3776f89afb406f0639f07c25757df720932c803fd11748a7317b218c1945f8374903a60323f8841e1f02efc04f3b5e7f010344992e99f8656d69b8790eee8373fba768c4e2955f448cbe66d68af31587d23a57e9ee5333fd78af95119ff44194a3c12485eb3dee1ce3a79feffa66add411f6b6c573939b9e75427ae38e3d4c71f1fcd4dbafce689b991ffb519adc33d210838ce1417f7cd40e5d0567682c573050cd327c2ab20e5a3599894fb17e54ba376055eb626b396ac9454e9027c04e429690fc433414b2a14c55edfc4c5be25debf16175b8e05a979e8d35f2762483d82813154f004573bb8b9f41b56e4cfe6a733dd86357c8d25294d2fc6259f5688ee729f553da2bc646165226dc16b4a2494face3d5fe62cd824f150f2592feeee9ce84ad31a5bcc1eabacf860433659bf0b182f9393d82c9f7cb089fdfd08c112d511951bba3745ce9084a49f3bac16091277c97be468883a6ae1170e93279b5d0da829ae23f7a62b61d958bee33999b13035b28fec07b395d071a944420193693b69355ed728339a8977c3d3205ec5be5b745e729c136f3b2e163df59d77ef43720740dad97cad4f254d3778c9b65d8b168b466b81547b6c3221b7ceaee2bbdc1765ff2858cc3d3bd1ac931e9f314f9cfa8d86804762c7d74d8bb846e380b6ce233010824e5e91c139aa06e4201e3ff7248217a8a99c7db9a510f54834df71d907fd8a89b5acfc157cc37dedd42a5f0c44f89c0f19783ef6f9014099492ce5113e2e8c30aeb26efb3b446dcd97f704b5fee12c9abfae22709c55bf297ebdff1887bded57a4cdc6c8829d04a7af2a18f0f7f3f8824deac727cb23696dc9dfc3d98071f1693feb58fbc972a36e666299948fd5bc16bfa882193323f21a5342bd0e417aa5e4cf74599595ff6dbe3807e983797fb2c84876be8a61150f54c208860578d200acabf207a8070473a694cec05c672785dfc00cbc84da2eae51680ddf97b738c3951f60363996bc20a76509bffcfb82d246518286148ff95acc0264085ebcc7cb418d2dfc71793d30c1f4a6bde7c66c0e24aa361bd2b70a007d66f5813503f7a9ea53ca7211134db5e0502a2b155f0d5c40a0793398b9d1ac8059e90e786554ccdf40649253cc57d1155f0742b3d04435d7ceb46bd8d41ea3952fd024873720361c9f06d9eb2a8071061e3e94a65c653422c421f2f005b2533a36f5a3076387492624fa5f289ced912ac913f458d44ebf515f5cb38ded1a750c9e4541367cdaa8c6727bb73db63b943540acf1b826610e39ccec13c6561ffd6ab6f91ace951e8b6d0f9e354f1f05b44b00d811a87d324de505343c62991e1306ce302bde0480d5b9d776282e6e22ed818af1cf0fdd69c8bf9cc30606bb3ff062b90872fb6620e1a97e951d0f9c53dc8b2ad82253c30b4a6754ec591a87b732ce39d3ea3fff1736d7915785412ffe82ca33c470a7b04a633b3ecf36a442db0c54d30c06428b4e25b51cedb515454cf04bc1997608f5fbe50432184befef749eb49615c565f3e0c6843650859582eaf2c3a35fd749095ed8efa90cc07efc2fc8b5e580179c93e6eef9cfb0476fb38390376485f", 0x1000}, 0x1010) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f00000000c0)) pwrite64(r0, 0x0, 0x0, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000140)={0x0, 0x0, 0x0}) sched_yield() [ 1441.943749] tty_ioctl+0x8f7/0x1320 [ 1441.943761] ? hci_uart_tty_poll+0x10/0x10 [ 1441.952856] ? tty_vhangup+0x30/0x30 [ 1441.952876] ? __might_sleep+0x93/0xb0 [ 1441.952886] ? __fget+0x210/0x370 [ 1441.952903] ? tty_vhangup+0x30/0x30 [ 1441.952914] do_vfs_ioctl+0x7ae/0x1060 [ 1441.952926] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1441.952936] ? lock_downgrade+0x6e0/0x6e0 [ 1441.952946] ? ioctl_preallocate+0x1c0/0x1c0 [ 1441.952956] ? __fget+0x237/0x370 [ 1441.952971] ? security_file_ioctl+0x89/0xb0 [ 1441.952981] SyS_ioctl+0x8f/0xc0 [ 1441.952990] ? do_vfs_ioctl+0x1060/0x1060 [ 1441.953002] do_syscall_64+0x1e8/0x640 [ 1441.953011] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1441.953026] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1441.953033] RIP: 0033:0x4592c9 [ 1441.953039] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1441.953049] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1441.953059] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 13:34:50 executing program 3: syz_mount_image$ntfs(&(0x7f00000004c0)='ntfs\x00', &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x200000, 0x0) [ 1441.961006] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1441.961012] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1441.961018] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1442.110211] Bluetooth: Unknown HCI packet type 5e [ 1442.118719] Bluetooth: Unknown HCI packet type 43 [ 1442.137692] Bluetooth: Unknown HCI packet type 5e 13:34:50 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x1, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000000)={@remote}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getegid() stat(0xfffffffffffffffe, 0x0) fcntl$setstatus(r2, 0x4, 0x40000) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000680)={{{@in=@initdev, @in6=@local}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in6=@dev}}, 0x0) geteuid() openat$vcs(0xffffffffffffff9c, &(0x7f0000001440)='/dev/vcs\x00', 0x1, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f00000000c0)={0x0, 0x0}) fallocate(r1, 0x0, 0x10000, 0xffffffffffffff9b) syz_mount_image$nfs(&(0x7f0000000280)='nfs\x00', &(0x7f00000002c0)='./file0\x00', 0xe22, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x8}], 0x0, 0x0) fchmod(r0, 0x0) readv(r0, &(0x7f00000013c0)=[{&(0x7f0000000080)=""/104, 0x68}, {&(0x7f0000000100)=""/145, 0x91}, {0x0}, {&(0x7f0000001280)=""/167, 0xa7}, {&(0x7f0000001340)=""/19, 0x13}, {&(0x7f0000001380)=""/63, 0x3f}], 0x6) syz_open_dev$dri(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[], 0xfffffcda}, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 1442.144308] Bluetooth: Unknown HCI packet type 50 [ 1442.166577] device nr0 entered promiscuous mode [ 1442.180703] Bluetooth: Unknown HCI packet type 5e [ 1442.198303] Bluetooth: Unknown HCI packet type 40 13:34:50 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:34:50 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = epoll_create1(0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) unshare(0x400) fcntl$lock(r0, 0x5, &(0x7f0000000040)={0x8000000001}) 13:34:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0b") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:34:51 executing program 0: timer_create(0x1, &(0x7f0000000000)={0x0, 0x27, 0x6, @tid=0xffffffffffffffff}, &(0x7f0000000080)=0x0) timer_delete(r0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x0, 0x0) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) write(r3, &(0x7f00000001c0)="b202eca3fa99acc96bcae3f1ae45a2d3f7e26a2aa51fb72e4f45220214ca25136f8212a64fd9bf6bdcc0488ef501b002bc952daf25fcb79bc6b4d6c223e9316c624a159edc10bbadf73f860d4c20f1dcf8a5bb368334041375543ab40b73cf1544006af53b3109a457511a981d0311267d1c1f8dca69606b9f1300170d2b6bbde3265bf7c720b77ee20073391f56ece8f1016da378130a08", 0x98) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x4) ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000180)) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000280)=0x4) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000100)=0x3) [ 1442.628914] Bluetooth: Unknown HCI packet type 5e [ 1442.636487] Bluetooth: Unknown HCI packet type 43 [ 1444.150090] Bluetooth: hci0 command 0x1003 tx timeout [ 1444.155426] Bluetooth: hci0 sending frame failed (-49) [ 1444.630211] Bluetooth: hci1 command 0x1003 tx timeout [ 1444.635544] Bluetooth: hci1 sending frame failed (-49) [ 1446.230265] Bluetooth: hci0 command 0x1001 tx timeout [ 1446.235711] Bluetooth: hci0 sending frame failed (-49) [ 1446.710272] Bluetooth: hci1 command 0x1001 tx timeout [ 1446.715613] Bluetooth: hci1 sending frame failed (-49) [ 1448.310179] Bluetooth: hci0 command 0x1009 tx timeout [ 1448.790234] Bluetooth: hci1 command 0x1009 tx timeout 13:35:01 executing program 5 (fault-call:4 fault-nth:70): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:35:01 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0xa, 0x1, 0x0, "dcc3be6175bdf7718f56a6e2217c8d244cfe1172b2010000004000"}) 13:35:01 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x1, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000000)={@remote}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getegid() stat(0xfffffffffffffffe, 0x0) fcntl$setstatus(r2, 0x4, 0x40000) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) geteuid() openat$vcs(0xffffffffffffff9c, &(0x7f0000001440)='/dev/vcs\x00', 0x1, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f00000000c0)={0x0, 0x0}) fallocate(r1, 0x0, 0x10000, 0xffffffffffffff9b) syz_mount_image$nfs(&(0x7f0000000280)='nfs\x00', &(0x7f00000002c0)='./file0\x00', 0xe22, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x8}], 0x0, 0x0) fchmod(r0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[], 0xfffffcda}, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1fe, 0x400000000000) 13:35:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0b") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:35:01 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000000000)=0x1, 0x4) 13:35:01 executing program 3: syz_open_dev$sg(0x0, 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_DESTROY(r0, &(0x7f00000001c0)={0x8}, 0x4) [ 1452.728264] Bluetooth: Unknown HCI packet type 5e [ 1452.733774] Bluetooth: Unknown HCI packet type 43 [ 1452.741517] FAULT_INJECTION: forcing a failure. [ 1452.741517] name failslab, interval 1, probability 0, space 0, times 0 [ 1452.805193] CPU: 1 PID: 23557 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1452.812354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.812361] Call Trace: [ 1452.812389] dump_stack+0x138/0x19c [ 1452.812410] should_fail.cold+0x10f/0x159 [ 1452.812428] should_failslab+0xdb/0x130 [ 1452.812443] kmem_cache_alloc+0x2d7/0x780 [ 1452.812454] ? wait_for_completion+0x420/0x420 [ 1452.812473] __kernfs_new_node+0x70/0x420 [ 1452.812486] kernfs_new_node+0x80/0xf0 13:35:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1452.812499] __kernfs_create_file+0x46/0x323 [ 1452.812519] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1452.812534] sysfs_add_file+0x4f/0x60 [ 1452.812548] sysfs_merge_group+0xe2/0x210 [ 1452.825026] dpm_sysfs_add+0x121/0x1b0 [ 1452.825040] device_add+0x968/0x1490 [ 1452.825056] ? device_private_init+0x190/0x190 [ 1452.825075] rfkill_register+0x19c/0xb20 [ 1452.825089] hci_register_dev+0x34b/0x810 [ 1452.825103] ? __raw_spin_lock_init+0x2d/0x100 [ 1452.832990] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1452.833006] tty_ioctl+0x8f7/0x1320 [ 1452.833015] ? hci_uart_tty_poll+0x10/0x10 [ 1452.833026] ? tty_vhangup+0x30/0x30 [ 1452.833046] ? __might_sleep+0x93/0xb0 [ 1452.833055] ? __fget+0x210/0x370 [ 1452.833069] ? tty_vhangup+0x30/0x30 [ 1452.833078] do_vfs_ioctl+0x7ae/0x1060 [ 1452.833089] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1452.833100] ? lock_downgrade+0x6e0/0x6e0 [ 1452.833119] ? ioctl_preallocate+0x1c0/0x1c0 [ 1452.833130] ? __fget+0x237/0x370 [ 1452.833147] ? security_file_ioctl+0x89/0xb0 [ 1452.833160] SyS_ioctl+0x8f/0xc0 [ 1452.839716] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.841314] ? do_vfs_ioctl+0x1060/0x1060 [ 1452.841329] do_syscall_64+0x1e8/0x640 [ 1452.841338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1452.841354] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1452.841363] RIP: 0033:0x4592c9 [ 1452.841369] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1452.841382] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1452.841388] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1452.841394] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1452.841400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1452.841406] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1452.887477] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.898932] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.913009] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.918770] Bluetooth: Unknown HCI packet type 5e [ 1452.922724] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.927501] Bluetooth: Unknown HCI packet type 43 [ 1452.930720] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.942221] Bluetooth: Unknown HCI packet type 5e [ 1452.944591] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.947161] Bluetooth: Unknown HCI packet type 50 [ 1452.952053] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.962484] Bluetooth: Unknown HCI packet type 5e [ 1452.966656] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.973135] Bluetooth: Unknown HCI packet type 40 [ 1452.981880] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1452.988483] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1453.135322] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz1 13:35:01 executing program 3: syz_open_dev$sg(0x0, 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_DESTROY(r0, &(0x7f00000001c0)={0x8}, 0x4) 13:35:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:01 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x1, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000000)={@remote}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getegid() stat(0xfffffffffffffffe, 0x0) fcntl$setstatus(r2, 0x4, 0x40000) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) geteuid() openat$vcs(0xffffffffffffff9c, &(0x7f0000001440)='/dev/vcs\x00', 0x1, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f00000000c0)={0x0, 0x0}) fallocate(r1, 0x0, 0x10000, 0xffffffffffffff9b) syz_mount_image$nfs(&(0x7f0000000280)='nfs\x00', &(0x7f00000002c0)='./file0\x00', 0xe22, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x8}], 0x0, 0x0) fchmod(r0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[], 0xfffffcda}, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 1453.265037] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.279140] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.315736] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.324564] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.332569] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.342326] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.350254] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.358301] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 13:35:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1453.367825] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.374997] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.382873] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1453.394423] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1454.790178] Bluetooth: hci0 command 0x1003 tx timeout [ 1454.795570] Bluetooth: hci0 sending frame failed (-49) [ 1454.950164] Bluetooth: hci1 command 0x1003 tx timeout [ 1454.955497] Bluetooth: hci1 sending frame failed (-49) [ 1456.870298] Bluetooth: hci0 command 0x1001 tx timeout [ 1456.875749] Bluetooth: hci0 sending frame failed (-49) [ 1457.040280] Bluetooth: hci1 command 0x1001 tx timeout [ 1457.046317] Bluetooth: hci1 sending frame failed (-49) [ 1458.950232] Bluetooth: hci0 command 0x1009 tx timeout [ 1459.110248] Bluetooth: hci1 command 0x1009 tx timeout 13:35:11 executing program 5 (fault-call:4 fault-nth:71): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:35:11 executing program 3: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000000)="a2e6fa9a", 0x4) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendto$inet6(r0, &(0x7f0000000100)="ce841000fa13000400910efc1fb35c22cc6dc3798ca5493fe155208f80002900257faf5ec2cc0542050000002e9b64c47af6363bbd84500000000080000001b3f60b3b9652c62ae5d6d5949cdabe2c6646f85ecd5ca7958ac07e8994b45898b64a9e2a308fdbf1a3", 0x68, 0x0, 0x0, 0x0) 13:35:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7b") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:35:11 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:11 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x1, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000000)={@remote}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getegid() stat(0xfffffffffffffffe, 0x0) fcntl$setstatus(r2, 0x4, 0x40000) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r3, 0x7006) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) geteuid() openat$vcs(0xffffffffffffff9c, &(0x7f0000001440)='/dev/vcs\x00', 0x1, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f00000000c0)={0x0, 0x0}) fallocate(r1, 0x0, 0x10000, 0xffffffffffffff9b) syz_mount_image$nfs(&(0x7f0000000280)='nfs\x00', &(0x7f00000002c0)='./file0\x00', 0xe22, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x8}], 0x0, 0x0) fchmod(r0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[], 0xfffffcda}, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1fe, 0x400000000000) 13:35:11 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000), 0x4) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:35:12 executing program 3: pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4003) write$binfmt_script(r0, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0], 0x17) close(r0) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ubi_ctrl\x00', 0x0, 0x0) execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)=[&(0x7f0000000300)='bond0\x00\xe1\x00\n\x00!!\x00\x01\x00'], 0x0) [ 1463.657765] FAULT_INJECTION: forcing a failure. [ 1463.657765] name failslab, interval 1, probability 0, space 0, times 0 [ 1463.669239] CPU: 1 PID: 23617 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1463.676383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1463.685935] Call Trace: [ 1463.685968] dump_stack+0x138/0x19c [ 1463.685987] should_fail.cold+0x10f/0x159 [ 1463.686004] should_failslab+0xdb/0x130 [ 1463.686019] kmem_cache_alloc+0x2d7/0x780 [ 1463.686030] ? wait_for_completion+0x420/0x420 [ 1463.686052] __kernfs_new_node+0x70/0x420 [ 1463.686068] kernfs_new_node+0x80/0xf0 [ 1463.686080] __kernfs_create_file+0x46/0x323 [ 1463.686091] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1463.686104] sysfs_add_file+0x4f/0x60 [ 1463.686127] sysfs_merge_group+0xe2/0x210 [ 1463.686147] dpm_sysfs_add+0x121/0x1b0 [ 1463.686161] device_add+0x968/0x1490 [ 1463.686174] ? device_private_init+0x190/0x190 [ 1463.686193] rfkill_register+0x19c/0xb20 [ 1463.686208] hci_register_dev+0x34b/0x810 [ 1463.686218] ? __raw_spin_lock_init+0x2d/0x100 [ 1463.686238] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1463.686256] tty_ioctl+0x8f7/0x1320 [ 1463.686266] ? hci_uart_tty_poll+0x10/0x10 [ 1463.686277] ? tty_vhangup+0x30/0x30 [ 1463.686296] ? __might_sleep+0x93/0xb0 [ 1463.686308] ? __fget+0x210/0x370 [ 1463.686328] ? tty_vhangup+0x30/0x30 [ 1463.686343] do_vfs_ioctl+0x7ae/0x1060 [ 1463.686358] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1463.686369] ? lock_downgrade+0x6e0/0x6e0 [ 1463.686387] ? ioctl_preallocate+0x1c0/0x1c0 13:35:12 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:12 executing program 1: mkdir(&(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='ramfs\x00', 0x1, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mkdir(&(0x7f0000000000)='./file1\x00', 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) dup2(r0, r1) [ 1463.686400] ? __fget+0x237/0x370 [ 1463.686423] ? security_file_ioctl+0x89/0xb0 [ 1463.686434] SyS_ioctl+0x8f/0xc0 [ 1463.686443] ? do_vfs_ioctl+0x1060/0x1060 [ 1463.686453] do_syscall_64+0x1e8/0x640 [ 1463.686463] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1463.686480] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1463.686490] RIP: 0033:0x4592c9 [ 1463.693086] RSP: 002b:00007fc6c3e87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1463.693099] RAX: ffffffffffffffda RBX: 00007fc6c3e87c90 RCX: 00000000004592c9 13:35:12 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000280)={0x4, 0x8}, 0xfffc) [ 1463.693106] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1463.693118] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1463.693125] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3e886d4 [ 1463.693131] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1463.888403] Bluetooth: Unknown HCI packet type 5e 13:35:12 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/127, 0x7f}], 0x1}}], 0x1, 0x0, 0x0) 13:35:12 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1465.590199] Bluetooth: hci0 command 0x1003 tx timeout [ 1465.602728] Bluetooth: hci0 sending frame failed (-49) [ 1465.910199] Bluetooth: hci1 command 0x1003 tx timeout [ 1465.916871] Bluetooth: hci1 sending frame failed (-49) [ 1467.670343] Bluetooth: hci0 command 0x1001 tx timeout [ 1467.675759] Bluetooth: hci0 sending frame failed (-49) [ 1467.990244] Bluetooth: hci1 command 0x1001 tx timeout [ 1467.995861] Bluetooth: hci1 sending frame failed (-49) [ 1469.750297] Bluetooth: hci0 command 0x1009 tx timeout [ 1470.070244] Bluetooth: hci1 command 0x1009 tx timeout 13:35:22 executing program 5 (fault-call:4 fault-nth:72): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:35:22 executing program 1: r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000000)=0x8, 0x4) 13:35:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7b") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:35:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) ioctl$TIOCNXCL(r1, 0x540d) 13:35:22 executing program 3: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$PPPIOCGIDLE(r1, 0x8008743f, 0x0) 13:35:22 executing program 1: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000000a43ba5d806055b6fdd80b", 0x34}], 0x1}, 0x0) [ 1474.474123] Bluetooth: Unknown HCI packet type 5e [ 1474.480904] Bluetooth: Unknown HCI packet type 43 [ 1474.495304] FAULT_INJECTION: forcing a failure. [ 1474.495304] name failslab, interval 1, probability 0, space 0, times 0 [ 1474.508315] CPU: 1 PID: 23659 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1474.515725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1474.525120] Call Trace: [ 1474.527747] dump_stack+0x138/0x19c [ 1474.531437] should_fail.cold+0x10f/0x159 [ 1474.535718] should_failslab+0xdb/0x130 [ 1474.540072] kmem_cache_alloc+0x2d7/0x780 [ 1474.544681] ? wait_for_completion+0x420/0x420 [ 1474.549949] __kernfs_new_node+0x70/0x420 [ 1474.554867] kernfs_new_node+0x80/0xf0 [ 1474.554881] __kernfs_create_file+0x46/0x323 [ 1474.554891] sysfs_add_file_mode_ns+0x1e4/0x450 [ 1474.554902] sysfs_add_file+0x4f/0x60 13:35:22 executing program 3: openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000340)) connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x3, @remote, 'gre0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 1474.554911] sysfs_merge_group+0xe2/0x210 [ 1474.554924] dpm_sysfs_add+0x121/0x1b0 [ 1474.554934] device_add+0x968/0x1490 [ 1474.554946] ? device_private_init+0x190/0x190 [ 1474.554962] rfkill_register+0x19c/0xb20 [ 1474.554974] hci_register_dev+0x34b/0x810 [ 1474.554984] ? __raw_spin_lock_init+0x2d/0x100 [ 1474.555000] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1474.555013] tty_ioctl+0x8f7/0x1320 [ 1474.555026] ? hci_uart_tty_poll+0x10/0x10 [ 1474.616412] ? tty_vhangup+0x30/0x30 [ 1474.620265] ? __might_sleep+0x93/0xb0 [ 1474.624271] ? __fget+0x210/0x370 [ 1474.627927] ? tty_vhangup+0x30/0x30 [ 1474.631775] do_vfs_ioctl+0x7ae/0x1060 [ 1474.636046] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1474.640938] ? lock_downgrade+0x6e0/0x6e0 [ 1474.647061] ? ioctl_preallocate+0x1c0/0x1c0 [ 1474.651619] ? __fget+0x237/0x370 [ 1474.655129] ? security_file_ioctl+0x89/0xb0 [ 1474.660313] SyS_ioctl+0x8f/0xc0 [ 1474.664262] ? do_vfs_ioctl+0x1060/0x1060 [ 1474.670126] do_syscall_64+0x1e8/0x640 [ 1474.674273] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1474.680082] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1474.686193] RIP: 0033:0x4592c9 [ 1474.689521] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1474.698154] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1474.705816] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1474.713778] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:35:23 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:23 executing program 1: r0 = socket$tipc(0x1e, 0x1, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x85, &(0x7f0000000500), 0x4) [ 1474.721435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1474.729531] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1474.748212] Bluetooth: Unknown HCI packet type 5e 13:35:23 executing program 3: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x100000000014b03e, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)='I', 0x1}], 0x1) 13:35:23 executing program 1: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000090a43ba5d806055b6fdd80b40000000140003000929ec2400020cd37e99d69cda45a95e", 0x4c}], 0x1}, 0x0) [ 1476.550113] Bluetooth: hci1 command 0x1003 tx timeout [ 1476.555520] Bluetooth: hci1 sending frame failed (-49) [ 1476.790736] Bluetooth: hci0 command 0x1003 tx timeout [ 1476.796081] Bluetooth: hci0 sending frame failed (-49) [ 1478.630244] Bluetooth: hci1 command 0x1001 tx timeout [ 1478.635616] Bluetooth: hci1 sending frame failed (-49) [ 1478.870254] Bluetooth: hci0 command 0x1001 tx timeout [ 1478.877535] Bluetooth: hci0 sending frame failed (-49) [ 1480.710208] Bluetooth: hci1 command 0x1009 tx timeout [ 1480.950205] Bluetooth: hci0 command 0x1009 tx timeout 13:35:33 executing program 5 (fault-call:4 fault-nth:73): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:35:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='uid_map\x00\x10\xff\x01\x00 \xd5.\xec\xdd`\x9cgL\xafoe\x84m\xa9\xfd\xda\xd9\x1a\x16f\xa9\x1b\x04\x80\xa5\xcb\xbb#2\xf0\xff\xf2m\x1c4\xa2\xa6?\x88U\xdc\xa5\xda\xae\x987\xb3\x17\xec\x9a\xc7)7\xcf8MJ*Xd\x82\xe1=\r\xf2\x9ck0\xe0\x15\xcd<\xbc\xbf\x853^\xc5E]\x98`7\xd9\v\x06T\xb8n5\xad\xcb,\x80\xde\x1f\xce\x9c\x7f\xe8\x1f;n@\xeb\x02\xd4\x9bo\x96\xa0\x06\x7f') close(r1) 13:35:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:33 executing program 1: r0 = syz_open_dev$usb(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0xa0, 0x0, &(0x7f0000000800)=[@acquire_done={0x40106309, 0x3}, @increfs_done={0x40106308, 0x2}, @acquire_done={0x40106309, 0x3}, @decrefs={0x40046307, 0x1}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000740)={@ptr={0x70742a85, 0x0, &(0x7f00000006c0)=""/100, 0x64, 0x0, 0x39}, @fda={0x66646185, 0x6, 0x0, 0x39}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000007c0)={0x0, 0x28, 0x48}}}, @exit_looper, @enter_looper, @clear_death={0x400c630f, 0x1}], 0x75, 0x0, &(0x7f00000008c0)="5bf1089c01b065bbbcb2b98bc533daf0a4f897284d7bc3061a8692ad617481494ba998d0b4425ed15f46184eac9d9f99cfcdf8b5be05e2a90d58f5e5a9367202d9508da57136aacd20524881ed9048b8c8222f90d00a7b96e310af8a569e17a50bcc8575e05008ba9dc0fcb2b627e0a8b5762a6d9f"}) syz_open_dev$evdev(0x0, 0x6, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000200), &(0x7f0000000680)=0x14) r1 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0xb69, 0x2081) write$UHID_INPUT(r1, &(0x7f0000002300)={0x8, "98571c6fcf4b7f6c5896660503e551d5b4ecb0a8a39b7996c9ab7126ab5c2a886fde126e4fbbd70f1f6e481b98dab990ee1803e1e2bdd0438c71030aa7fcc9b9bb3002747f9700c08808a5e9ca23c14693b1327dacecdd6370ddd638cb84893d9eb71ffd5c81f2b255c81cda89ffc1bd922c2dc254650c12498b20d081195156365216e3623644678c50170c959d8676082e1d3fa105fe28ef882ad3e9e1bee815d09e0f478a93a4ca4020c69527e4183ed41212593b56370bac9f22f0b02c06411fde5068feb4ce8ddd57f437aca8cb3ceab4cbcc425688dfb9e43bd992b562efe7577de621ce46653a7352f875fd29969a2486ec6af75b4c748620107e9b678562e6ad9a343d1246733671e9024733b867e4dbb27521b488163a5e0212edc9f11d6ed64621ae8af129cc38936c0a25668304ff7353cd8a666e31d53aa7727147b686286b7aac52723bad7b19e6e6892e8f0489a947bd644ab312f232fa2a4038aaae5cbad63ff4fbf6bbe2a7266f508a508b4948370953260e1e1377155a71b9ae21d9e2b5fd77d1986892ed85c5dee65b40691ce115b73caa18ad40523c265b8d044395716f7d989c88c2ed667fe75d9955aed1a41fd1afc2791c137077d159b0cb56e34e3a67b6a705e9c10bafe413b2b21b538c39ae61364d200511c109ddc03f76892e7d0e85acd68b25e0b7ddbed82ecd4c0f4db8ee48f6cce526f4fb4a5faf60857e9c4a6e9b2251854edb69fbeadc1d4caf073e36ac505effe36b71b908c5eb479b2a0e2062172464720db97341c801c9caa93ce6d9de4fa9f9bd56dcdb106c04c503d284dd6964c4ae57b977de1757b41b3fe54c2fbcdd83d7b17fe04afed4d529b416fab1b916d883d0de2de85252f8336c09a06d1d663ed1afde2e9cbeda051f4729c16f2ab6ee31a54889bc900496b3f989e8d5a20f8eb63f800ee8cfc0011da19dbfe194e3d10299cfd88d0ab12f73d4e05b6ed4534677a31e9e7d97b130c457749acc9d031bd42d0afd867220bbf06083f2d67787021362e6372995145198f3c6fe7842e3be8c87c937fbffe07c87566d97af7fc06ce3c9ccae5de77557e0b418f80f0f8bf4c93f32cf5d71099cdbb6a7f60ebd1201b1551d88d93b441b017d941b8da0880aa7aea75c6ed4922d9e2409c7059df0b71ad4fda1cabeaf2297110f76592bd6c4a62253f10061fdd6fc2150470bfd79e36016dc1c5d8bb18cf12d855883a0a5dfca0b6ae6c525b149f6dd3d2c350fbc28c54cc2fb9bbf9873a6be5e326ca5b1d349f71662339b322ed2aaad97f344645e61a2edff10e5fb7e42056bc49651bbf675406d0f13727908be81ec51d2d4c6defb42d17986eac5886e67d0d716517b7ab5c72d6e29c7dfe93a187e83b8e014187646e7b81f5f55d5b868321c5b69640dc8f149417793b2f6664f2f7117268235fab3e3573c3e9452eb05ef091f716d26ecca2766040cb91a77b264db722b22fc6b9a98e39bb35557d6426d4ffcf77f1eb19668cf3bf58fd055afdfca68aea699cbb18c689be45dc0abada9b59e90c3d16ef893d5cf980bbf6f5000576c2611fdb9a26db2a161e77b724690eb695c82c8bfc911c7f87bd861932f6332a9e1a0894b3cc572acb06d4c7305fe9f435a742e367fc003c49d88631de2a53711bc4eaa909fd3f1739f9ff832a42f8b00580913b51a1acb17689916be28519a8173d493a8f420b70ee748a2bcd57c9e0ae8ad49afd970baccd9e2f9f578083df47c904d2994f6ca2d04ccff3063d9edad6fcf45bebfd0a34823f608cf415007be6bf81b4d480032113894d098030f1105fbf885ceca8b7061ee6e0827cb605edd73b8e4ca0b69a5feb63c7d71ec4c31787547f62976981f55bb6e46b8593544c684fa928097cd92654f4627c41cad570c4c6c322195e987677c61e517184559355efda69b3ba7f0bd45efeb7388490f66f81ada3cec71ca24aafdc2321a3d9ea87c5e341ddc51eb023d97d9de274bf1d331eb4838f29933463ede0c707ccc033d34118e0233218bc273bf20742c58fe63e881f5cde391d45370759b1a82ec3a887a3b692992377857c9f48a434380d43b27529f9f12dae6ddbf303e80f902b1adc611729671d50b79644d88b853aa74e3a64fd94440f729655f339faadefacd3212ce30e8acbfe08943a1380e3a06e7597a616d5bba5814a58b4053528455e2e5cbd9f3c7a044125a2776dd70f7a277af59ee6dacf77a926cdd9f7696ef6f04118d8ebe3d112eb77fab9026aeeb7590ad2b92c284cad945251846ac77f38dc57e8f8166e504ec26c6fcce4ceb072165cba385ea71c2a1abfc765f679dd763bb3b88f48675d5cf0d7d7a02d3049f693a96279a0fca85ac8ce0910eec88bdf2b49f79cab7fac55a3418a4ff8aba1a326b9400057f879609f123cd322f707583c52474e53a983a9632353bebe8e2aa6d55970b42fa333a5930f32f2a88baa7762ab6dcb09ddc648586974b0ba4447f99460c21f447f256759aa801c86a6b5d8bbb313250e07918316ac905586544da69fb253b25844b0378d648225a5f605fd5875a2d0e09627c7266fbed2dfc28ce235fca921588cd385b10eb3c206c55783597f440a61701a3c2a79739ddd0da6fdd1d74e0d34d7d0db477db75b35f68fff334fca547df0a85fdeb7db9e8deb0870593c07714503170744e153404f5184c65ffd883884ff5da679f6239f4d054e908dc31827f1efc0ef525c8ebc0bb2d3ae330be90ba1ba7981811dc26b8d2093615ff000caceb4de34cc2b1798a16a2ff7468ca92a6a0ba2e86c63612b9a6b7ba84eabd3e4f22270904bbdd33fd1e021f4816d1f64060d784255b6d8a0808af0598495ba225e9907597cbc576577c201183d67a1db0f77b13e1370d68213d96c45befa3b2271ec40aec85da3fa172e83015f27561a54e16837bcf9f3cad9da3e13411afadcdad1c3c634f252c2caef62a80d026db05abfaa344d47438c5d9bf00ed183d4319eb57f8cd2707cbd887aed43c0f2f4211bcf93ced3ebb7daec29a6fe64cae5d13a3996399a276bd0d3b620569ea5f996bdcf17583cf758c1174edbac31558c7f134476f6dd47d02b08ac0c3ee1a69c041bd2f2ac674d059126fa6a3ca905b50523ee681dd3d2a22d330c696fb948f827392f0390a13be7fc5751dc4643f0b4f7c18635cda833d957a567d1b76bf73b1c5c5f7f6178235e00602bd6c59de3d6c050be5831106ec7c7791c6a2b938c326591faeebaab070c4001196537c17d77f9d388d84040405409792b21a8a806489edc0585a3d22c0c527831c5585acfdb85bd8896fb36effc9c468441a0beaed5f4ba911a1c3fa9b31d0702d8f708cf21b22f8016f3dedd63da231364bbb1e4a8e2493038963962d5f301d6118d0624b54c65cbf7213356015dc0e2170f74079bd67751f0cc9958fa4b935098565337d742238144c856e0c96f867ec2252b755ffdef3d70917050d5ad28afa9de063fb3d0dbecae4a2a1ea84b97b6e99d7c736a2305dc4e36c5af7130083b7cb2abb0ba3d3a40365871f48c375dec283c33dc3939e72f3cbfc3cbc3166ce4086f7a742f3d0c1d4ed1cdf6ef69b343ca19c186ff888ada3fe95ed2ca54e80c7dba1b9447011a703fbae5b29fadba2100abb47aa7d205767144b3b17bee74f4d360447bfb4ab14ca5d161a55bee42aa3656b57a23e18335dafca21f907d2746ddd63668c1249dc1fa96d8870f2adf181b066ebaaa2139e0be2a64b55f87a39f6923a5fd172ace89df00f3dd6ced1184d760a45c3f0a3dcdf3a41b2720eb380f05681a6ed476a84b2835cefc2bb52b0608a568b0e821f1cdc5821faa6d26fb767da3a8ffb6feb36eca4311fd0e6e2815e37ad10a60cf907fbb8225e1e984653eb55e586254946cac05d85e318044e638920b689557680c4198634fdab5a37639886981c04b4c7e5e2609f793f6cbc27922fa0606783b0ffec9b62ec38816542d70732f869c1366e2e813bbf10ffd51517c370303bb80202e00d0e6cdbef70f967754ac696279683b4419888d19115656bc3f677f98479a30be1df4cfa5cc0a297fc43a9c4a849feb66eb5b79d709999172715278ce632f7c7c959dd4d70044444fec83d6b47daa12310e7ac8ced8b2c5380139ee9be320542da12d003fe52ee6ed32308fe1fc92d4c93a9417c3776f89afb406f0639f07c25757df720932c803fd11748a7317b218c1945f8374903a60323f8841e1f02efc04f3b5e7f010344992e99f8656d69b8790eee8373fba768c4e2955f448cbe66d68af31587d23a57e9ee5333fd78af95119ff44194a3c12485eb3dee1ce3a79feffa66add411f6b6c573939b9e75427ae38e3d4c71f1fcd4dbafce689b991ffb519adc33d210838ce1417f7cd40e5d0567682c573050cd327c2ab20e5a3599894fb17e54ba376055eb626b396ac9454e9027c04e429690fc433414b2a14c55edfc4c5be25debf16175b8e05a979e8d35f2762483d82813154f004573bb8b9f41b56e4cfe6a733dd86357c8d25294d2fc6259f5688ee729f553da2bc646165226dc16b4a2494face3d5fe62cd824f150f2592feeee9ce84ad31a5bcc1eabacf860433659bf0b182f9393d82c9f7cb089fdfd08c112d511951bba3745ce9084a49f3bac16091277c97be468883a6ae1170e93279b5d0da829ae23f7a62b61d958bee33999b13035b28fec07b395d071a944420193693b69355ed728339a8977c3d3205ec5be5b745e729c136f3b2e163df59d77ef43720740dad97cad4f254d3778c9b65d8b168b466b81547b6c3221b7ceaee2bbdc1765ff2858cc3d3bd1ac931e9f314f9cfa8d86804762c7d74d8bb846e380b6ce233010824e5e91c139aa06e4201e3ff7248217a8a99c7db9a510f54834df71d907fd8a89b5acfc157cc37dedd42a5f0c44f89c0f19783ef6f9014099492ce5113e2e8c30aeb26efb3b446dcd97f704b5fee12c9abfae22709c55bf297ebdff1887bded57a4cdc6c8829d04a7af2a18f0f7f3f8824deac727cb23696dc9dfc3d98071f1693feb58fbc972a36e666299948fd5bc16bfa882193323f21a5342bd0e417aa5e4cf74599595ff6dbe3807e983797fb2c84876be8a61150f54c208860578d200acabf207a8070473a694cec05c672785dfc00cbc84da2eae51680ddf97b738c3951f60363996bc20a76509bffcfb82d246518286148ff95acc0264085ebcc7cb418d2dfc71793d30c1f4a6bde7c66c0e24aa361bd2b70a007d66f5813503f7a9ea53ca7211134db5e0502a2b155f0d5c40a0793398b9d1ac8059e90e786554ccdf40649253cc57d1155f0742b3d04435d7ceb46bd8d41ea3952fd024873720361c9f06d9eb2a8071061e3e94a65c653422c421f2f005b2533a36f5a3076387492624fa5f289ced912ac913f458d44ebf515f5cb38ded1a750c9e4541367cdaa8c6727bb73db63b943540acf1b826610e39ccec13c6561ffd6ab6f91ace951e8b6d0f9e354f1f05b44b00d811a87d324de505343c62991e1306ce302bde0480d5b9d776282e6e22ed818af1cf0fdd69c8bf9cc30606bb3ff062b90872fb6620e1a97e951d0f9c53dc8b2ad82253c30b4a6754ec591a87b732ce39d3ea3fff1736d7915785412ffe82ca33c470a7b04a633b3ecf36a442db0c54d30c06428b4e25b51cedb515454cf04bc1997608f5fbe50432184befef749eb49615c565f3e0c6843650859582eaf2c3a35fd749095ed8efa90cc07efc2fc8b5e580179c93e6eef9cfb0476fb38390376485f", 0x1000}, 0x1010) syz_mount_image$jfs(&(0x7f0000000080)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x401, 0x1, &(0x7f0000000280)=[{&(0x7f0000000200), 0x0, 0x44e}], 0x1800000, 0x0) 13:35:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7b") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:35:33 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000000)) 13:35:33 executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r1, &(0x7f0000000640)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r2 = dup3(r1, r0, 0x0) connect$rds(r2, 0x0, 0x0) 13:35:33 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x1, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000200)={0x11, 0x2, 0xfa00, {&(0x7f0000000080)}}, 0xfffffd0d) [ 1485.351196] Bluetooth: Unknown HCI packet type 5e [ 1485.365568] FAULT_INJECTION: forcing a failure. [ 1485.365568] name failslab, interval 1, probability 0, space 0, times 0 [ 1485.405135] CPU: 1 PID: 23696 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1485.412727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1485.422106] Call Trace: [ 1485.422145] dump_stack+0x138/0x19c [ 1485.422165] should_fail.cold+0x10f/0x159 [ 1485.422182] should_failslab+0xdb/0x130 [ 1485.422196] kmem_cache_alloc_trace+0x2e9/0x790 [ 1485.422215] ? devm_device_remove_groups+0x50/0x50 [ 1485.422229] kobject_uevent_env+0x378/0xc23 [ 1485.422242] ? wait_for_completion+0x420/0x420 [ 1485.422260] kobject_uevent+0x20/0x26 [ 1485.422271] device_add+0xa3e/0x1490 [ 1485.422286] ? device_private_init+0x190/0x190 [ 1485.422303] rfkill_register+0x19c/0xb20 [ 1485.422322] hci_register_dev+0x34b/0x810 [ 1485.422336] ? __raw_spin_lock_init+0x2d/0x100 [ 1485.422355] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1485.422371] tty_ioctl+0x8f7/0x1320 [ 1485.422382] ? hci_uart_tty_poll+0x10/0x10 [ 1485.422394] ? tty_vhangup+0x30/0x30 [ 1485.422412] ? __might_sleep+0x93/0xb0 [ 1485.422422] ? __fget+0x210/0x370 13:35:33 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) ioprio_get$uid(0x3, 0x0) [ 1485.422441] ? tty_vhangup+0x30/0x30 [ 1485.469661] device nr0 entered promiscuous mode [ 1485.472054] do_vfs_ioctl+0x7ae/0x1060 [ 1485.472071] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1485.472081] ? lock_downgrade+0x6e0/0x6e0 [ 1485.472092] ? ioctl_preallocate+0x1c0/0x1c0 [ 1485.472104] ? __fget+0x237/0x370 [ 1485.472126] ? security_file_ioctl+0x89/0xb0 [ 1485.472136] SyS_ioctl+0x8f/0xc0 [ 1485.472143] ? do_vfs_ioctl+0x1060/0x1060 [ 1485.472155] do_syscall_64+0x1e8/0x640 [ 1485.472162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1485.472176] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1485.472185] RIP: 0033:0x4592c9 [ 1485.472190] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1485.472200] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1485.472206] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1485.472211] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1485.472217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1485.472222] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1485.478765] Bluetooth: Unknown HCI packet type 5e [ 1485.615831] Bluetooth: Unknown HCI packet type 43 [ 1485.620922] Bluetooth: Unknown HCI packet type 5e [ 1485.625784] Bluetooth: Unknown HCI packet type 50 [ 1485.625790] Bluetooth: Unknown HCI packet type 5e [ 1485.637435] Bluetooth: Unknown HCI packet type 40 [ 1485.647099] audit: type=1326 audit(1561037734.049:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45c10a code=0x7ffc0000 [ 1485.682032] audit: type=1326 audit(1561037734.049:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4592c9 code=0x7ffc0000 13:35:34 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x17, 0x0, 0x40002, 0x2, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, 0x0}, 0x20) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000240)=r0, 0x365) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r0, 0x0, &(0x7f0000000000)=""/1}, 0x18) 13:35:34 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1485.710974] audit: type=1326 audit(1561037734.049:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4592c9 code=0x7ffc0000 [ 1485.737593] audit: type=1326 audit(1561037734.049:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45c10a code=0x7ffc0000 [ 1485.763504] audit: type=1326 audit(1561037734.059:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=157 compat=0 ip=0x4592c9 code=0x7ffc0000 [ 1485.790373] audit: type=1326 audit(1561037734.079:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45c10a code=0x7ffc0000 [ 1485.816588] audit: type=1326 audit(1561037734.079:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23710 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x4592c9 code=0x7ffc0000 13:35:34 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000740)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2012, r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") [ 1487.430361] Bluetooth: hci0 command 0x1003 tx timeout [ 1487.435786] Bluetooth: hci0 sending frame failed (-49) [ 1487.510192] Bluetooth: hci1 command 0x1003 tx timeout [ 1487.515595] Bluetooth: hci1 sending frame failed (-49) [ 1489.510440] Bluetooth: hci0 command 0x1001 tx timeout [ 1489.515806] Bluetooth: hci0 sending frame failed (-49) [ 1489.590192] Bluetooth: hci1 command 0x1001 tx timeout [ 1489.595642] Bluetooth: hci1 sending frame failed (-49) [ 1491.590458] Bluetooth: hci0 command 0x1009 tx timeout [ 1491.670243] Bluetooth: hci1 command 0x1009 tx timeout 13:35:43 executing program 5 (fault-call:4 fault-nth:74): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:35:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r3, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:35:43 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f00000002c0)={0x6, 0x118, 0xfa00, {{0x0, 0x0, "9f76a45407a618120a99e8a1ae31ef627ebf8bb3c769e3890369f642899b66127ae8658387f92f86137cd1df1847ce0d6a3482f08bbadc5e2275315fee10215d3f925c2bb89e9fb2b8b6e53b74a4a1bd67bb133e39de3ea3f2d77140ed171c9ed36df52d3eb70ad6896d70a0752c612aea50dcb50786176f72726b522f7edeb95b17077f309d95d631b10f1588c731f14fd35d9039cfe2684ad85ec829a114f6fc8f4a7b28d4aadfe89b85f78df5abef1c599a6a9c361beeefe045d5e965a6ffe645ab48dbb4019b43c851cc9106fe12b5a49a0ef3fe5e1a0a86bb03d479744ae8ccffd9a290a1964985b5b17999c846c4d305d01587e2fd8acfe24a08118aff", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0x120) 13:35:43 executing program 1: r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) dup2(r0, r1) 13:35:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be0") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:35:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps_rollup\x00') ioctl$TCSETXF(r1, 0x5434, &(0x7f0000000080)={0x9, 0x3, [0x9, 0x8, 0xa1, 0x7fff, 0x9], 0x6}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:35:44 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x7e, 0x1, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xc, 0x4, 0x4, 0x234, 0x0, r0, 0x0, [0x305f, 0x2e, 0x35f, 0x0, 0x6000000]}, 0x2c) 13:35:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000880)=""/79, 0x4f}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}, {&(0x7f0000000a80)=""/251, 0xfb}], 0x9, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1495.633857] FAULT_INJECTION: forcing a failure. [ 1495.633857] name failslab, interval 1, probability 0, space 0, times 0 [ 1495.654757] CPU: 1 PID: 23741 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1495.661924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1495.661930] Call Trace: [ 1495.661954] dump_stack+0x138/0x19c [ 1495.661970] ? vprintk_func+0x65/0x159 [ 1495.661989] should_fail.cold+0x10f/0x159 [ 1495.662007] should_failslab+0xdb/0x130 [ 1495.662024] kmem_cache_alloc_trace+0x2e9/0x790 [ 1495.662044] ? devm_device_remove_groups+0x50/0x50 [ 1495.674030] kobject_uevent_env+0x378/0xc23 [ 1495.674043] ? wait_for_completion+0x420/0x420 [ 1495.674070] kobject_uevent+0x20/0x26 [ 1495.681604] device_add+0xa3e/0x1490 [ 1495.681621] ? device_private_init+0x190/0x190 [ 1495.681640] rfkill_register+0x19c/0xb20 [ 1495.681654] hci_register_dev+0x34b/0x810 [ 1495.689998] ? __raw_spin_lock_init+0x2d/0x100 [ 1495.690016] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1495.690029] tty_ioctl+0x8f7/0x1320 [ 1495.690038] ? hci_uart_tty_poll+0x10/0x10 [ 1495.690047] ? tty_vhangup+0x30/0x30 [ 1495.690065] ? __might_sleep+0x93/0xb0 [ 1495.690074] ? __fget+0x210/0x370 [ 1495.690088] ? tty_vhangup+0x30/0x30 [ 1495.690098] do_vfs_ioctl+0x7ae/0x1060 [ 1495.690109] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1495.690119] ? lock_downgrade+0x6e0/0x6e0 [ 1495.690129] ? ioctl_preallocate+0x1c0/0x1c0 [ 1495.690141] ? __fget+0x237/0x370 13:35:44 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00'}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140), 0x1c) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00\x00\x00\x00\r\xc2\x00\t\x00\x00\x00\x80\x00', 0x8401}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000180)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68) [ 1495.699781] ? security_file_ioctl+0x89/0xb0 [ 1495.699796] SyS_ioctl+0x8f/0xc0 [ 1495.699806] ? do_vfs_ioctl+0x1060/0x1060 [ 1495.699820] do_syscall_64+0x1e8/0x640 [ 1495.699829] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1495.699845] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1495.699853] RIP: 0033:0x4592c9 [ 1495.699858] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1495.699869] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1495.699874] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1495.699879] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1495.699883] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1495.699889] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1495.702514] Bluetooth: Unknown HCI packet type 5e [ 1495.719021] Bluetooth: Unknown HCI packet type 43 [ 1495.727923] Bluetooth: Unknown HCI packet type 5e [ 1495.745578] Bluetooth: Unknown HCI packet type 50 [ 1495.752037] Bluetooth: Unknown HCI packet type 5e [ 1495.771693] Bluetooth: Unknown HCI packet type 40 [ 1495.893081] Bluetooth: Unknown HCI packet type 5e [ 1495.898150] Bluetooth: Unknown HCI packet type 43 [ 1495.906470] Bluetooth: Unknown HCI packet type 5e [ 1495.914409] Bluetooth: Unknown HCI packet type 50 [ 1495.924926] Bluetooth: Unknown HCI packet type 5e 13:35:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000880)=""/79, 0x4f}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}, {&(0x7f0000000a80)=""/251, 0xfb}], 0x9, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1495.934498] Bluetooth: Unknown HCI packet type 40 13:35:44 executing program 1: perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'syz_tun\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='.']}) 13:35:44 executing program 2: clone(0x3102841ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000040)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xd) ptrace$pokeuser(0x6, r0, 0x0, 0x7f) ptrace$cont(0x9, r0, 0x0, 0x0) [ 1497.750199] Bluetooth: hci0 command 0x1003 tx timeout [ 1497.755650] Bluetooth: hci0 sending frame failed (-49) [ 1497.910155] Bluetooth: hci1 command 0x1003 tx timeout [ 1497.915573] Bluetooth: hci1 sending frame failed (-49) [ 1499.830223] Bluetooth: hci0 command 0x1001 tx timeout [ 1499.835616] Bluetooth: hci0 sending frame failed (-49) [ 1499.990186] Bluetooth: hci1 command 0x1001 tx timeout [ 1499.995701] Bluetooth: hci1 sending frame failed (-49) [ 1501.910187] Bluetooth: hci0 command 0x1009 tx timeout [ 1502.070208] Bluetooth: hci1 command 0x1009 tx timeout 13:35:54 executing program 5 (fault-call:4 fault-nth:75): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:35:54 executing program 1: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000040)={0xf97cff8c, 0x8, 'SE Linux', "1200000000c46f0006000000070000003c000000000000000000000000006c00"}, 0x30) 13:35:54 executing program 3: ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x10, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) io_setup(0x400, 0x0) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x0, 0x120) syz_open_procfs(0xffffffffffffffff, 0x0) io_submit(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5, 0x400000028, 0x7fff, 0x3f}, 0xe) 13:35:54 executing program 2: io_submit(0x0, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5, 0x400000028, 0x7fff, 0x3f}, 0xe) 13:35:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be0") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1505.794290] SELinux: failed to load policy [ 1505.826444] FAULT_INJECTION: forcing a failure. [ 1505.826444] name failslab, interval 1, probability 0, space 0, times 0 [ 1505.844029] CPU: 1 PID: 23783 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1505.851189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1505.860567] Call Trace: [ 1505.863177] dump_stack+0x138/0x19c [ 1505.866823] should_fail.cold+0x10f/0x159 [ 1505.870998] should_failslab+0xdb/0x130 [ 1505.874981] kmem_cache_alloc_node_trace+0x280/0x770 [ 1505.880088] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1505.885596] __kmalloc_node_track_caller+0x3d/0x80 [ 1505.890550] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1505.890565] __alloc_skb+0xcf/0x500 [ 1505.890574] ? skb_scrub_packet+0x4b0/0x4b0 [ 1505.890588] ? netlink_has_listeners+0x20a/0x330 [ 1505.890601] kobject_uevent_env+0x781/0xc23 [ 1505.890618] kobject_uevent+0x20/0x26 [ 1505.890630] device_add+0xa3e/0x1490 [ 1505.919789] ? device_private_init+0x190/0x190 [ 1505.924373] rfkill_register+0x19c/0xb20 [ 1505.928444] hci_register_dev+0x34b/0x810 [ 1505.932596] ? __raw_spin_lock_init+0x2d/0x100 [ 1505.937183] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1505.941509] tty_ioctl+0x8f7/0x1320 [ 1505.945142] ? hci_uart_tty_poll+0x10/0x10 [ 1505.949372] ? tty_vhangup+0x30/0x30 [ 1505.953093] ? __might_sleep+0x93/0xb0 [ 1505.956969] ? __fget+0x210/0x370 [ 1505.960441] ? tty_vhangup+0x30/0x30 [ 1505.964168] do_vfs_ioctl+0x7ae/0x1060 [ 1505.968144] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1505.973059] ? lock_downgrade+0x6e0/0x6e0 [ 1505.977246] ? ioctl_preallocate+0x1c0/0x1c0 [ 1505.981680] ? __fget+0x237/0x370 [ 1505.985145] ? security_file_ioctl+0x89/0xb0 [ 1505.989552] SyS_ioctl+0x8f/0xc0 [ 1505.992909] ? do_vfs_ioctl+0x1060/0x1060 [ 1505.997047] do_syscall_64+0x1e8/0x640 [ 1506.000924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1506.005760] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1506.010940] RIP: 0033:0x4592c9 [ 1506.014116] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1506.021824] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1506.029088] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1506.036359] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1506.043622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1506.050884] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:35:54 executing program 3: ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x10, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) io_setup(0x400, 0x0) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x0, 0x120) syz_open_procfs(0xffffffffffffffff, 0x0) io_submit(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x5, 0x400000028, 0x7fff, 0x3f}, 0xe) 13:35:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") unshare(0x20400) r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x0) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@random={'security.', '\\//#(ppp1\x00'}, 0x0, 0x0) r2 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x200000) write$tun(r2, 0x0, 0x0) 13:35:54 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) preadv(r1, &(0x7f00000013c0)=[{&(0x7f0000000140)=""/168, 0xa8}, {&(0x7f0000000200)=""/196, 0xc4}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000000)=""/26, 0x1a}, {&(0x7f0000000080)=""/64, 0x40}, {&(0x7f0000001300)=""/141, 0x8d}], 0x6, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x7fff) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:35:54 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) shmget$private(0x0, 0x4000, 0xfffffffffffffffd, &(0x7f0000ffc000/0x4000)=nil) 13:35:54 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_thread_area(&(0x7f0000000580)={0x0, 0x20001800, 0x4000, 0x0, 0xffff, 0x1, 0x0, 0x2, 0x843, 0x3}) socket(0xa, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') ioctl$TIOCGETD(r3, 0x5424, &(0x7f0000000680)) set_thread_area(&(0x7f0000000580)={0x7a, 0x20001800, 0x2000, 0x200, 0x2, 0xffffffffffffffff, 0xfd, 0x2, 0x843, 0x3}) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00') write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000480)={0x2a, 0x4, 0x0, {0x1, 0xbe, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) mount(&(0x7f0000000640)=ANY=[@ANYBLOB="539b9105ab1072c24e2b98df1388f1adc95900b6cd000000000000000000000000000e"], 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000880)=ANY=[@ANYBLOB="2f65b1b965df30af19f1a7f95e28f3bec6b9fbc22096b73138bc1f1e93a282a6df79876ec75219d5b3c9979ab7e077caa0d79c67e8f5da641a47aa05c140c11df19edfbf6d07c9c863a859d82cef458a8cf6ee9fd8c30802d19cbef605baf117351ba16da27b2ac398e78c108338d8ead0e5ecc9c86cdc851ebc3f550d2791a683dbbda222cca1b0570950a7dcc2c10d5d0407d428aba8ea455a2601c8a13243cf38494e9d2861fd49794392961bfb7ef3a596b03cb85cb14490d007768d7f5523cb10e8ff1a82499406ce46caed2e6c9afdde8ad437fb6c7081cdebd01fb47e4b2ea2d498dc148e2e7433e9f9f56fb8807e9e0db90b96343ad0ef7296e4ffca0e3f4b737e10d2b885d60daf06263760f2a258c0c9b5b45486b264bfcf65d69940755e317e2afb280180a3864889dc64861ad677eb5f1cbaa854e0784336cc7608a75e1a446e3ec304d6c6dd8b29417ee30f939ce580ca7451c4f854cdf636984728c7404b2e4bf25eaa7a893ad667e479cac83f1e5fcfb1bbd9d9de7313d36a15d4731c18b53224585e8b3095a8266ca967c39644ef8515e1922d32"], 0x0, 0x0, 0x100000, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="4adb9f8030910ae2cd17824d60a006dce63667b8e140a1eee0e8b5af4ecbd5ab5c8e727726866d2abc10451a1113b96eda4567f0e4302bea1745e0907366b071c60788c8a8b5ac7e10df5950094be0c3e6d25ec09fdc6bebe7d72f05f653d5e7d02a63c790324548976d9699d446ab4fe399dc5d073577656a119696296831f224aaa7b40bed56072479d37b178fe177d8bb5e08d974c579dc33db71ac849ca1a777f1c7eb2a017492058403facd61f51c1d4fb4a319e8cb9ce207e41e53c9345622628746839462411bcc1718", @ANYRESDEC=r1], 0x0, 0x0, 0x80010, 0x0) mount(&(0x7f0000000a40)=ANY=[@ANYBLOB="29256c496b52d1e20f0326c02134ac6d1bf673467f2cb755f8475ac9cb5e2f325107a6504ef54f10db99de358a6230595c9e463fe13a2d7f4ec1dfadbc4d6d6e97008b2129d50400000000000000482163efb694a17114a462f23c4cb80df5c09cfc2466ca2a694d18402b1a4d02c3c21d8c444d8ce172704895dd4c52163cb6f2ef342d468b9ab295d11e4b74e0a2f8e16c4257aeaf9f0b9cc2f0f67decdfae94baa35543e51da48ee57495b3ea61f5d7f03274"], 0x0, 0x0, 0x80000, 0x0) r4 = dup2(r2, r2) ioctl$TCSBRKP(r4, 0x5425, 0x6) write$FUSE_OPEN(r4, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x1}}, 0x20) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x847, &(0x7f0000000780)) preadv(r2, &(0x7f0000000340)=[{&(0x7f0000004200)=""/4096, 0x1000}], 0x1, 0x2) ioctl$int_out(r0, 0x5460, &(0x7f0000000840)) link(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00') utimes(&(0x7f0000000440)='./file0\x00', &(0x7f0000000180)={{0x0, 0x7530}}) close(r2) 13:35:54 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0xffffffffffffffc0, 0x0, 0x0, 0x0, 0xdc}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 13:35:54 executing program 1: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x20020, 0x0) getpgrp(0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, 0x0) [ 1506.577340] tmpfs: No value for mount option 'V"b‡Fƒ”bAÌ18446744073709551615' [ 1506.614555] tmpfs: No value for mount option 'V"b‡Fƒ”bAÌ18446744073709551615' [ 1508.070260] Bluetooth: hci0 command 0x1003 tx timeout [ 1508.076742] Bluetooth: hci0 sending frame failed (-49) [ 1510.150198] Bluetooth: hci0 command 0x1001 tx timeout [ 1510.155548] Bluetooth: hci0 sending frame failed (-49) [ 1512.230154] Bluetooth: hci0 command 0x1009 tx timeout 13:36:05 executing program 5 (fault-call:4 fault-nth:76): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:36:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) r3 = creat(&(0x7f0000000080)='./file0\x00', 0xc2) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000140)=r3) 13:36:05 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000fe5fee)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x40084503, &(0x7f0000000080)) 13:36:05 executing program 1: syz_emit_ethernet(0x66, &(0x7f0000000080)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x14, 0x2], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3803, 0x3, 0x0, 0x0, 0x4]}, @mcast2}}}}}}}, 0x0) 13:36:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be0") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:05 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_thread_area(&(0x7f0000000580)={0x0, 0x20001800, 0x4000, 0x0, 0xffff, 0x1, 0x0, 0x2, 0x843, 0x3}) socket(0xa, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') ioctl$TIOCGETD(r3, 0x5424, &(0x7f0000000680)) set_thread_area(&(0x7f0000000580)={0x7a, 0x20001800, 0x2000, 0x200, 0x2, 0xffffffffffffffff, 0xfd, 0x2, 0x843, 0x3}) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00') write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000480)={0x2a, 0x4, 0x0, {0x1, 0xbe, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) mount(&(0x7f0000000640)=ANY=[@ANYBLOB="539b9105ab1072c24e2b98df1388f1adc95900b6cd000000000000000000000000000e"], 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000880)=ANY=[@ANYBLOB="2f65b1b965df30af19f1a7f95e28f3bec6b9fbc22096b73138bc1f1e93a282a6df79876ec75219d5b3c9979ab7e077caa0d79c67e8f5da641a47aa05c140c11df19edfbf6d07c9c863a859d82cef458a8cf6ee9fd8c30802d19cbef605baf117351ba16da27b2ac398e78c108338d8ead0e5ecc9c86cdc851ebc3f550d2791a683dbbda222cca1b0570950a7dcc2c10d5d0407d428aba8ea455a2601c8a13243cf38494e9d2861fd49794392961bfb7ef3a596b03cb85cb14490d007768d7f5523cb10e8ff1a82499406ce46caed2e6c9afdde8ad437fb6c7081cdebd01fb47e4b2ea2d498dc148e2e7433e9f9f56fb8807e9e0db90b96343ad0ef7296e4ffca0e3f4b737e10d2b885d60daf06263760f2a258c0c9b5b45486b264bfcf65d69940755e317e2afb280180a3864889dc64861ad677eb5f1cbaa854e0784336cc7608a75e1a446e3ec304d6c6dd8b29417ee30f939ce580ca7451c4f854cdf636984728c7404b2e4bf25eaa7a893ad667e479cac83f1e5fcfb1bbd9d9de7313d36a15d4731c18b53224585e8b3095a8266ca967c39644ef8515e1922d32"], 0x0, 0x0, 0x100000, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="4adb9f8030910ae2cd17824d60a006dce63667b8e140a1eee0e8b5af4ecbd5ab5c8e727726866d2abc10451a1113b96eda4567f0e4302bea1745e0907366b071c60788c8a8b5ac7e10df5950094be0c3e6d25ec09fdc6bebe7d72f05f653d5e7d02a63c790324548976d9699d446ab4fe399dc5d073577656a119696296831f224aaa7b40bed56072479d37b178fe177d8bb5e08d974c579dc33db71ac849ca1a777f1c7eb2a017492058403facd61f51c1d4fb4a319e8cb9ce207e41e53c9345622628746839462411bcc1718", @ANYRESDEC=r1], 0x0, 0x0, 0x80010, 0x0) mount(&(0x7f0000000a40)=ANY=[@ANYBLOB="29256c496b52d1e20f0326c02134ac6d1bf673467f2cb755f8475ac9cb5e2f325107a6504ef54f10db99de358a6230595c9e463fe13a2d7f4ec1dfadbc4d6d6e97008b2129d50400000000000000482163efb694a17114a462f23c4cb80df5c09cfc2466ca2a694d18402b1a4d02c3c21d8c444d8ce172704895dd4c52163cb6f2ef342d468b9ab295d11e4b74e0a2f8e16c4257aeaf9f0b9cc2f0f67decdfae94baa35543e51da48ee57495b3ea61f5d7f03274"], 0x0, 0x0, 0x80000, 0x0) r4 = dup2(r2, r2) ioctl$TCSBRKP(r4, 0x5425, 0x6) write$FUSE_OPEN(r4, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x1}}, 0x20) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x847, &(0x7f0000000780)) preadv(r2, &(0x7f0000000340)=[{&(0x7f0000004200)=""/4096, 0x1000}], 0x1, 0x2) ioctl$int_out(r0, 0x5460, &(0x7f0000000840)) link(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00') utimes(&(0x7f0000000440)='./file0\x00', &(0x7f0000000180)={{0x0, 0x7530}}) close(r2) 13:36:05 executing program 1: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x5386, 0x0) 13:36:05 executing program 3: openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uhid\x00', 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_DESTROY(r0, &(0x7f00000001c0), 0x8) 13:36:05 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_thread_area(&(0x7f0000000580)={0x0, 0x20001800, 0x4000, 0x0, 0xffff, 0x1, 0x0, 0x2, 0x843, 0x3}) socket(0xa, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') ioctl$TIOCGETD(r3, 0x5424, &(0x7f0000000680)) set_thread_area(&(0x7f0000000580)={0x7a, 0x20001800, 0x2000, 0x200, 0x2, 0xffffffffffffffff, 0xfd, 0x2, 0x843, 0x3}) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00') write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000480)={0x2a, 0x4, 0x0, {0x1, 0xbe, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) mount(&(0x7f0000000640)=ANY=[@ANYBLOB="539b9105ab1072c24e2b98df1388f1adc95900b6cd000000000000000000000000000e"], 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000880)=ANY=[@ANYBLOB="2f65b1b965df30af19f1a7f95e28f3bec6b9fbc22096b73138bc1f1e93a282a6df79876ec75219d5b3c9979ab7e077caa0d79c67e8f5da641a47aa05c140c11df19edfbf6d07c9c863a859d82cef458a8cf6ee9fd8c30802d19cbef605baf117351ba16da27b2ac398e78c108338d8ead0e5ecc9c86cdc851ebc3f550d2791a683dbbda222cca1b0570950a7dcc2c10d5d0407d428aba8ea455a2601c8a13243cf38494e9d2861fd49794392961bfb7ef3a596b03cb85cb14490d007768d7f5523cb10e8ff1a82499406ce46caed2e6c9afdde8ad437fb6c7081cdebd01fb47e4b2ea2d498dc148e2e7433e9f9f56fb8807e9e0db90b96343ad0ef7296e4ffca0e3f4b737e10d2b885d60daf06263760f2a258c0c9b5b45486b264bfcf65d69940755e317e2afb280180a3864889dc64861ad677eb5f1cbaa854e0784336cc7608a75e1a446e3ec304d6c6dd8b29417ee30f939ce580ca7451c4f854cdf636984728c7404b2e4bf25eaa7a893ad667e479cac83f1e5fcfb1bbd9d9de7313d36a15d4731c18b53224585e8b3095a8266ca967c39644ef8515e1922d32"], 0x0, 0x0, 0x100000, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="4adb9f8030910ae2cd17824d60a006dce63667b8e140a1eee0e8b5af4ecbd5ab5c8e727726866d2abc10451a1113b96eda4567f0e4302bea1745e0907366b071c60788c8a8b5ac7e10df5950094be0c3e6d25ec09fdc6bebe7d72f05f653d5e7d02a63c790324548976d9699d446ab4fe399dc5d073577656a119696296831f224aaa7b40bed56072479d37b178fe177d8bb5e08d974c579dc33db71ac849ca1a777f1c7eb2a017492058403facd61f51c1d4fb4a319e8cb9ce207e41e53c9345622628746839462411bcc1718", @ANYRESDEC=r1], 0x0, 0x0, 0x80010, 0x0) mount(&(0x7f0000000a40)=ANY=[@ANYBLOB="29256c496b52d1e20f0326c02134ac6d1bf673467f2cb755f8475ac9cb5e2f325107a6504ef54f10db99de358a6230595c9e463fe13a2d7f4ec1dfadbc4d6d6e97008b2129d50400000000000000482163efb694a17114a462f23c4cb80df5c09cfc2466ca2a694d18402b1a4d02c3c21d8c444d8ce172704895dd4c52163cb6f2ef342d468b9ab295d11e4b74e0a2f8e16c4257aeaf9f0b9cc2f0f67decdfae94baa35543e51da48ee57495b3ea61f5d7f03274"], 0x0, 0x0, 0x80000, 0x0) r4 = dup2(r2, r2) ioctl$TCSBRKP(r4, 0x5425, 0x6) write$FUSE_OPEN(r4, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x1}}, 0x20) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x847, &(0x7f0000000780)) preadv(r2, &(0x7f0000000340)=[{&(0x7f0000004200)=""/4096, 0x1000}], 0x1, 0x2) ioctl$int_out(r0, 0x5460, &(0x7f0000000840)) link(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00') utimes(&(0x7f0000000440)='./file0\x00', &(0x7f0000000180)={{0x0, 0x7530}}) close(r2) [ 1516.673128] Bluetooth: Unknown HCI packet type 5e [ 1516.684439] tmpfs: No value for mount option 'V"b‡Fƒ”bAÌ18446744073709551615' 13:36:05 executing program 1: r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c46000000000000000000aab40003003e000039a594349c1fd83d000000ef2a4ead47ec24910000000000000000000000000020380003"], 0x39) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) [ 1516.719278] FAULT_INJECTION: forcing a failure. [ 1516.719278] name failslab, interval 1, probability 0, space 0, times 0 [ 1516.732434] CPU: 1 PID: 23826 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1516.739534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1516.748920] Call Trace: [ 1516.751509] dump_stack+0x138/0x19c [ 1516.755138] should_fail.cold+0x10f/0x159 [ 1516.759289] should_failslab+0xdb/0x130 [ 1516.763259] kmem_cache_alloc_node_trace+0x280/0x770 [ 1516.763269] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1516.763277] __kmalloc_node_track_caller+0x3d/0x80 [ 1516.763286] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1516.763294] __alloc_skb+0xcf/0x500 [ 1516.763300] ? skb_scrub_packet+0x4b0/0x4b0 [ 1516.763308] ? netlink_has_listeners+0x20a/0x330 [ 1516.763316] kobject_uevent_env+0x781/0xc23 [ 1516.763325] kobject_uevent+0x20/0x26 [ 1516.763332] device_add+0xa3e/0x1490 [ 1516.763339] ? device_private_init+0x190/0x190 [ 1516.763349] rfkill_register+0x19c/0xb20 [ 1516.763358] hci_register_dev+0x34b/0x810 [ 1516.763363] ? __raw_spin_lock_init+0x2d/0x100 [ 1516.763377] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1516.773949] tty_ioctl+0x8f7/0x1320 [ 1516.773957] ? hci_uart_tty_poll+0x10/0x10 [ 1516.773963] ? tty_vhangup+0x30/0x30 [ 1516.773975] ? __might_sleep+0x93/0xb0 [ 1516.773981] ? __fget+0x210/0x370 [ 1516.773990] ? tty_vhangup+0x30/0x30 [ 1516.773996] do_vfs_ioctl+0x7ae/0x1060 [ 1516.774004] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1516.774010] ? lock_downgrade+0x6e0/0x6e0 [ 1516.774016] ? ioctl_preallocate+0x1c0/0x1c0 [ 1516.774022] ? __fget+0x237/0x370 [ 1516.774042] ? security_file_ioctl+0x89/0xb0 [ 1516.783764] SyS_ioctl+0x8f/0xc0 [ 1516.783771] ? do_vfs_ioctl+0x1060/0x1060 [ 1516.783780] do_syscall_64+0x1e8/0x640 [ 1516.783785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1516.783796] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1516.901153] RIP: 0033:0x4592c9 [ 1516.904339] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1516.912133] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1516.919448] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1516.926717] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1516.934180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1516.941539] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1516.962237] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 13:36:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000a80)={&(0x7f00000005c0)={0x2, 0x4e23}, 0x10, 0x0}, 0x0) [ 1516.974742] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1516.983101] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1516.992559] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1516.999092] tmpfs: No value for mount option 'V"b‡Fƒ”bAÌ18446744073709551615' [ 1517.000277] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1517.015029] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1517.022809] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1517.031111] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1517.038233] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1517.045401] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1517.052445] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 13:36:05 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_thread_area(&(0x7f0000000580)={0x0, 0x20001800, 0x4000, 0x0, 0xffff, 0x1, 0x0, 0x2, 0x843, 0x3}) socket(0xa, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') ioctl$TIOCGETD(r3, 0x5424, &(0x7f0000000680)) set_thread_area(&(0x7f0000000580)={0x7a, 0x20001800, 0x2000, 0x200, 0x2, 0xffffffffffffffff, 0xfd, 0x2, 0x843, 0x3}) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00') write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000480)={0x2a, 0x4, 0x0, {0x1, 0xbe, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) mount(&(0x7f0000000640)=ANY=[@ANYBLOB="539b9105ab1072c24e2b98df1388f1adc95900b6cd000000000000000000000000000e"], 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000880)=ANY=[@ANYBLOB="2f65b1b965df30af19f1a7f95e28f3bec6b9fbc22096b73138bc1f1e93a282a6df79876ec75219d5b3c9979ab7e077caa0d79c67e8f5da641a47aa05c140c11df19edfbf6d07c9c863a859d82cef458a8cf6ee9fd8c30802d19cbef605baf117351ba16da27b2ac398e78c108338d8ead0e5ecc9c86cdc851ebc3f550d2791a683dbbda222cca1b0570950a7dcc2c10d5d0407d428aba8ea455a2601c8a13243cf38494e9d2861fd49794392961bfb7ef3a596b03cb85cb14490d007768d7f5523cb10e8ff1a82499406ce46caed2e6c9afdde8ad437fb6c7081cdebd01fb47e4b2ea2d498dc148e2e7433e9f9f56fb8807e9e0db90b96343ad0ef7296e4ffca0e3f4b737e10d2b885d60daf06263760f2a258c0c9b5b45486b264bfcf65d69940755e317e2afb280180a3864889dc64861ad677eb5f1cbaa854e0784336cc7608a75e1a446e3ec304d6c6dd8b29417ee30f939ce580ca7451c4f854cdf636984728c7404b2e4bf25eaa7a893ad667e479cac83f1e5fcfb1bbd9d9de7313d36a15d4731c18b53224585e8b3095a8266ca967c39644ef8515e1922d32"], 0x0, 0x0, 0x100000, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="4adb9f8030910ae2cd17824d60a006dce63667b8e140a1eee0e8b5af4ecbd5ab5c8e727726866d2abc10451a1113b96eda4567f0e4302bea1745e0907366b071c60788c8a8b5ac7e10df5950094be0c3e6d25ec09fdc6bebe7d72f05f653d5e7d02a63c790324548976d9699d446ab4fe399dc5d073577656a119696296831f224aaa7b40bed56072479d37b178fe177d8bb5e08d974c579dc33db71ac849ca1a777f1c7eb2a017492058403facd61f51c1d4fb4a319e8cb9ce207e41e53c9345622628746839462411bcc1718", @ANYRESDEC=r1], 0x0, 0x0, 0x80010, 0x0) mount(&(0x7f0000000a40)=ANY=[@ANYBLOB="29256c496b52d1e20f0326c02134ac6d1bf673467f2cb755f8475ac9cb5e2f325107a6504ef54f10db99de358a6230595c9e463fe13a2d7f4ec1dfadbc4d6d6e97008b2129d50400000000000000482163efb694a17114a462f23c4cb80df5c09cfc2466ca2a694d18402b1a4d02c3c21d8c444d8ce172704895dd4c52163cb6f2ef342d468b9ab295d11e4b74e0a2f8e16c4257aeaf9f0b9cc2f0f67decdfae94baa35543e51da48ee57495b3ea61f5d7f03274"], 0x0, 0x0, 0x80000, 0x0) r4 = dup2(r2, r2) ioctl$TCSBRKP(r4, 0x5425, 0x6) write$FUSE_OPEN(r4, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x1}}, 0x20) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x847, &(0x7f0000000780)) preadv(r2, &(0x7f0000000340)=[{&(0x7f0000004200)=""/4096, 0x1000}], 0x1, 0x2) ioctl$int_out(r0, 0x5460, &(0x7f0000000840)) link(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00') utimes(&(0x7f0000000440)='./file0\x00', &(0x7f0000000180)={{0x0, 0x7530}}) close(r2) [ 1517.066948] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1517.116130] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.126558] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.134277] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.144391] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.151168] tmpfs: No value for mount option 'V"b‡Fƒ”bAÌ18446744073709551615' [ 1517.151719] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.170557] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.177677] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.187736] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.194684] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.204292] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.211205] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 1517.219222] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1518.710248] Bluetooth: hci0 command 0x1003 tx timeout [ 1518.715566] Bluetooth: hci0 sending frame failed (-49) [ 1519.030208] Bluetooth: hci1 command 0x1003 tx timeout [ 1519.035573] Bluetooth: hci1 sending frame failed (-49) [ 1520.790190] Bluetooth: hci0 command 0x1001 tx timeout [ 1520.795533] Bluetooth: hci0 sending frame failed (-49) [ 1521.110188] Bluetooth: hci1 command 0x1001 tx timeout [ 1521.115515] Bluetooth: hci1 sending frame failed (-49) [ 1522.870150] Bluetooth: hci0 command 0x1009 tx timeout [ 1523.190245] Bluetooth: hci1 command 0x1009 tx timeout 13:36:15 executing program 5 (fault-call:4 fault-nth:77): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:36:15 executing program 1: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x0, 0x0) flock(r0, 0xc) 13:36:15 executing program 2: 13:36:15 executing program 3: 13:36:15 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x40000, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000140)=0x4) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)={0xb, 'syz0\x00', 'syz0\x00', 'syz1\x00', 0xef, 0x200, 0x2, 0x9, 0x5, 0x7fff, "3e7708e5c36b0115ca09170bc8900516a912d9d9e8e0c9c9d396deefdf4dcefda92e34e57a977c548ead065074a2c40fa43ece15ce1b73aa1affb5e253003e8dae372aad5551880604acf893a6bdfeb965758f3f63a2d9b76c80677762d9dc8266d5f003855eaa5c361dc7ce343d48693ce863fadd5dd9d2517b33383b912d9ca0d12a4c57835e4bcd4e48e0379bdce430530525e9755dbee67195c623048ac716698e9ec3f2c43c15490a3bd7fcd8db69ff27b584eede3d8e8902fcedc1fd9ed9ac8aa063204bd4da54ebc329b6689aec0574659431e8de4629a9418e9add50051573da4f464bb03d1658b92ada26"}, 0x207) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0xf) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/btrfs-control\x00', 0x202, 0x0) 13:36:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:15 executing program 2: 13:36:16 executing program 3: [ 1527.569089] Bluetooth: Unknown HCI packet type 0f [ 1527.569101] Bluetooth: Unknown HCI packet type 5e [ 1527.606145] FAULT_INJECTION: forcing a failure. [ 1527.606145] name failslab, interval 1, probability 0, space 0, times 0 13:36:16 executing program 1: 13:36:16 executing program 2: [ 1527.619122] CPU: 1 PID: 23860 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1527.626252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1527.635615] Call Trace: [ 1527.638226] dump_stack+0x138/0x19c [ 1527.641873] should_fail.cold+0x10f/0x159 [ 1527.646296] should_failslab+0xdb/0x130 [ 1527.650278] kmem_cache_alloc_node_trace+0x280/0x770 [ 1527.650294] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1527.650311] __kmalloc_node_track_caller+0x3d/0x80 13:36:16 executing program 1: 13:36:16 executing program 2: [ 1527.650328] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1527.650341] __alloc_skb+0xcf/0x500 [ 1527.650352] ? skb_scrub_packet+0x4b0/0x4b0 [ 1527.650367] ? netlink_has_listeners+0x20a/0x330 [ 1527.650381] kobject_uevent_env+0x781/0xc23 [ 1527.687774] kobject_uevent+0x20/0x26 [ 1527.691592] device_add+0xa3e/0x1490 [ 1527.695320] ? device_private_init+0x190/0x190 [ 1527.699923] rfkill_register+0x19c/0xb20 [ 1527.704003] hci_register_dev+0x34b/0x810 [ 1527.708246] ? __raw_spin_lock_init+0x2d/0x100 [ 1527.712837] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1527.717180] tty_ioctl+0x8f7/0x1320 [ 1527.720818] ? hci_uart_tty_poll+0x10/0x10 [ 1527.725587] ? tty_vhangup+0x30/0x30 [ 1527.729318] ? __might_sleep+0x93/0xb0 [ 1527.733208] ? __fget+0x210/0x370 [ 1527.736672] ? tty_vhangup+0x30/0x30 [ 1527.740394] do_vfs_ioctl+0x7ae/0x1060 [ 1527.744376] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1527.749122] ? lock_downgrade+0x6e0/0x6e0 [ 1527.753273] ? ioctl_preallocate+0x1c0/0x1c0 [ 1527.757784] ? __fget+0x237/0x370 [ 1527.761239] ? security_file_ioctl+0x89/0xb0 [ 1527.765657] SyS_ioctl+0x8f/0xc0 [ 1527.769029] ? do_vfs_ioctl+0x1060/0x1060 [ 1527.773185] do_syscall_64+0x1e8/0x640 [ 1527.777235] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1527.782092] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1527.787286] RIP: 0033:0x4592c9 [ 1527.790538] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1527.798244] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1527.805685] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1527.813036] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1527.820294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1527.827545] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1527.838278] Bluetooth: Unknown HCI packet type 5e [ 1527.853405] Bluetooth: Unknown HCI packet type 43 [ 1527.859399] Bluetooth: Unknown HCI packet type 5e [ 1527.866069] Bluetooth: Unknown HCI packet type 50 [ 1527.873830] Bluetooth: Unknown HCI packet type 5e [ 1527.879360] Bluetooth: Unknown HCI packet type 40 [ 1529.590141] Bluetooth: hci0 command 0x1003 tx timeout [ 1529.595548] Bluetooth: hci0 sending frame failed (-49) [ 1529.910145] Bluetooth: hci1 command 0x1003 tx timeout [ 1529.915513] Bluetooth: hci1 sending frame failed (-49) [ 1531.670192] Bluetooth: hci0 command 0x1001 tx timeout [ 1531.675615] Bluetooth: hci0 sending frame failed (-49) [ 1531.990142] Bluetooth: hci1 command 0x1001 tx timeout [ 1531.995632] Bluetooth: hci1 sending frame failed (-49) [ 1533.750197] Bluetooth: hci0 command 0x1009 tx timeout [ 1534.070207] Bluetooth: hci1 command 0x1009 tx timeout 13:36:26 executing program 5 (fault-call:4 fault-nth:78): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:36:26 executing program 3: 13:36:26 executing program 2: 13:36:26 executing program 1: 13:36:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20000, 0x0) ioctl$SG_GET_COMMAND_Q(r2, 0x2270, &(0x7f0000000080)) 13:36:26 executing program 1: 13:36:26 executing program 2: 13:36:26 executing program 3: [ 1538.429390] Bluetooth: Unknown HCI packet type 5e 13:36:26 executing program 1: 13:36:26 executing program 2: [ 1538.456416] FAULT_INJECTION: forcing a failure. [ 1538.456416] name failslab, interval 1, probability 0, space 0, times 0 [ 1538.484675] CPU: 1 PID: 23880 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1538.491927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1538.501260] Call Trace: 13:36:26 executing program 3: [ 1538.503851] dump_stack+0x138/0x19c [ 1538.507461] should_fail.cold+0x10f/0x159 [ 1538.511766] should_failslab+0xdb/0x130 [ 1538.515758] kmem_cache_alloc_node_trace+0x280/0x770 [ 1538.520852] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1538.526283] __kmalloc_node_track_caller+0x3d/0x80 [ 1538.526294] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1538.526301] __alloc_skb+0xcf/0x500 [ 1538.526313] ? skb_scrub_packet+0x4b0/0x4b0 [ 1538.536205] ? netlink_has_listeners+0x20a/0x330 [ 1538.536215] kobject_uevent_env+0x781/0xc23 [ 1538.536225] kobject_uevent+0x20/0x26 [ 1538.536233] device_add+0xa3e/0x1490 [ 1538.536241] ? device_private_init+0x190/0x190 [ 1538.536251] rfkill_register+0x19c/0xb20 [ 1538.536259] hci_register_dev+0x34b/0x810 [ 1538.536268] ? __raw_spin_lock_init+0x2d/0x100 [ 1538.536277] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1538.536287] tty_ioctl+0x8f7/0x1320 [ 1538.536291] ? hci_uart_tty_poll+0x10/0x10 [ 1538.536297] ? tty_vhangup+0x30/0x30 [ 1538.536308] ? __might_sleep+0x93/0xb0 [ 1538.536314] ? __fget+0x210/0x370 [ 1538.536323] ? tty_vhangup+0x30/0x30 [ 1538.536329] do_vfs_ioctl+0x7ae/0x1060 [ 1538.536344] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1538.614050] ? lock_downgrade+0x6e0/0x6e0 [ 1538.618196] ? ioctl_preallocate+0x1c0/0x1c0 [ 1538.622601] ? __fget+0x237/0x370 [ 1538.626041] ? security_file_ioctl+0x89/0xb0 [ 1538.630439] SyS_ioctl+0x8f/0xc0 [ 1538.633836] ? do_vfs_ioctl+0x1060/0x1060 [ 1538.637981] do_syscall_64+0x1e8/0x640 [ 1538.641860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1538.646703] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1538.652006] RIP: 0033:0x4592c9 [ 1538.655178] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1538.662874] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1538.670131] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1538.677474] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1538.684734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1538.691991] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1538.702724] Bluetooth: Unknown HCI packet type 5e [ 1538.707562] Bluetooth: Unknown HCI packet type 43 [ 1538.714544] Bluetooth: Unknown HCI packet type 5e [ 1538.719464] Bluetooth: Unknown HCI packet type 50 [ 1538.726341] Bluetooth: Unknown HCI packet type 5e [ 1538.731391] Bluetooth: Unknown HCI packet type 40 [ 1540.470190] Bluetooth: hci0 command 0x1003 tx timeout [ 1540.475511] Bluetooth: hci0 sending frame failed (-49) [ 1540.710084] Bluetooth: hci1 command 0x1003 tx timeout [ 1540.715484] Bluetooth: hci1 sending frame failed (-49) [ 1542.550275] Bluetooth: hci0 command 0x1001 tx timeout [ 1542.555659] Bluetooth: hci0 sending frame failed (-49) [ 1542.790290] Bluetooth: hci1 command 0x1001 tx timeout [ 1542.795624] Bluetooth: hci1 sending frame failed (-49) [ 1544.630275] Bluetooth: hci0 command 0x1009 tx timeout [ 1544.870198] Bluetooth: hci1 command 0x1009 tx timeout 13:36:37 executing program 5 (fault-call:4 fault-nth:79): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:36:37 executing program 2: 13:36:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/access\x00', 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x4) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:36:37 executing program 1: 13:36:37 executing program 3: 13:36:37 executing program 2: 13:36:37 executing program 1: 13:36:37 executing program 3: 13:36:37 executing program 2: 13:36:37 executing program 1: syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x24580) [ 1549.324315] FAULT_INJECTION: forcing a failure. [ 1549.324315] name failslab, interval 1, probability 0, space 0, times 0 [ 1549.358068] CPU: 1 PID: 23902 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1549.365202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 13:36:37 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x7, 0x0) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000000)={0xfffffffffffffffa, 0x0, "577cfe12c73a975a7aaa2d562d36455bc2c3c710e24502bc0d1e1a45eee992ba"}) [ 1549.374583] Call Trace: [ 1549.377174] dump_stack+0x138/0x19c [ 1549.380837] should_fail.cold+0x10f/0x159 [ 1549.384987] should_failslab+0xdb/0x130 [ 1549.388958] kmem_cache_alloc_node+0x287/0x780 [ 1549.393532] __alloc_skb+0x9c/0x500 [ 1549.397253] ? skb_scrub_packet+0x4b0/0x4b0 [ 1549.401609] ? netlink_has_listeners+0x20a/0x330 [ 1549.406361] kobject_uevent_env+0x781/0xc23 [ 1549.410852] kobject_uevent+0x20/0x26 [ 1549.414647] device_add+0xa3e/0x1490 [ 1549.418367] ? device_private_init+0x190/0x190 [ 1549.422934] rfkill_register+0x19c/0xb20 [ 1549.426987] hci_register_dev+0x34b/0x810 [ 1549.431123] ? __raw_spin_lock_init+0x2d/0x100 [ 1549.435705] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1549.440138] tty_ioctl+0x8f7/0x1320 [ 1549.443759] ? hci_uart_tty_poll+0x10/0x10 [ 1549.448023] ? tty_vhangup+0x30/0x30 [ 1549.451740] ? __might_sleep+0x93/0xb0 [ 1549.455616] ? __fget+0x210/0x370 [ 1549.459063] ? tty_vhangup+0x30/0x30 [ 1549.462768] do_vfs_ioctl+0x7ae/0x1060 [ 1549.466643] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1549.471427] ? lock_downgrade+0x6e0/0x6e0 [ 1549.475579] ? ioctl_preallocate+0x1c0/0x1c0 [ 1549.480029] ? __fget+0x237/0x370 [ 1549.483475] ? security_file_ioctl+0x89/0xb0 [ 1549.487874] SyS_ioctl+0x8f/0xc0 [ 1549.491226] ? do_vfs_ioctl+0x1060/0x1060 [ 1549.495358] do_syscall_64+0x1e8/0x640 [ 1549.499323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1549.504262] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1549.509486] RIP: 0033:0x4592c9 [ 1549.512698] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1549.520398] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1549.527716] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1549.534976] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1549.542237] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1549.549499] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1549.562813] Bluetooth: Unknown HCI packet type 5e [ 1549.567703] Bluetooth: Unknown HCI packet type 43 [ 1549.573208] Bluetooth: Unknown HCI packet type 5e [ 1549.578152] Bluetooth: Unknown HCI packet type 50 [ 1549.583231] Bluetooth: Unknown HCI packet type 5e [ 1549.588239] Bluetooth: Unknown HCI packet type 40 [ 1551.590150] Bluetooth: hci0 command 0x1003 tx timeout [ 1551.595493] Bluetooth: hci0 sending frame failed (-49) [ 1553.670131] Bluetooth: hci0 command 0x1001 tx timeout [ 1553.675467] Bluetooth: hci0 sending frame failed (-49) [ 1555.750169] Bluetooth: hci0 command 0x1009 tx timeout 13:36:48 executing program 5 (fault-call:4 fault-nth:80): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:36:48 executing program 2: r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x0) read(r0, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x301000, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000080), 0x4) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x2, 0x0) syz_open_dev$vivid(&(0x7f0000000140)='/dev/video#\x00', 0x0, 0x2) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(r0, r2) 13:36:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) sendmsg$unix(r1, &(0x7f0000003980)={&(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000003940)=[@rights={{0x18, 0x1, 0x1, [r1]}}], 0x18}, 0x0) 13:36:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x0, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:48 executing program 3: r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c46000000000000000000aab40603002afa"], 0x14) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 13:36:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x100001000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ppoll(&(0x7f0000000100)=[{r2, 0x5}, {r2, 0x4}], 0x200001b0, 0x0, 0x0, 0x2aa) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) r4 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xf5a, 0x40440) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000440)={0x0, 0xffff}, &(0x7f0000000480)=0x8) getrusage(0x1, &(0x7f0000000540)) getsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f00000004c0)={r6, 0x5, 0x4, 0x4, 0x5, 0x8000}, &(0x7f0000000500)=0x14) fstat(r1, &(0x7f00000002c0)) getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)) r7 = getegid() openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000400)='/selinux/policy\x00', 0x0, 0x0) getgroups(0x3, &(0x7f0000000200)=[0x0, r5, r7]) ioctl$TUNSETGROUP(r4, 0x400454ce, r8) ioctl$VIDIOC_QUERY_DV_TIMINGS(r4, 0x80845663, &(0x7f0000000140)={0x0, @reserved}) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) ioctl$VIDIOC_G_INPUT(r4, 0x80045626, &(0x7f0000000080)) 13:36:48 executing program 2: r0 = socket(0x1, 0x5, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) setreuid(r1, r1) clone(0x41ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f00000000c0)) tkill(r2, 0x0) 13:36:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x0, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) sendmsg$unix(r1, &(0x7f0000003980)={&(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000003940)=[@rights={{0x18, 0x1, 0x1, [r1]}}], 0x18}, 0x0) 13:36:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x0, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1560.236878] FAULT_INJECTION: forcing a failure. [ 1560.236878] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.249413] CPU: 0 PID: 23934 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1560.256761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1560.267054] Call Trace: [ 1560.269834] dump_stack+0x138/0x19c [ 1560.273504] should_fail.cold+0x10f/0x159 [ 1560.277848] should_failslab+0xdb/0x130 [ 1560.281845] kmem_cache_alloc_node+0x287/0x780 [ 1560.286656] __alloc_skb+0x9c/0x500 [ 1560.290287] ? skb_scrub_packet+0x4b0/0x4b0 [ 1560.294610] ? netlink_has_listeners+0x20a/0x330 [ 1560.299368] kobject_uevent_env+0x781/0xc23 [ 1560.303694] kobject_uevent+0x20/0x26 [ 1560.307670] device_add+0xa3e/0x1490 [ 1560.311390] ? device_private_init+0x190/0x190 [ 1560.315974] rfkill_register+0x19c/0xb20 [ 1560.320054] hci_register_dev+0x34b/0x810 [ 1560.324205] ? __raw_spin_lock_init+0x2d/0x100 [ 1560.328813] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1560.333154] tty_ioctl+0x8f7/0x1320 [ 1560.336863] ? hci_uart_tty_poll+0x10/0x10 [ 1560.341098] ? tty_vhangup+0x30/0x30 [ 1560.344823] ? __might_sleep+0x93/0xb0 [ 1560.348704] ? __fget+0x210/0x370 [ 1560.352166] ? tty_vhangup+0x30/0x30 [ 1560.355875] do_vfs_ioctl+0x7ae/0x1060 [ 1560.359759] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1560.364539] ? lock_downgrade+0x6e0/0x6e0 [ 1560.368694] ? ioctl_preallocate+0x1c0/0x1c0 [ 1560.373101] ? __fget+0x237/0x370 [ 1560.376557] ? security_file_ioctl+0x89/0xb0 [ 1560.381160] SyS_ioctl+0x8f/0xc0 [ 1560.384694] ? do_vfs_ioctl+0x1060/0x1060 [ 1560.388841] do_syscall_64+0x1e8/0x640 [ 1560.392724] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1560.397580] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1560.402772] RIP: 0033:0x4592c9 [ 1560.405955] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1560.413925] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1560.421276] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1560.428552] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:36:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x496b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x80011, r1, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) [ 1560.435848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1560.443120] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:36:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f0000000140)=[0x1f, 0x5]) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r3, 0x0, 0x10, &(0x7f0000000080)='/selinux/policy\x00'}, 0x30) syz_open_procfs(r4, &(0x7f00000001c0)='net/bnep\x00') syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f0000000700)="8000000038fc000019000300e60100006c000000010000000200000001000000004000000040000080000000000000006d5e2b5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1560.578003] Bluetooth: Unknown HCI packet type 5e [ 1560.583571] Bluetooth: Unknown HCI packet type 43 [ 1560.588468] Bluetooth: Unknown HCI packet type 5e [ 1560.598515] Bluetooth: Unknown HCI packet type 50 [ 1560.603719] Bluetooth: Unknown HCI packet type 5e [ 1562.550110] Bluetooth: hci0 command 0x1003 tx timeout [ 1562.555441] Bluetooth: hci0 sending frame failed (-49) [ 1562.630241] Bluetooth: hci1 command 0x1003 tx timeout [ 1562.635564] Bluetooth: hci1 sending frame failed (-49) [ 1564.630186] Bluetooth: hci0 command 0x1001 tx timeout [ 1564.635540] Bluetooth: hci0 sending frame failed (-49) [ 1564.710254] Bluetooth: hci1 command 0x1001 tx timeout [ 1564.715744] Bluetooth: hci1 sending frame failed (-49) [ 1566.710167] Bluetooth: hci0 command 0x1009 tx timeout [ 1566.790227] Bluetooth: hci1 command 0x1009 tx timeout 13:36:59 executing program 5 (fault-call:4 fault-nth:81): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:36:59 executing program 1: r0 = open(0x0, 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, r0, 0x0) r1 = open(&(0x7f0000000500)='./bus\x00', 0x141042, 0x0) write$FUSE_WRITE(r1, &(0x7f0000000240)={0x18}, 0x18) fcntl$setstatus(r0, 0x4, 0x6100) 13:36:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:59 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa5c52af, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}}, 0xffffffffffffffff, 0x0, r0, 0x0) 13:36:59 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") setsockopt$inet6_group_source_req(r0, 0x29, 0x1000000002e, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x3a000000}, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 13:36:59 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x101, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000200)={'bridge_slave_1\x00', 0x200}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x8000, 0x0) ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000140)={{0x88, @broadcast, 0x4e22, 0x3, 'fo\x00', 0x20, 0x9, 0x10}, {@multicast1, 0x4e21, 0x4, 0x0, 0x8, 0x80}}, 0x44) ioctl$KDADDIO(r3, 0x400455c8, 0x4) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000100)=0x3) 13:36:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$sock_timeval(r0, 0xffff, 0x400001006, &(0x7f0000000000)={0x0, 0x10004}, 0x10) recvmsg(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/15, 0xf}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfffffffc, 0x0, 0x0, 0x800e0075e) shutdown(r1, 0x0) shutdown(0xffffffffffffffff, 0x0) 13:36:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40, 0x0) read$FUSE(r1, &(0x7f00000000c0), 0x1000) 13:36:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:36:59 executing program 3: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000080)=0x4, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) [ 1571.141181] IPVS: set_ctl: invalid protocol: 136 255.255.255.255:20002 [ 1571.163620] FAULT_INJECTION: forcing a failure. [ 1571.163620] name failslab, interval 1, probability 0, space 0, times 0 13:36:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1571.191346] CPU: 0 PID: 23969 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1571.198507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1571.208307] Call Trace: [ 1571.210913] dump_stack+0x138/0x19c [ 1571.214549] should_fail.cold+0x10f/0x159 [ 1571.218814] should_failslab+0xdb/0x130 [ 1571.222807] kmem_cache_alloc_node_trace+0x280/0x770 [ 1571.227936] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1571.234126] __kmalloc_node_track_caller+0x3d/0x80 [ 1571.239203] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1571.243926] __alloc_skb+0xcf/0x500 [ 1571.247572] ? skb_scrub_packet+0x4b0/0x4b0 [ 1571.251921] ? netlink_has_listeners+0x20a/0x330 [ 1571.256707] kobject_uevent_env+0x781/0xc23 [ 1571.261060] kobject_uevent+0x20/0x26 [ 1571.264887] device_add+0xa3e/0x1490 [ 1571.268622] ? device_private_init+0x190/0x190 [ 1571.273227] rfkill_register+0x19c/0xb20 [ 1571.277309] hci_register_dev+0x34b/0x810 [ 1571.281469] ? __raw_spin_lock_init+0x2d/0x100 [ 1571.286077] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1571.290413] tty_ioctl+0x8f7/0x1320 [ 1571.294051] ? hci_uart_tty_poll+0x10/0x10 [ 1571.298309] ? tty_vhangup+0x30/0x30 [ 1571.302085] ? __might_sleep+0x93/0xb0 [ 1571.305984] ? __fget+0x210/0x370 [ 1571.309453] ? tty_vhangup+0x30/0x30 [ 1571.314773] do_vfs_ioctl+0x7ae/0x1060 [ 1571.318673] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1571.323447] ? lock_downgrade+0x6e0/0x6e0 [ 1571.327616] ? ioctl_preallocate+0x1c0/0x1c0 [ 1571.332046] ? __fget+0x237/0x370 [ 1571.335527] ? security_file_ioctl+0x89/0xb0 [ 1571.340059] SyS_ioctl+0x8f/0xc0 [ 1571.343443] ? do_vfs_ioctl+0x1060/0x1060 [ 1571.347611] do_syscall_64+0x1e8/0x640 [ 1571.351611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1571.356480] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1571.361792] RIP: 0033:0x4592c9 [ 1571.365005] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1571.372734] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1571.380208] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1571.387502] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1571.394880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1571.402175] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1571.426467] Bluetooth: Unknown HCI packet type 5e [ 1571.431987] Bluetooth: Unknown HCI packet type 43 13:36:59 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1571.443020] Bluetooth: Unknown HCI packet type 5e [ 1571.453258] Bluetooth: Unknown HCI packet type 50 [ 1571.458518] Bluetooth: Unknown HCI packet type 5e [ 1571.464493] Bluetooth: Unknown HCI packet type 40 [ 1571.509710] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=23991 comm=syz-executor.1 [ 1573.430129] Bluetooth: hci0 command 0x1003 tx timeout [ 1573.430167] Bluetooth: hci1 command 0x1003 tx timeout [ 1573.435661] Bluetooth: hci0 sending frame failed (-49) [ 1573.445045] Bluetooth: hci1 sending frame failed (-49) [ 1575.510225] Bluetooth: hci1 command 0x1001 tx timeout [ 1575.510290] Bluetooth: hci0 command 0x1001 tx timeout [ 1575.515568] Bluetooth: hci1 sending frame failed (-49) [ 1575.525536] Bluetooth: hci0 sending frame failed (-49) [ 1577.590195] Bluetooth: hci0 command 0x1009 tx timeout [ 1577.590200] Bluetooth: hci1 command 0x1009 tx timeout 13:37:10 executing program 5 (fault-call:4 fault-nth:82): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:37:10 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_targets\x00') preadv(r1, &(0x7f0000000700), 0x31f, 0x10400003) 13:37:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:10 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:37:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="02006800000f000000000000000000008128b14700000000d59863d20000000002000f2020cc00000000ff0700740000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x60, 0x1a0}]) close(0xffffffffffffffff) pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xffffffffffffffff) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) open$dir(0x0, 0x0, 0x0) syz_read_part_table(0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) sendfile(r0, r2, 0x0, 0x0) 13:37:10 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x800000000000000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000100)=0x3) [ 1581.960564] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24003 comm=syz-executor.1 [ 1582.000228] FAULT_INJECTION: forcing a failure. 13:37:10 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) [ 1582.000228] name failslab, interval 1, probability 0, space 0, times 0 13:37:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1582.036519] CPU: 1 PID: 24005 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1582.043789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1582.053430] Call Trace: [ 1582.056339] dump_stack+0x138/0x19c [ 1582.060379] should_fail.cold+0x10f/0x159 [ 1582.064669] should_failslab+0xdb/0x130 [ 1582.068870] kmem_cache_alloc_node+0x287/0x780 [ 1582.073725] __alloc_skb+0x9c/0x500 [ 1582.077398] ? skb_scrub_packet+0x4b0/0x4b0 [ 1582.081896] ? netlink_has_listeners+0x20a/0x330 [ 1582.086756] kobject_uevent_env+0x781/0xc23 [ 1582.091214] kobject_uevent+0x20/0x26 [ 1582.095112] device_add+0xa3e/0x1490 [ 1582.098956] ? device_private_init+0x190/0x190 [ 1582.103674] rfkill_register+0x19c/0xb20 [ 1582.107756] hci_register_dev+0x34b/0x810 [ 1582.112291] ? __raw_spin_lock_init+0x2d/0x100 [ 1582.116978] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1582.121428] tty_ioctl+0x8f7/0x1320 [ 1582.125231] ? hci_uart_tty_poll+0x10/0x10 [ 1582.129652] ? tty_vhangup+0x30/0x30 [ 1582.133475] ? __might_sleep+0x93/0xb0 [ 1582.137370] ? __fget+0x210/0x370 [ 1582.141186] ? tty_vhangup+0x30/0x30 [ 1582.145173] do_vfs_ioctl+0x7ae/0x1060 [ 1582.149073] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1582.154615] ? lock_downgrade+0x6e0/0x6e0 [ 1582.159209] ? ioctl_preallocate+0x1c0/0x1c0 [ 1582.163906] ? __fget+0x237/0x370 [ 1582.167382] ? security_file_ioctl+0x89/0xb0 [ 1582.172318] SyS_ioctl+0x8f/0xc0 [ 1582.175701] ? do_vfs_ioctl+0x1060/0x1060 [ 1582.180349] do_syscall_64+0x1e8/0x640 [ 1582.184769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1582.189902] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1582.195307] RIP: 0033:0x4592c9 [ 1582.198781] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1582.207458] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1582.214829] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1582.222632] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 13:37:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:10 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1582.230086] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1582.237849] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:37:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1582.333630] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24019 comm=syz-executor.1 [ 1584.310368] Bluetooth: hci0 command 0x1003 tx timeout [ 1584.315646] Bluetooth: hci1 command 0x1003 tx timeout [ 1584.315741] Bluetooth: hci0 sending frame failed (-49) [ 1584.321291] Bluetooth: hci1 sending frame failed (-49) [ 1586.390231] Bluetooth: hci1 command 0x1001 tx timeout [ 1586.390239] Bluetooth: hci0 command 0x1001 tx timeout [ 1586.390675] Bluetooth: hci0 sending frame failed (-49) [ 1586.406458] Bluetooth: hci1 sending frame failed (-49) [ 1588.470175] Bluetooth: hci0 command 0x1009 tx timeout [ 1588.470256] Bluetooth: hci1 command 0x1009 tx timeout 13:37:21 executing program 5 (fault-call:4 fault-nth:83): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:37:21 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:37:21 executing program 2 (fault-call:2 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:21 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000100)='\x00', 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=0x0) write$cgroup_pid(r1, &(0x7f0000000080)=r2, 0x12) mincore(&(0x7f0000000000/0x400000)=nil, 0x400000, &(0x7f0000000140)=""/177) 13:37:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = accept4(r0, &(0x7f0000000200)=@alg, &(0x7f0000000080)=0x80, 0x800) getpeername$ax25(r2, &(0x7f0000000280)={{0x3, @netrom}, [@remote, @bcast, @rose, @remote, @null, @default, @null]}, &(0x7f0000000300)=0x48) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000140)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/64], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x88) flock(r1, 0x2) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:37:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1592.895741] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24039 comm=syz-executor.1 [ 1592.912566] Bluetooth: Unknown HCI packet type 5e [ 1592.939627] FAULT_INJECTION: forcing a failure. [ 1592.939627] name failslab, interval 1, probability 0, space 0, times 0 [ 1592.958401] CPU: 1 PID: 24042 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1592.965560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1592.974931] Call Trace: [ 1592.977555] dump_stack+0x138/0x19c [ 1592.981215] should_fail.cold+0x10f/0x159 [ 1592.985517] should_failslab+0xdb/0x130 [ 1592.989521] kmem_cache_alloc_node+0x287/0x780 [ 1592.994127] __alloc_skb+0x9c/0x500 [ 1592.997764] ? skb_scrub_packet+0x4b0/0x4b0 [ 1593.002105] ? netlink_has_listeners+0x20a/0x330 [ 1593.006881] kobject_uevent_env+0x781/0xc23 [ 1593.011229] kobject_uevent+0x20/0x26 [ 1593.015053] device_add+0xa3e/0x1490 [ 1593.018864] ? device_private_init+0x190/0x190 [ 1593.023464] rfkill_register+0x19c/0xb20 [ 1593.027534] hci_register_dev+0x34b/0x810 [ 1593.031687] ? __raw_spin_lock_init+0x2d/0x100 [ 1593.036289] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1593.040623] tty_ioctl+0x8f7/0x1320 [ 1593.044255] ? hci_uart_tty_poll+0x10/0x10 [ 1593.048511] ? tty_vhangup+0x30/0x30 [ 1593.052240] ? __might_sleep+0x93/0xb0 [ 1593.056136] ? __fget+0x210/0x370 [ 1593.059607] ? tty_vhangup+0x30/0x30 [ 1593.063332] do_vfs_ioctl+0x7ae/0x1060 [ 1593.067230] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1593.072031] ? lock_downgrade+0x6e0/0x6e0 [ 1593.076189] ? ioctl_preallocate+0x1c0/0x1c0 [ 1593.080786] ? __fget+0x237/0x370 [ 1593.084267] ? security_file_ioctl+0x89/0xb0 [ 1593.088704] SyS_ioctl+0x8f/0xc0 [ 1593.092082] ? do_vfs_ioctl+0x1060/0x1060 [ 1593.096240] do_syscall_64+0x1e8/0x640 [ 1593.100125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1593.104968] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1593.110151] RIP: 0033:0x4592c9 [ 1593.113384] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1593.121092] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1593.128354] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 13:37:21 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0xd6) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69f930", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/164, 0xa4}], 0x1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1e, 0x0, 0x0, 0x0, 0x2}}, 0x50) clock_adjtime(0x3, &(0x7f00000002c0)={0x8001, 0x1, 0x0, 0x8, 0x7, 0x15, 0x81, 0x100000000, 0x2, 0xaa, 0x6, 0x4, 0x7, 0x4, 0x3, 0xffffffff, 0x7ff, 0xfff8000000000000, 0xfffffffffffffff9, 0x50, 0x8, 0x400, 0x0, 0x5, 0x1000, 0xe10}) 13:37:21 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r0, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r1, 0x10, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x800b, 0x0, {0x8, 0x2, 0x3}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$sock_inet_SIOCDARP(r6, 0x8953, &(0x7f0000000540)={{0x2, 0x4e20, @broadcast}, {0x6, @dev={[], 0x29}}, 0x40, {0x2, 0x4e23, @rand_addr=0x2}, 'veth1_to_bond\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1593.135786] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1593.143057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1593.150596] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1593.161474] Bluetooth: Unknown HCI packet type 5e [ 1593.168673] Bluetooth: Unknown HCI packet type 43 [ 1593.175247] Bluetooth: Unknown HCI packet type 5e [ 1593.180926] Bluetooth: Unknown HCI packet type 50 13:37:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:21 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x1000000000e6) [ 1593.204910] Bluetooth: Unknown HCI packet type 5e 13:37:21 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={[], 0xd7, 0x9, 0x9, 0x3b6e, 0x4, r1}) ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f00000000c0)) r2 = open(&(0x7f0000000100)='./file0\x00', 0x10200, 0x26) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000400"/28]) [ 1593.232168] Bluetooth: Unknown HCI packet type 40 [ 1594.950125] Bluetooth: hci0 command 0x1003 tx timeout [ 1594.955465] Bluetooth: hci0 sending frame failed (-49) [ 1595.190112] Bluetooth: hci1 command 0x1003 tx timeout [ 1595.195615] Bluetooth: hci1 sending frame failed (-49) [ 1597.030209] Bluetooth: hci0 command 0x1001 tx timeout [ 1597.035731] Bluetooth: hci0 sending frame failed (-49) [ 1597.270211] Bluetooth: hci1 command 0x1001 tx timeout [ 1597.275568] Bluetooth: hci1 sending frame failed (-49) [ 1599.110157] Bluetooth: hci0 command 0x1009 tx timeout [ 1599.350261] Bluetooth: hci1 command 0x1009 tx timeout 13:37:32 executing program 5 (fault-call:4 fault-nth:84): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:37:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:32 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={0x0, 0x0, &(0x7f0000c8d000)={&(0x7f00000001c0)={0xadd1c1d93019b1ca, 0x0, 0x9, 0x40000800000001, 0x0, 0x0, {0x0, 0x0, 0x20000000}}, 0x14}}, 0x4000154) 13:37:32 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) write$smack_current(r3, &(0x7f0000000200)='/dev/net/tun\x00', 0xd) 13:37:32 executing program 0: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r1 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000140)=0x10, 0x80000) connect$l2tp(r0, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e20, @broadcast}, 0x1, 0x2, 0x3, 0x1}}, 0x26) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x4) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000100)=0x3) 13:37:32 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x1000000000e6) 13:37:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000100)='./bus\x00', 0x2) truncate(&(0x7f0000000000)='./bus\x00', 0x1000) r1 = open(&(0x7f0000000480)='./bus\x00', 0x0, 0x0) lseek(r0, 0x0, 0x2) r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000300)=ANY=[@ANYBLOB="7261770000000000000008000000000000000000000000000000000000000000510000002a59ef5443eefaf0756d3c75763f753acc83de290aa72839fb0ac0175e03b9374d11256a804b6f2da83e7317fab5f2f47826b22a12fe316e176c8200c588f68310ab106bb6762a043afd57717893d7c63b8b4ebc0b7de67c133a10609a4dbba8492826d3c124c01672f21762620186003f2f11474090b1e72889b1d4e4fdcdaa5e802232117da883574a3b02b71d236e54bcc90c89dec494f293d4d9d7c28b1600f894bd3225ecc38c698043baf3de76f6b0f69b3b1c3cbf7eb26efd666a81f90462eeee6fa440d4c528696d10333af937b6b906e9e11063cbf618a135d522f4cb33eb2df6a1b6ecebda5085709cd9df00564a70324ebc1a6a83be461606d9f15ccd93197f8286569f59bf1704822f885fae95c71bbecb31ba216a8fd426"], &(0x7f0000000080)=0x75) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f00000000c0)=0x7) sendfile(r0, r1, 0x0, 0x40d09) 13:37:32 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x1000000000e6) 13:37:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1603.753569] Bluetooth: hci0 sending frame failed (-49) [ 1603.781383] FAULT_INJECTION: forcing a failure. [ 1603.781383] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.826865] CPU: 1 PID: 24080 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1603.834121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1603.835074] audit: type=1804 audit(1561037852.229:217): pid=24086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir008101599/syzkaller.DIezak/759/bus" dev="sda1" ino=16754 res=1 [ 1603.843495] Call Trace: [ 1603.843524] dump_stack+0x138/0x19c [ 1603.843543] should_fail.cold+0x10f/0x159 [ 1603.843559] should_failslab+0xdb/0x130 [ 1603.843575] kmem_cache_alloc_node_trace+0x280/0x770 [ 1603.843592] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1603.843608] __kmalloc_node_track_caller+0x3d/0x80 [ 1603.843621] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1603.843634] __alloc_skb+0xcf/0x500 [ 1603.843645] ? skb_scrub_packet+0x4b0/0x4b0 [ 1603.843668] ? netlink_has_listeners+0x20a/0x330 [ 1603.917937] kobject_uevent_env+0x781/0xc23 [ 1603.922285] kobject_uevent+0x20/0x26 [ 1603.926100] device_add+0xa3e/0x1490 [ 1603.929825] ? device_private_init+0x190/0x190 [ 1603.934429] rfkill_register+0x19c/0xb20 [ 1603.938507] hci_register_dev+0x34b/0x810 [ 1603.942678] ? __raw_spin_lock_init+0x2d/0x100 [ 1603.947287] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1603.951630] tty_ioctl+0x8f7/0x1320 [ 1603.955276] ? hci_uart_tty_poll+0x10/0x10 [ 1603.959524] ? tty_vhangup+0x30/0x30 [ 1603.963263] ? __might_sleep+0x93/0xb0 [ 1603.967162] ? __fget+0x210/0x370 [ 1603.970645] ? tty_vhangup+0x30/0x30 [ 1603.974379] do_vfs_ioctl+0x7ae/0x1060 [ 1603.978278] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1603.983050] ? lock_downgrade+0x6e0/0x6e0 [ 1603.987254] ? ioctl_preallocate+0x1c0/0x1c0 [ 1603.991689] ? __fget+0x237/0x370 [ 1603.995160] ? security_file_ioctl+0x89/0xb0 [ 1603.999586] SyS_ioctl+0x8f/0xc0 [ 1604.002959] ? do_vfs_ioctl+0x1060/0x1060 [ 1604.007126] do_syscall_64+0x1e8/0x640 [ 1604.011024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1604.015876] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1604.021065] RIP: 0033:0x4592c9 13:37:32 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000000e6) [ 1604.024250] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1604.031960] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1604.039236] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1604.046633] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1604.053915] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1604.061191] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:37:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(0xffffffffffffffff, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:32 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1604.079375] Bluetooth: Unknown HCI packet type 5e [ 1604.090838] Bluetooth: Unknown HCI packet type 43 [ 1604.098774] Bluetooth: Unknown HCI packet type 5e [ 1604.117765] Bluetooth: Unknown HCI packet type 50 [ 1604.124565] Bluetooth: Unknown HCI packet type 5e [ 1604.133028] Bluetooth: Unknown HCI packet type 40 [ 1604.299443] audit: type=1804 audit(1561037852.699:218): pid=24091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir008101599/syzkaller.DIezak/759/bus" dev="sda1" ino=16754 res=1 [ 1605.830095] Bluetooth: hci0 command 0x1003 tx timeout [ 1605.837261] Bluetooth: hci0 sending frame failed (-49) [ 1606.150226] Bluetooth: hci1 command 0x1003 tx timeout [ 1606.155543] Bluetooth: hci1 sending frame failed (-49) [ 1607.910192] Bluetooth: hci0 command 0x1001 tx timeout [ 1607.915575] Bluetooth: hci0 sending frame failed (-49) [ 1608.230557] Bluetooth: hci1 command 0x1001 tx timeout [ 1608.235912] Bluetooth: hci1 sending frame failed (-49) [ 1609.990201] Bluetooth: hci0 command 0x1009 tx timeout [ 1610.310351] Bluetooth: hci1 command 0x1009 tx timeout 13:37:42 executing program 5 (fault-call:4 fault-nth:85): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:37:42 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000000e6) 13:37:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:42 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x29, 0x3, "a4fd"}], 0x18}, 0x0) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c00010a5d0000000a4d874e9dd05ac60000"], 0xc}}], 0xb, 0x0) 13:37:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = dup3(r0, r0, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000080)={0xfe, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400000, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:37:42 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) pipe(&(0x7f0000000200)) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1614.597844] FAULT_INJECTION: forcing a failure. [ 1614.597844] name failslab, interval 1, probability 0, space 0, times 0 [ 1614.618776] CPU: 1 PID: 24117 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1614.625945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1614.635318] Call Trace: [ 1614.637964] dump_stack+0x138/0x19c [ 1614.641617] should_fail.cold+0x10f/0x159 [ 1614.645784] should_failslab+0xdb/0x130 [ 1614.649769] kmem_cache_alloc_node_trace+0x280/0x770 [ 1614.654909] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1614.660381] __kmalloc_node_track_caller+0x3d/0x80 [ 1614.665336] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1614.670019] __alloc_skb+0xcf/0x500 [ 1614.673682] ? skb_scrub_packet+0x4b0/0x4b0 [ 1614.678021] ? netlink_has_listeners+0x20a/0x330 [ 1614.682800] kobject_uevent_env+0x781/0xc23 [ 1614.687142] kobject_uevent+0x20/0x26 [ 1614.690953] device_add+0xa3e/0x1490 [ 1614.694676] ? device_private_init+0x190/0x190 [ 1614.699274] rfkill_register+0x19c/0xb20 [ 1614.703346] hci_register_dev+0x34b/0x810 [ 1614.707499] ? __raw_spin_lock_init+0x2d/0x100 [ 1614.712122] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1614.716464] tty_ioctl+0x8f7/0x1320 [ 1614.720095] ? hci_uart_tty_poll+0x10/0x10 [ 1614.724343] ? tty_vhangup+0x30/0x30 [ 1614.728072] ? __might_sleep+0x93/0xb0 [ 1614.731969] ? __fget+0x210/0x370 [ 1614.735469] ? tty_vhangup+0x30/0x30 [ 1614.739189] do_vfs_ioctl+0x7ae/0x1060 [ 1614.743084] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1614.747849] ? lock_downgrade+0x6e0/0x6e0 [ 1614.752009] ? ioctl_preallocate+0x1c0/0x1c0 [ 1614.756460] ? __fget+0x237/0x370 [ 1614.759940] ? security_file_ioctl+0x89/0xb0 [ 1614.764371] SyS_ioctl+0x8f/0xc0 [ 1614.767745] ? do_vfs_ioctl+0x1060/0x1060 [ 1614.771902] do_syscall_64+0x1e8/0x640 [ 1614.775801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1614.780669] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1614.785890] RIP: 0033:0x4592c9 [ 1614.789081] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:37:43 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000000e6) [ 1614.796807] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1614.804092] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1614.811372] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1614.818652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1614.826053] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 13:37:43 executing program 3: r0 = gettid() exit(0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f00000000c0)=0x2) capget(&(0x7f0000000040)={0x20071024, r0}, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x1, 0x8, 0x200080000000000}) [ 1614.852386] Bluetooth: Unknown HCI packet type 5e [ 1614.858431] Bluetooth: Unknown HCI packet type 43 [ 1614.864444] Bluetooth: Unknown HCI packet type 5e [ 1614.873631] Bluetooth: Unknown HCI packet type 50 13:37:43 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x80000) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xc) ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f00000002c0)={0x3, @null, r4}) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x6) r5 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r6, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r8, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:43 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) inotify_init() r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1614.902578] Bluetooth: Unknown HCI packet type 5e [ 1614.913007] Bluetooth: Unknown HCI packet type 40 13:37:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0xffffffffffffff51) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000240)={0x6, 0x3, 0x101, 0x100, 0x2, 0xff, 0x0, 0x9, 0x1ff, 0x0, 0x3f, 0x10001, 0xffff, 0x81, &(0x7f0000000200)=""/49, 0x7, 0xec, 0x2dcb}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x800) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:43 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) inotify_init() r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1614.996973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24139 comm=syz-executor.1 [ 1615.067389] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24145 comm=syz-executor.1 [ 1616.870239] Bluetooth: hci0 command 0x1003 tx timeout [ 1616.875551] Bluetooth: hci1 command 0x1003 tx timeout [ 1616.875593] Bluetooth: hci0 sending frame failed (-49) [ 1616.881441] Bluetooth: hci1 sending frame failed (-49) [ 1618.950215] Bluetooth: hci0 command 0x1001 tx timeout [ 1618.950220] Bluetooth: hci1 command 0x1001 tx timeout [ 1618.950307] Bluetooth: hci1 sending frame failed (-49) [ 1618.955562] Bluetooth: hci0 sending frame failed (-49) [ 1621.030245] Bluetooth: hci1 command 0x1009 tx timeout [ 1621.030249] Bluetooth: hci0 command 0x1009 tx timeout 13:37:53 executing program 5 (fault-call:4 fault-nth:86): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:37:53 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) inotify_init() r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:37:53 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x400000000000000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) write$cgroup_subtree(r3, &(0x7f0000000200)={[{0x2f, 'memory'}, {0x2f, 'io'}, {0x2d, 'memory'}, {0x2d, 'rdma'}]}, 0x1a) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:37:53 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x80000) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xc) ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f00000002c0)={0x3, @null, r4}) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x6) r5 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r6, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r8, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:53 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x9ce, 0x4000) ioctl$BLKSECTGET(r2, 0x1267, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000001c0)=ANY=[@ANYBLOB="a80000e6ffffff00ffffffdf00000000000076d9"], &(0x7f0000000180)=0x6) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x14) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1625.499496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24158 comm=syz-executor.1 [ 1625.548394] Bluetooth: Unknown HCI packet type 5e [ 1625.558751] FAULT_INJECTION: forcing a failure. [ 1625.558751] name failslab, interval 1, probability 0, space 0, times 0 13:37:54 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() socket$inet_udplite(0x2, 0x2, 0x88) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1625.589457] CPU: 0 PID: 24164 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1625.596619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1625.605991] Call Trace: [ 1625.608575] dump_stack+0x138/0x19c [ 1625.612209] should_fail.cold+0x10f/0x159 [ 1625.616349] should_failslab+0xdb/0x130 [ 1625.620314] kmem_cache_alloc_node_trace+0x280/0x770 [ 1625.625418] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1625.630981] __kmalloc_node_track_caller+0x3d/0x80 [ 1625.635945] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1625.640617] __alloc_skb+0xcf/0x500 [ 1625.644250] ? skb_scrub_packet+0x4b0/0x4b0 [ 1625.648569] ? netlink_has_listeners+0x20a/0x330 [ 1625.653323] kobject_uevent_env+0x781/0xc23 [ 1625.657682] kobject_uevent+0x20/0x26 [ 1625.661504] device_add+0xa3e/0x1490 [ 1625.665210] ? device_private_init+0x190/0x190 [ 1625.669792] rfkill_register+0x19c/0xb20 [ 1625.673846] hci_register_dev+0x34b/0x810 [ 1625.677988] ? __raw_spin_lock_init+0x2d/0x100 [ 1625.682592] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1625.686918] tty_ioctl+0x8f7/0x1320 [ 1625.690540] ? hci_uart_tty_poll+0x10/0x10 [ 1625.694795] ? tty_vhangup+0x30/0x30 [ 1625.698559] ? __might_sleep+0x93/0xb0 [ 1625.702444] ? __fget+0x210/0x370 [ 1625.705890] ? tty_vhangup+0x30/0x30 [ 1625.709595] do_vfs_ioctl+0x7ae/0x1060 [ 1625.713477] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1625.718221] ? lock_downgrade+0x6e0/0x6e0 [ 1625.722358] ? ioctl_preallocate+0x1c0/0x1c0 [ 1625.726755] ? __fget+0x237/0x370 [ 1625.730201] ? security_file_ioctl+0x89/0xb0 [ 1625.734618] SyS_ioctl+0x8f/0xc0 [ 1625.737987] ? do_vfs_ioctl+0x1060/0x1060 [ 1625.742125] do_syscall_64+0x1e8/0x640 [ 1625.745995] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1625.750845] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1625.756020] RIP: 0033:0x4592c9 [ 1625.759191] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1625.767191] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1625.774457] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1625.781718] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1625.789015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1625.796294] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1625.805527] Bluetooth: Unknown HCI packet type 5e [ 1625.810773] Bluetooth: Unknown HCI packet type 43 [ 1625.815863] Bluetooth: Unknown HCI packet type 5e [ 1625.820930] Bluetooth: Unknown HCI packet type 50 [ 1625.826341] Bluetooth: Unknown HCI packet type 5e [ 1625.832309] Bluetooth: Unknown HCI packet type 40 13:37:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cg\x98oup.\x9a5\xd2\x12syz1\x10V\xd2W\xf0\xb2C\xcf\x84\x8c\xce\vHo\xb1\x1c\x1f\x13+\x9aS\xad\xa2@/A1\x98d-\xe3j.^N\x11\x96\x04\x0e^U\v\xcfp\bO0\xaa.c\x0el\xd3\x81\xe6\xf6(-\xea\xde\x92\xd7\xa8ps\xa42\xe9\xcaZFr\xe8\a\xec\xfed\xa3\xd8\x03J-TQD%\x02\x80\xf1R[\xb3\x8fB\x12W\xcd8P\v\xef(\xc67\xfd\xbecf\x94\x94_+fw>\x14\x8b\x06A-Cq;\xbdr\xf9]\x80\x1f]\x87\t\xb5qZ\xd0\xc3Y!\xc8\xf6b\x16r\x10\x10`\xfdo\x14\xe5\x15\xc1\x17\xb3\x06\xa7(V\xc3oo\xe1i\xc3\xd1\xb1z\x87\xf0\xd4\x9e\xe7\x9b|\x98\xabU\xa7\x11+^\xa5h\x83\xab\x03\xd0\x99\x03\xd6\x06c\x97\xda\xab\x00\x1c\x9ed\xc9\xcau\xdc\xe8\xb9lX- I\x98*\xf7R\x9a\xf9\xd5\xe9', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x80000, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:37:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000200)='./file0\x00', 0x1041, 0x0) execve(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r3, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x1100) close(r3) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000040)=0x1) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x154, r4, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x101}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xd2a}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x32}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'dh\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1e5e}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7fffffff}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'dummy0\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@rand_addr=0xfffffffffffffffa}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) read$FUSE(r2, &(0x7f00000015c0), 0x1000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'veth1Tto_bond\x00', 0x3802}) close(r1) open$dir(&(0x7f0000000000)='./file0\x00', 0x281, 0x0) 13:37:54 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() socket$inet_udplite(0x2, 0x2, 0x88) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1625.917748] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24176 comm=syz-executor.1 13:37:54 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() socket$inet_udplite(0x2, 0x2, 0x88) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1626.025696] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24187 comm=syz-executor.1 13:37:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') chmod(&(0x7f0000000200)='./file0\x00', 0x8) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x4, 0x1f, 0xce6, 0x40, 0x2}, &(0x7f0000000280)=0x98) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f00000002c0)={r5, 0x3}, 0x8) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) write$P9_RXATTRCREATE(r4, &(0x7f0000000240)={0x7, 0x21, 0x2}, 0x7) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) getsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000340), &(0x7f00000005c0)=0x4) [ 1626.108052] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24195 comm=syz-executor.1 [ 1627.590135] Bluetooth: hci0 command 0x1003 tx timeout [ 1627.595526] Bluetooth: hci0 sending frame failed (-49) [ 1627.830128] Bluetooth: hci1 command 0x1003 tx timeout [ 1627.835508] Bluetooth: hci1 sending frame failed (-49) [ 1629.670136] Bluetooth: hci0 command 0x1001 tx timeout [ 1629.675576] Bluetooth: hci0 sending frame failed (-49) [ 1629.910140] Bluetooth: hci1 command 0x1001 tx timeout [ 1629.915452] Bluetooth: hci1 sending frame failed (-49) [ 1631.750254] Bluetooth: hci0 command 0x1009 tx timeout [ 1631.990267] Bluetooth: hci1 command 0x1009 tx timeout 13:38:04 executing program 5 (fault-call:4 fault-nth:87): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:38:04 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:04 executing program 3: r0 = socket$unix(0x1, 0x800000000005, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1000002, 0x10801) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000040)=""/4) shutdown(r0, 0x800000) 13:38:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x7) r3 = syz_open_procfs(r2, &(0x7f0000000340)='net/ip_vs_stats\x00') ioctl$SG_GET_RESERVED_SIZE(r3, 0x2272, &(0x7f0000000200)) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000240)={0x10000, 0x1, 'client1\x00', 0x1, "9a73461a9a5222d5", "a64302579f61f156854b08384702a265cebc1942baa0b98f3e0364e9b66b56d1", 0x7, 0x9e0}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:38:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCGRS485(r1, 0x542e, &(0x7f0000000000)) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:38:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') chmod(&(0x7f0000000200)='./file0\x00', 0x8) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x4, 0x1f, 0xce6, 0x40, 0x2}, &(0x7f0000000280)=0x98) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f00000002c0)={r5, 0x3}, 0x8) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) write$P9_RXATTRCREATE(r4, &(0x7f0000000240)={0x7, 0x21, 0x2}, 0x7) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) getsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000340), &(0x7f00000005c0)=0x4) [ 1636.360438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24211 comm=syz-executor.1 [ 1636.423236] FAULT_INJECTION: forcing a failure. [ 1636.423236] name failslab, interval 1, probability 0, space 0, times 0 [ 1636.442564] CPU: 1 PID: 24218 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1636.449690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1636.459064] Call Trace: [ 1636.461667] dump_stack+0x138/0x19c [ 1636.465314] should_fail.cold+0x10f/0x159 [ 1636.469474] should_failslab+0xdb/0x130 [ 1636.473543] kmem_cache_alloc_node_trace+0x280/0x770 [ 1636.478657] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1636.484115] __kmalloc_node_track_caller+0x3d/0x80 [ 1636.489071] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1636.493742] __alloc_skb+0xcf/0x500 [ 1636.497370] ? skb_scrub_packet+0x4b0/0x4b0 [ 1636.501787] ? netlink_has_listeners+0x20a/0x330 [ 1636.506550] kobject_uevent_env+0x781/0xc23 [ 1636.510900] kobject_uevent+0x20/0x26 [ 1636.514705] device_add+0xa3e/0x1490 [ 1636.518519] ? device_private_init+0x190/0x190 [ 1636.523280] rfkill_register+0x19c/0xb20 [ 1636.527343] hci_register_dev+0x34b/0x810 [ 1636.531492] ? __raw_spin_lock_init+0x2d/0x100 [ 1636.536107] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1636.540430] tty_ioctl+0x8f7/0x1320 [ 1636.544059] ? hci_uart_tty_poll+0x10/0x10 [ 1636.548294] ? tty_vhangup+0x30/0x30 [ 1636.552016] ? __might_sleep+0x93/0xb0 [ 1636.555935] ? __fget+0x210/0x370 [ 1636.559392] ? tty_vhangup+0x30/0x30 [ 1636.563108] do_vfs_ioctl+0x7ae/0x1060 [ 1636.566996] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1636.571771] ? lock_downgrade+0x6e0/0x6e0 [ 1636.575928] ? ioctl_preallocate+0x1c0/0x1c0 [ 1636.580341] ? __fget+0x237/0x370 [ 1636.583800] ? security_file_ioctl+0x89/0xb0 [ 1636.588214] SyS_ioctl+0x8f/0xc0 [ 1636.591602] ? do_vfs_ioctl+0x1060/0x1060 [ 1636.595754] do_syscall_64+0x1e8/0x640 [ 1636.599643] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1636.604490] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1636.609679] RIP: 0033:0x4592c9 [ 1636.612875] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:38:05 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) r6 = socket$key(0xf, 0x3, 0x2) ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000200)) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1636.620590] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1636.627857] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1636.635125] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1636.642477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1636.649839] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1636.728582] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24230 comm=syz-executor.1 [ 1636.747739] Bluetooth: Unknown HCI packet type 5e 13:38:05 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="c0dca5055e0bcfec7be070") r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r1, &(0x7f0000000240)={0xf97cff8c, 0xffffff2d, 'SE Linux', "ae6fe51c49c87c054eab653411f80000000700001c3c9f03000300000000004170da5c01abba0b4d507bb2fce355559309d40273349b6118a39b4092a1cb6eb865188ca7b591f0d5d346da8c422749db8475c3b8ee43e15d0ff5f56df403b754a72da551aecadd49a2d28a8cab5c7db54f3928cd46bb826ca2448f4a5a13df4aab28"}, 0xfffffffffffffed4) [ 1636.768923] Bluetooth: Unknown HCI packet type 43 [ 1636.788606] Bluetooth: Unknown HCI packet type 5e [ 1636.794018] Bluetooth: Unknown HCI packet type 50 [ 1636.798879] Bluetooth: Unknown HCI packet type 5e [ 1636.803929] Bluetooth: Unknown HCI packet type 40 13:38:05 executing program 2: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000080)=0x200000) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_GET_TIMERSLACK(0x1e) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0x4000000000c, r4, 0x1ff, &(0x7f00000012c0)="c62f93cbf390ebb57ec1f767baeb5584245cf2e3ad6e3181005272428100bf9a07ecd07d1f45bfa861bcde6d715b7234cf5e5e317d1eb4aeefe16c03b4394d3883256097f2fbe15777b45e9a831d9cc9f3741661cd6e3db4ebfcfc6067189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc0333700000000107c3a0d4edc0d45e2839d84fba9d1a15254b1e82576389180b5f0f9df29ccb52baaea49bef57c3f014c00000000000000000000000000000100000033764fca8bd51e981c543e0b5f2fffff0956c06de85e89708b09e96846cf9cc407173dbf1a1718980b486084bfcefcda5677896ed45c5b7161ef51006e37ff4910b5736fbe4d4ddf06624300000000000045be4d0500000000000000ec834abeafa8007bc837877735c256623b75476e0fa5d18def874344a75701e5ead4f35134191a70b3bd9a62121173d3e4da37ae31587e9fb8f2955f7174c933792bfbcaf5f7fef3af25100d89f787a3987c775b2664862ba016882e667a82eaa3a92bd74e61f0e3cb591675f76bf4fe3d3fe39752858da1f700f7d04f191b76ca4c78ca771da2eaac7b59256a0b8e09321ee42e20c60f22be0000000000000000") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') sync_file_range(r1, 0x92fd, 0x8000, 0x2) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0xec, r7, 0x0, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x35}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x163}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x240000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK={0x44, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3ff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9c6a}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x40}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$KVM_SET_XCRS(r5, 0x4188aea7, &(0x7f0000000200)={0x6, 0x9, [{0x5, 0x0, 0x5}, {0x1, 0x0, 0x80000000}, {0x8, 0x0, 0xfff}, {0x3, 0x0, 0xfffffffffffffff9}, {0xa53, 0x0, 0x1}, {0x1f, 0x0, 0x80}]}) write$binfmt_elf64(r2, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x401, 0xee4, 0xfffffffffffff801, 0x3, 0x0, 0x3e, 0x5, 0xbc, 0x40, 0x10b, 0x80000001, 0x1f, 0x38, 0x2, 0x2, 0x6, 0x9}, [{0x70000007, 0x7fff, 0x10000, 0x2, 0x7, 0x1, 0x2, 0xffff}], "c7f3f5c1824b5b54116ef1e04af28cafee691434a5a3f2e1bdb0571351826047c074b8a2dc0644d5c055e21e22f9b167329c68de195237ad4b1a", [[], [], [], [], [], [], [], [], []]}, 0x9b2) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1636.854585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24238 comm=syz-executor.1 [ 1638.470120] Bluetooth: hci0 command 0x1003 tx timeout [ 1638.476392] Bluetooth: hci0 sending frame failed (-49) [ 1638.790204] Bluetooth: hci1 command 0x1003 tx timeout [ 1638.795562] Bluetooth: hci1 sending frame failed (-49) [ 1640.550188] Bluetooth: hci0 command 0x1001 tx timeout [ 1640.555544] Bluetooth: hci0 sending frame failed (-49) [ 1640.870203] Bluetooth: hci1 command 0x1001 tx timeout [ 1640.875605] Bluetooth: hci1 sending frame failed (-49) [ 1642.630152] Bluetooth: hci0 command 0x1009 tx timeout [ 1642.950156] Bluetooth: hci1 command 0x1009 tx timeout 13:38:15 executing program 5 (fault-call:4 fault-nth:88): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:38:15 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) r6 = socket$key(0xf, 0x3, 0x2) ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000200)) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:15 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000200)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000340)) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000003c0)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000428bd7000fcdbdf25020000000c00030006000000000000000c00020009000000000000000c00050002010000000000001400070008000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="0800010002000000"], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) 13:38:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:38:15 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x8) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) [ 1647.266674] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24263 comm=syz-executor.1 [ 1647.296475] FAULT_INJECTION: forcing a failure. [ 1647.296475] name failslab, interval 1, probability 0, space 0, times 0 13:38:15 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000000)=0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) r2 = fcntl$getown(r0, 0x9) ioprio_get$pid(0x3, r2) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x2) r4 = syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x2000) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000340)="670f013bba6100b80080ef660f549d00000f20e06635002000000f22e00fc7ad00003e640fdd80168fe10f66b8040000000f23c80f21f86635080080000f23f80f22e266b9ef0800000f32", 0x4b}], 0x1, 0x53, &(0x7f0000000400), 0x0) r5 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)="41f1726e3a5f80c59558942d305919f0d2b413b8e50a3ed016b6e344108a332cf38490a4acc8dbfd585b52f1fc7cda19e44e1cff224720361a8dc18b173fcbbfc5ea045243e1be0670f5de3f574f175042128bc003d5cb7e48f0eb8a716a11a9499324e8f50d2d5b3c0c5870bf99fead6cc036fec905a4ac22ed9b", 0x7b, 0xfffffffffffffffb) r6 = add_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)="ac15db7ea313a183ec", 0x9, 0xfffffffffffffffa) keyctl$negate(0xd, r5, 0xfff, r6) 13:38:15 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1647.336143] CPU: 0 PID: 24264 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1647.344636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1647.344643] Call Trace: [ 1647.344678] dump_stack+0x138/0x19c [ 1647.344703] should_fail.cold+0x10f/0x159 [ 1647.344721] should_failslab+0xdb/0x130 [ 1647.344738] kmem_cache_alloc_node_trace+0x280/0x770 [ 1647.344755] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 1647.344773] __kmalloc_node_track_caller+0x3d/0x80 [ 1647.344791] __kmalloc_reserve.isra.0+0x40/0xe0 [ 1647.344806] __alloc_skb+0xcf/0x500 [ 1647.360363] ? skb_scrub_packet+0x4b0/0x4b0 [ 1647.360380] ? netlink_has_listeners+0x20a/0x330 [ 1647.360395] kobject_uevent_env+0x781/0xc23 [ 1647.360413] kobject_uevent+0x20/0x26 [ 1647.360425] device_add+0xa3e/0x1490 [ 1647.360439] ? device_private_init+0x190/0x190 [ 1647.360456] rfkill_register+0x19c/0xb20 [ 1647.360472] hci_register_dev+0x34b/0x810 [ 1647.425951] ? __raw_spin_lock_init+0x2d/0x100 [ 1647.430536] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1647.434860] tty_ioctl+0x8f7/0x1320 [ 1647.438489] ? hci_uart_tty_poll+0x10/0x10 [ 1647.442724] ? tty_vhangup+0x30/0x30 [ 1647.446430] ? __might_sleep+0x93/0xb0 [ 1647.450495] ? __fget+0x210/0x370 [ 1647.453940] ? tty_vhangup+0x30/0x30 [ 1647.457644] do_vfs_ioctl+0x7ae/0x1060 [ 1647.461537] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1647.471578] ? lock_downgrade+0x6e0/0x6e0 [ 1647.475736] ? ioctl_preallocate+0x1c0/0x1c0 [ 1647.480140] ? __fget+0x237/0x370 [ 1647.483600] ? security_file_ioctl+0x89/0xb0 [ 1647.487998] SyS_ioctl+0x8f/0xc0 [ 1647.491356] ? do_vfs_ioctl+0x1060/0x1060 [ 1647.495495] do_syscall_64+0x1e8/0x640 [ 1647.499368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1647.504204] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1647.509393] RIP: 0033:0x4592c9 [ 1647.512571] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1647.520277] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1647.527542] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1647.534800] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1647.542080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1647.549344] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1647.564013] device nr0 entered promiscuous mode [ 1647.568972] Bluetooth: Unknown HCI packet type 5e 13:38:16 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) bind$unix(r3, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:16 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1647.607569] Bluetooth: Unknown HCI packet type 43 [ 1647.615849] Bluetooth: Unknown HCI packet type 5e [ 1647.625563] Bluetooth: Unknown HCI packet type 50 [ 1647.632522] Bluetooth: Unknown HCI packet type 5e [ 1647.636288] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24280 comm=syz-executor.1 [ 1647.638049] Bluetooth: Unknown HCI packet type 40 13:38:16 executing program 3: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x0, 0x0) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000080)=0x200000) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_GET_TIMERSLACK(0x1e) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0x4000000000c, r4, 0x1ff, &(0x7f00000012c0)="c62f93cbf390ebb57ec1f767baeb5584245cf2e3ad6e3181005272428100bf9a07ecd07d1f45bfa861bcde6d715b7234cf5e5e317d1eb4aeefe16c03b4394d3883256097f2fbe15777b45e9a831d9cc9f3741661cd6e3db4ebfcfc6067189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc0333700000000107c3a0d4edc0d45e2839d84fba9d1a15254b1e82576389180b5f0f9df29ccb52baaea49bef57c3f014c00000000000000000000000000000100000033764fca8bd51e981c543e0b5f2fffff0956c06de85e89708b09e96846cf9cc407173dbf1a1718980b486084bfcefcda5677896ed45c5b7161ef51006e37ff4910b5736fbe4d4ddf06624300000000000045be4d0500000000000000ec834abeafa8007bc837877735c256623b75476e0fa5d18def874344a75701e5ead4f35134191a70b3bd9a62121173d3e4da37ae31587e9fb8f2955f7174c933792bfbcaf5f7fef3af25100d89f787a3987c775b2664862ba016882e667a82eaa3a92bd74e61f0e3cb591675f76bf4fe3d3fe39752858da1f700f7d04f191b76ca4c78ca771da2eaac7b59256a0b8e09321ee42e20c60f22be0000000000000000") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') sync_file_range(r1, 0x92fd, 0x8000, 0x2) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0xec, r7, 0x0, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x35}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x163}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x240000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK={0x44, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3ff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9c6a}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x40}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$KVM_SET_XCRS(r5, 0x4188aea7, &(0x7f0000000200)={0x6, 0x9, [{0x5, 0x0, 0x5}, {0x1, 0x0, 0x80000000}, {0x8, 0x0, 0xfff}, {0x3, 0x0, 0xfffffffffffffff9}, {0xa53, 0x0, 0x1}, {0x1f, 0x0, 0x80}]}) write$binfmt_elf64(r2, &(0x7f0000000740)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x401, 0xee4, 0xfffffffffffff801, 0x3, 0x0, 0x3e, 0x5, 0xbc, 0x40, 0x10b, 0x80000001, 0x1f, 0x38, 0x2, 0x2, 0x6, 0x9}, [{0x70000007, 0x7fff, 0x10000, 0x2, 0x7, 0x1, 0x2, 0xffff}], "c7f3f5c1824b5b54116ef1e04af28cafee691434a5a3f2e1bdb0571351826047c074b8a2dc0644d5c055e21e22f9b167329c68de195237ad4b1a", [[], [], [], [], [], [], [], [], []]}, 0x9b2) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:16 executing program 1: r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1647.717879] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24285 comm=syz-executor.1 [ 1647.807320] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24294 comm=syz-executor.1 [ 1649.590100] Bluetooth: hci0 command 0x1003 tx timeout [ 1649.596535] Bluetooth: hci0 sending frame failed (-49) [ 1649.670107] Bluetooth: hci1 command 0x1003 tx timeout [ 1649.675419] Bluetooth: hci1 sending frame failed (-49) [ 1651.670143] Bluetooth: hci0 command 0x1001 tx timeout [ 1651.675483] Bluetooth: hci0 sending frame failed (-49) [ 1651.750162] Bluetooth: hci1 command 0x1001 tx timeout [ 1651.755469] Bluetooth: hci1 sending frame failed (-49) [ 1653.750275] Bluetooth: hci0 command 0x1009 tx timeout [ 1653.830240] Bluetooth: hci1 command 0x1009 tx timeout 13:38:26 executing program 5 (fault-call:4 fault-nth:89): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:38:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup/syz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:26 executing program 1: r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:38:26 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) fchmod(r0, 0x0) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0x4080) sendmsg(r1, &(0x7f0000001680)={&(0x7f0000001740)=@nfc_llcp={0x27, 0x0, 0x2, 0x5, 0x0, 0x6, "887bf5218c3474c5df92d2e372d42c7f312519d5ed9161aa2db721ee9021884cf92709b2b2618c96326b15f52aee07b4affc91764baf540c69626d4a909d39", 0x1c}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000100)="7841a546eff40189767450830a72c187acb6e4f9a6e75228b62d4b7f72d4a4547add2a2242e36306a4b7a4809b89baa01281e050ede1f6594a5cb8868520516d0dfcd90ec96df2b36ebefa0452fdb48caae1acf6b89b4d8183b7e266c6dc9a2802f576229893cac68d7806461ed193933f5f3dc4e3c1d0e9786db20b1ce25d260040fc0f2b86c893afc4dba4c629050022c243f8d85d199d47b0e6b8b1030f094d29cf9b2508ecaa64f5313fb1b3690614ca1cfeef1f9043e1bc482b7f4b3b7689c94b3f57d771c894be109fd93edd782eac0bcc9b8edbce731a1b6d4d25b42f581009bc68e6eb622b17b3e242e66be74584df8347b140da7b9ea72fa8f4", 0xfe}, {&(0x7f0000000200)="4fb529e6612fc0382f8461f52eb92e1ac20a224c3ea067bd876c29a883ea4d89154b3f3b17c2af2962e756cdc25056515e327fb54cb8667ad95206983f25fa32b44d4e0852faa20100eea95c59662cf94f2422e94ee3b56c5d02dc62", 0x5c}, {&(0x7f0000000280)="f95fe5634b5fc9f2d33182bfb069af24b4ae51f4d8e8cdf293d33488b2c11622dd9a721d0f8eea58e34e0b500e662d767027656b35d6fddfe87344a4e1978de05c2f55aba56b20f4120914c58d76c31412edac2375d409b0182082210df2af579b6325a91213ad8d4e8b44cb5a3676de7411223af2ec0d260e4971ef330213526a80cb976792a74155d98e7e451b28fa04da9d1668d418b4523150851b81dd96979adf443e097a891b56a752e6caffae8cc260a06d6fdd25e1c563f927d4c18c118c9636a27d63ba3caa19ced3d53b0b3c1936d48c343ecc61dcc474ecff2e654c7c4c3a34654949dcc589a71302a19345c35186c9a08d8bd1a5436ef3a557de6d9f961417ebd7592abde00c4e23e99f60dd588b4b9e887f1f1eb1f49354bd2a01dfd094d73cee71a93854cf126d6228a4beea5fff05e735b59bd591705fd43a7349352fd9278a6c9ee27897a2952338c208250e47f2eda4abf46fdaa2289ec509891044b7409a97281f66a1f2a085efb6d928086be2fd26fa009661adb75c771f71204dc0bb7fbceaeaee371938033514ad78a3f58130eff23b923f8255257624d476c21e557f7daa837002388588f161b499cf64ce4d5b456381279e21418978d802b777df3872e3f1643d38044def391d5931c57d4cd7d5581866f38805941c45d69ebb77976ae415be075b58e773ea2cff94eb7440c5e784f5319b48cffee2faed38e8f961c6ba5607389dadd372a077c2e353b85394e196e68990397173b4ac1d93a20e4db1e207757eb7e3ab0f88345e86e18fa2684afc3eed0e376895ddf10cf3b2f9a7e835a34432ebd68bcd8a986c1f7dbcddf6c9a0bfdaf9953f1c97a76c716e10e4c0d62db31f43514c53735b7de82c84322e6b5da7196208c3628929f63796563ae1750651a4c7db2dcd9f84dc5624bd9b672f2f8ecfcea7195f656a591d0e167542f8060120b645693864d0f8eb972805989d2ca47ef4e8dc2355865dabe3125c9be68a2fdb5e1500b69a9a12f5a4840646bc54e1983f4b57b87004b4c0c46cbea2b163d65d821c83096eb95c3e73d42ce99c359ada8838ef7f0dc9713d9e65fe5b1b8fd7dbfc9af75bc1439a5aa7c61e438b1e4f2e0d5e39e4ff37ae6461b672903ffa65ba5fcb45ad8deb80a9c8e1dbae8ea67b627ee549f88cd56e92eb2ad97f2ed3a351efb0caad582e78d6943f84798d781238d743b5f96d21ac830b551607b3a9ad0dfee334a0faef32b80ff69004df87224774017b4e3244f054241bf6dc66bf2dba86c43167217489f53c7e8bef7d4b98c1049c16a117d4b3b67daf29394aa8c73065f1dfdb678a78a00ffbba203768e1a348540b73c17514af2b32bf2eb704ce961e7ad793fc7d8fc98ee038579c7debdc93bb8d1f27bbe8d3b02340f131aa8cfbd042816c65e8a7aa41f45bb0dd43a258b2a893a7dee57c7a93f351d66c0c38d36010295033a799d50cebc143be9db776fd3d246f34c4fb113ae0380234f05b87325b4e7301586973e1ad8e47e857615843645f62f3638a3c215f4cc0c44dadd7bb655833248b6959072cefc10323053f9abeafada8456760cff5053fcf94b1b0e5aab556703004ff3c5ee9f79e9a333e476f56e94c1783d5c75ca8720b5505d92b2011048291cad1e4c78341d8a4ac3cf2ee5a0e592d683befe467c093c17d8398906aa03983f431725aa6f3da0982c0c5a50e7783d4fce6b1f4bc904dea8825f494a87fcf3f5d40345e602a8b5f1d309fe2dd61bdf3b4261fc8c1ae5ded21b3b8c1882ca304110d914b8b7020bf7a5aa2eaa1e6d6be06b6c0b73754b7de63599e1ce1f778d6d113a2998cef03118a2cbb3c347ed790527ce76986a7ceee79158bfdf3bf0a46b99f954127f45716899bd28a13be78b6192de0a04f3faabfb5e475c66ece1b4fa2fe104d49e8f55e27360faae466fd95c907bf05870b51dbff01da911a70f143a00f26ee38915e1ec3be0e1f8eb58e1e9465b6aeef28f1035592098d1de3d4cdc14cb6a20b361987b784bf75189dd9f024b6fcbe46b2147cf69becbd9cb23dd104fc7a745ef539a6fa54c74d89d7c2e507ff8688625a9d871780a3fa450867b58c0bdd42f89b177032fc2770e3dbc3bf93825b2a3ac6e9b819a4f5d04afed546e8f1a5aab83ef9f5af254fce629f0157ba8fbcbb85d518e7efdf4c82c609714f5f16b17bd76ebc9882abaeaa90a36c8c85fd4561c743f3d1a7a9a692d031fc665ae05d20c02225bacb0cd0191c1b7bf31a69c3d632589ee4115add53f678a720605b223b512d824d18678d086e4cb397ca35f26224b6f52d32874739fa180d966ad6f2804946a80851fc3efe004e34ed54dbef5ff16d82b9a6f6195d93900df792761344f5d780535c98f669ef10475e09e2ac0262cf83c75e72ea18a83d29424a2be2eb8049d619bb905a9c6b44f8a432d4f280b32d8aea56dffe7ca4f908c7e5435e708000f4d0c55ef0fae39220ea8b536885b503f11d495e1d3874656c8e91784adf6b136b96f40b934fdfa32b3e82d8d60c6b4c00777947b5b96f9c23f5882cea62ae5fde9ba8b5855af949dd6d36100a6e0b255944be7640562a5fe2cacdba5ba58c52a31102478c84f38d24b18c79a91ece1d10466e83cd5945c01f8c00acb54e475317183fb4447f3acc37add721125990080ce6a6b6846e00e62284aa6cce7e5128c7805aedc47bb8d2a96013523f79281734221eddf932be0a95ee8dea1c165349830b5578802d1b0b46262572166383a0963537d15e65380a60e95c1930f5eb582eabfd6d1dcf7ea5d2f24a0a306af6d125d51b9521740d5c8799b358c22a11124b4ea965fe8d3232189c2c9bf24d9972034962cfeb0ddeb75fe13741f674bbce8aa8a209d335d64e5691448d379092808f6232e1c92f021c75303afd4c3402a4f2facb40953e9132822af40fb54cbc4ce6f61c4cafca6361ff6a791353020a23958b41e5e72332ee1e764d29e4966c760bbcb6f717d682c9d40da33224625dc813bf6cbd5230f94617da1cbd673a245f3b07f88b370a89ab1b96c3889ce9c74ca18e92546114116d73a882f0ce96c245fa6f29018095adb43803417073ff9c4dd2002feff6164d39feb05851c14e6ff22d956532cc76a5c32ca78148ae679006eeae9dc5daccb1eca22a1e4f7b55abe085613344a618e78c3c3dc83d8b7ab09fda76d1599422c3424adc74a3b8b49893cbf144c3c2911e3f2aaa1240dfe82419c55fe15939db1e251668c4e34459443f95e81b8c217b72ff90a1bc2678b7da689a4bf28c7d3474fac1a7042d7d00618d8f49dacabd393899f9676e537f354db11cac540c46925c844c8abee1980806fb41dfea5e1e5b899f7cb0ee970950a9d80c00c84947f679ad0756e5793f8fae5d3f8d072277c1cd1c3ba007071f169a03fbe3bc7de63154661852a7cef7a80f20916005d2ab8b73f4384062dd955ae96557fcb6b6857422d165c57ceb8e411dad944083fd483cd66dc5fe5c0da008a1860b6c4aaab20643dd7003c893a13e709dec95652133dbb3d4714d96edcdcd7d7260e04ef8c05eea90ed509008b7b492e5c2f953cb8c522d5830d7c791ba0bfd1c9f206ac4f0de9d6466501d29a36388bb4ffd3140be71e57e0e7382f4d82fb172ea9356395b9f2145f2dbabed906f88ff3db5e014008b90fc947400c7588e12addb38aed858ef6b5136260260a018a750fa7f7c401a244abc6583ccb45554d790a4e3e8bd94f4a9e030c03d26279bd1383a3ee291794913efde425432ae4133a0580bcd9c6109f34f4730afbc53dc6281f9172f6c484a9253d19165fad001cca4acd245ecf6dd79926a856a467302d1f4210df4ce8c073ef7df08f7a04dec0a316c01fed52e4283ed47e2bbc448c468dd8e03f781b53bb25f73348c647d698a122b7ee9c7364548267cf33d65838f1278e18ae1cf8d6d1322932ec00307530164e5f1e84ae1da8b2b09882888df29fe2ab20553373b96a1c90ce898cb913369776aecc20c0d705d88a82cc2fe49840f37d31ed8fd51422c5e82bb183668410f63750f0f7437c4cddbd80818b87bf022de9f1ffb706a762f96fb4966e249c5326db0dcd8b51b384960252966100e99936c79c06f093906f43a81ede7b6dd01046b832dcb60c5ed44d497e26fd13310cec2ea32d58bd599a3edb6b6832ff2a18d7f2d4e2376fea4cededd8f73fd03d6fd0e8496306447807cf642591d73971cdaddf5ea573bc506b5454ec582362ffb4a49be73237597fb5ebf8d4ee9dbdbe2c763c04b81deb309a2cab11b02830d8c891b7230519552aa3a8166ded0d3c06cf46a7498406743b03f79e810194f44250096a469ef3187b747512a6595c89181b00996fcaf063e7e7312cdd47c3a0902d1550ccf0ef6e7c044ced53f1a8fcbc7f76f172216995c3bd319ae12c3cfeafa27d25cc9da9cc7641dfdb2a09ad2c4780dc1ff0ae4ec4f07db96e619720945d180816ae11d972601b757d4a71e3f40bf0c7e00d0f9cba95a4ce7152cdb7826660142216441cceb56e9d84997a9c85f45beaafb980b2e7b41ebd913b91723479af188fea98e3e9b48613461a944c852da67a1f26c54c559f160adb6807f450f6855141cd77cd085d8f59388a2f83178639ca2548c10857f8b4aa6ef3d0b3db73d63c07af0b7c928455c745c1615d385d93136eeb81d4873cc3da407d12544d5916116776966cc6e81a71f81e0b1663b4e566d97a23f1d730aa48f33e52ade8cf95e3e0c8e7e6441f0dee7465939faa39414fcd4f696453c30e6c1c113a59e1fde3fd8faf9f1a3076f5e67486f15cb23ec5e0dc34514bc76528f2685db2979fcc2a3bfc652411f82f0d1e77e7fe4043dae49ea6e2dee2a0883895f8496a668c350f7e09cd8cd4a0dd6b9cea22e6343ba36c9765131d97990b832c2e1615025b881235ec9f60975a4aad8e623799b60e97908a264d75eaa77e5a9865ec8ba5262e647e16162768dcc4d2be19a9e375c4713d3d941e73842becaac8c76f8732b42472686d52a17e61f2378015c736cfede44bd910e9e67b66ef6243903cf1418aa82e7b6cd1f1c64c8efc27ffd2445bd61b06f5701cea52bd224c7f6e40416e162869814e1bb18d618d2c932de1dc105c1545c1f8a8d6c316de4bb8f0249dd46872db0872d268ce9ef76b14da092e7650a1348b4703a60355346e8477761be5af024830377b2769b73bea4b98c1ba3bafbaccb39bb7559809ef6029fbbfbb9ee060e0455ba7c23d6ea4c525f9f9f26712fbbbf0e02b3722a86e0ef67e166fe4d3de10826402ccda0ddadb5e4627b34149dc5432368aee3587d8040be009682e03269fb7384826e85ab2e3d7d2e7c08fa126f6447b15b2d20e81835410d75165dc34856f53e83b32399a8a2f6241fc0d37000f1211fe15892280afc8cba7397b398d0ccbb3b9ddc02ffcf2a86e3489867f31124da2321e47656299d79007d6a5425b6c48c2e7d9f2b03c8b85098dc368f44fe28eda0f14098626278b86fe95a78422515d71041569577c95818a6181d6220b8639e404a6effb62c1ab81ec5d6bdf66c2abf1ed606cfb6fb656a2729c8faa946911aa5b6cfeaa5184ed79fb6f930b45aebd8c83ada9b707cdd49f8f5f55c821b0bd94c51c25f06d10e1373443d45506f93b908f456799ae54738d6f731213a9cefcc6c55e844f36dd33abf8bf530d641850975aace65484f67bf3ee49ac08f7b5469a072ac7708358ec114d4e4cc4a094f01207fa53af6a1e7d77071b9d0938dbfa72617fc44dbcb6a84", 0x1000}, {&(0x7f0000001280)="7955945fbb182856fd3d00f0200555d3802da17231939a4753e7a856894f9e9afb4d3af2853c9aaeb0c4820a371837dab168f990067467bf5df5b0542e490c0778d66b84fe", 0x45}, {&(0x7f0000001300)="5fbbdb63d42cdbe739bc00b7247677f7c58c9c035ce7bb31c7e5086f31bd5caf37ef79ac18dd6382376d66c32b8ec302d9f37ef14a6f3d0a2a80425b72d5be8de8bc6f4b2cf560bbbb85117a7566346b487f2c0cdf92d63b7c8933a338ffd83bb1d6b81eaea55aa94759982304f46829aabf822cbf9a95522146bd9f667fe3f05c02972760566346f1dca27a407fcf2a6c5c4bee23baf7d3a1ce93d10ee6c44897c45b952d613b4614870a1852b492a92c1be609c93d6ebff6b29cb400d4f3b8daf191afcd008c88e33f98b7c769fb81d47d7dbff1b688", 0xd7}, {&(0x7f0000001400)="2814f7b3021ff382242684055799ad6ab182a4e069ba96c8f9c318ad2e959df9beeece8a288a580598a6784e09df7879c88da4df704aff69b8671e48c38f800989bbf2c15379f694b722e7a4802224d909e29252a1d305608cf2ad9647b8a8ee32f2f2a92dee05a1abce8a26a6cd4f29a92ffb641556ef4a3428ba164fd8fee09ae88ab6bdcae311d844b3f7b0385c35edd1e3836ed7f1def0713d747c18a0b4835841dbfb38e0a525ed54e8628ffb68d7d8451c4fcd9674516fc6165094fa4cc87a437a5a6a9be93994e718b05456bdd96c1d60a8244f68d26e09719e8096831bc420470b0b431263", 0xffffffffffffff7c}], 0x6, &(0x7f00000017c0)=[{0xd8, 0x109, 0x7ff, "cc6f59f5bc5f24c4a22d723861ca24e53dfdd65048c5813e92b4696079282910e63b58ea23e3b6b9b3a22386a4b038afd0348966ff292ab96615e6876c66246f1cedb69383340dd883a6cd5ad86c741c43bd217cbb4f8c09a7609fea4051853f7b6f0be470f920a17f396659688ae3b6f6d917972e1ea3baaea747b43c7411cbae095496fd8895fe97bf5f01ae82567f15342c6e29771e65a51e8f403325c66a8a094fa1f6b4850777afe705ddd42c5e97700000b5cbc63f22b8751291d7b73208e80345193a436e2522d3a0e799000000000000f4a9f21758524d7878b2f73d83bf3d47769ffeaaeecf0b6735cdb3bf9741780ea3495d2747377131133806525d379f9659b2c5deb93a099e625df7d43d1c8a7576c3cdc4a0eda14e0beb05bf4b8ef5aa222de635736e5107000000c66e46c91fece521e1706f87e6971a904b84713a790df3df904dc48ee3c1907b5c6f282176a6986b485287b7b7b96dbfafc3599982be2d7a93b400d0ebb4f551f49d42c9b4c20da911d7f6b063cb5b4496dacd8d37eb79c4f4907bbc9a5e87e8fbb4c1515bf1b4930b1b050ef9ae90772537d0dc8e8cb3353c72689a33617be1807c66398ef7a9f921a84800aff1c570ad209d025f0ff2c8afe5f73582c6b3ef53734111c622b621397e3442f0542efe0ef7414aa923c344961247d49a876ff2132503192fd043bc21df3e6fa46b78eaddcecad527396b01c730ec02a39fd48493f62b97cfca61800dd83aa238ac45a5344bfa4ae500985b5cbba5abb371efee1fbe25879f416e5be49f0eda09168a59db44014d1483182800ac1db666647282"}], 0xd8}, 0x24000000) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) 13:38:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:38:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2, &(0x7f0000000280)="11e1700000d5cb54040000000000482066b136e884ff9bd6cadf3e3c2bcecdaef385d3bb76ae1ebdc933575156ffb67178c3f34d178441a26226f43b91b28d6fabd7af41139d3082f22a7cbf9801eee9318acd2078168ddef4cfe30b6da441f4e18dded18a9a7351dbc610cf6b8d333f5296e088ae5a3093aea9ee8c6df0b30720b9c3b7254e51e828fea21863a518e9408e7793b6ee51cf90c5d6c610e7477cb03f893999846c2a9ec8c2aeb61182cb0372b8b0e7b3774f7ee2ee6ca1acccf161d4eddf16e1ea1f1832b8ed0a7bef88702e317b6634788c1fd187306d4926fdbab2729807d846dedc379a3b8df211c4757c4f36c0160496475d53088bca87ce05ee3e66149b0f73576149f8de323d538bfa6c4254b88a474979c96a29e1cf3199c1fc") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000080)=0x4, &(0x7f0000000140)=0x2) r3 = getpid() perf_event_open(&(0x7f00000001c0)={0x5, 0x70, 0x1ff, 0x80, 0xff, 0x2, 0x0, 0x1f, 0x20100, 0x0, 0x1f, 0xcb, 0x5, 0x80000001, 0x29a48060, 0x7ff80000000, 0x7fffffff, 0x3, 0xff, 0x800, 0x8000, 0x4, 0xfffffffffffffffb, 0x0, 0x5, 0x4b6, 0xfffffffffffffff9, 0x2, 0xa9, 0x7fffffff, 0x4, 0xad3b, 0x800, 0x5, 0x8, 0x7fff, 0x3, 0x60, 0x0, 0xffffffffffffffcf, 0x2, @perf_config_ext={0x6, 0x5a81}, 0x30000, 0x4, 0x852, 0x4, 0x100000000, 0x400, 0x3e1d}, r3, 0x6, r2, 0xa) getsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000003c0), 0x2) ioctl$SIOCAX25NOUID(r2, 0x89e3, &(0x7f0000000180)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) ioctl$SIOCAX25OPTRT(r2, 0x89e7, &(0x7f0000000240)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, 0x2, 0x20}) 13:38:26 executing program 3: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x124) lsetxattr$security_ima(&(0x7f0000000300)='./bus\x00', &(0x7f0000000040)='security.ima\x00', &(0x7f00000002c0)=@md5={0x1, "836f4947a27c2e232fe6ed20b5095058"}, 0x2, 0x0) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x2f, 'io'}, {0x2d, 'io'}]}, 0x8) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000080)={0x1, 0x4}) [ 1658.144318] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24303 comm=syz-executor.1 [ 1658.166212] FAULT_INJECTION: forcing a failure. [ 1658.166212] name failslab, interval 1, probability 0, space 0, times 0 [ 1658.196491] audit: type=1804 audit(1561037906.599:219): pid=24315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir008101599/syzkaller.DIezak/770/bus" dev="sda1" ino=16852 res=1 [ 1658.227007] CPU: 1 PID: 24311 Comm: syz-executor.5 Not tainted 4.14.128 #22 [ 1658.234166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1658.243796] Call Trace: [ 1658.246412] dump_stack+0x138/0x19c [ 1658.250064] should_fail.cold+0x10f/0x159 [ 1658.254234] should_failslab+0xdb/0x130 [ 1658.254249] kmem_cache_alloc_node+0x287/0x780 [ 1658.254270] __alloc_skb+0x9c/0x500 [ 1658.263619] ? skb_scrub_packet+0x4b0/0x4b0 [ 1658.263635] ? netlink_has_listeners+0x20a/0x330 [ 1658.263650] kobject_uevent_env+0x781/0xc23 [ 1658.263668] kobject_uevent+0x20/0x26 [ 1658.263680] device_add+0xa3e/0x1490 [ 1658.263695] ? device_private_init+0x190/0x190 [ 1658.263711] rfkill_register+0x19c/0xb20 [ 1658.263724] hci_register_dev+0x34b/0x810 [ 1658.263734] ? __raw_spin_lock_init+0x2d/0x100 [ 1658.263749] hci_uart_tty_ioctl+0x6a8/0xa20 [ 1658.263763] tty_ioctl+0x8f7/0x1320 [ 1658.263771] ? hci_uart_tty_poll+0x10/0x10 [ 1658.263781] ? tty_vhangup+0x30/0x30 [ 1658.263799] ? __might_sleep+0x93/0xb0 [ 1658.263808] ? __fget+0x210/0x370 [ 1658.263823] ? tty_vhangup+0x30/0x30 [ 1658.332640] do_vfs_ioctl+0x7ae/0x1060 [ 1658.336532] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1658.341382] ? lock_downgrade+0x6e0/0x6e0 [ 1658.347030] ? ioctl_preallocate+0x1c0/0x1c0 [ 1658.351444] ? __fget+0x237/0x370 [ 1658.354913] ? security_file_ioctl+0x89/0xb0 [ 1658.359324] SyS_ioctl+0x8f/0xc0 [ 1658.362693] ? do_vfs_ioctl+0x1060/0x1060 [ 1658.366847] do_syscall_64+0x1e8/0x640 [ 1658.370737] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1658.375595] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1658.380870] RIP: 0033:0x4592c9 [ 1658.384056] RSP: 002b:00007fc6c3ea8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 13:38:26 executing program 1: r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1658.391772] RAX: ffffffffffffffda RBX: 00007fc6c3ea8c90 RCX: 00000000004592c9 [ 1658.399036] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000004 [ 1658.406389] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1658.413656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc6c3ea96d4 [ 1658.420921] R13: 00000000004c1f52 R14: 00000000004d4df0 R15: 0000000000000005 [ 1658.446182] Bluetooth: Unknown HCI packet type 5e [ 1658.457389] Bluetooth: Unknown HCI packet type 43 [ 1658.465840] audit: type=1804 audit(1561037906.869:220): pid=24319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir008101599/syzkaller.DIezak/770/bus" dev="sda1" ino=16852 res=1 [ 1658.472239] Bluetooth: Unknown HCI packet type 5e 13:38:26 executing program 2: openat$tun(0xffffffffffffff9c, 0x0, 0x1000200000000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:26 executing program 3: syz_emit_ethernet(0x319, &(0x7f00000000c0)=ANY=[@ANYBLOB="fffffffffffff44337778cba86dd6074a09c00082f00fe8000000000647200000000000000bbfc802c00810000000000000000000000aa974c0f0bfa235d160254107c8e1848e61736f9e1d5398c92efb0cac02e42d93bb1cbd155c8f6b9f06390c60758e677b378672f97f172ab3cb961aaeb2f114270235635ec6817657faed2ae5841ba3db5e5d23168797812dc906ec9108dfb833095eb9188cad582495bc38882610a7093dda2050e218d8e26ee4b099d3b0df588a2961d8259d070b6efa6823053f6dcd966306cbb6e45b8e86b7328173597fe1a99380fcfb58a0cf406cd4736a5ebc7d0e7a887a03b5d3f5b1b980286e655fa945fbf8a"], 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0x7, 0x4d, 0x1}, 0x7) fgetxattr(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6f73782e2f6465762f62747266732d636f6e74726f6c00379c4a93f90030d3130e2e22a7ad263964af549a0b33d6cf8284ab8597a888672fed12e1203915"], &(0x7f0000000200)=""/4096, 0x1000) 13:38:26 executing program 1: mkdir(0x0, 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1658.504224] Bluetooth: Unknown HCI packet type 50 [ 1658.509758] Bluetooth: Unknown HCI packet type 5e [ 1658.515086] Bluetooth: Unknown HCI packet type 40 [ 1658.534395] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24324 comm=syz-executor.1 13:38:27 executing program 1: mkdir(0x0, 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1658.594849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24332 comm=syz-executor.1 [ 1658.672339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24340 comm=syz-executor.1 [ 1660.470277] Bluetooth: hci1 command 0x1003 tx timeout [ 1660.475582] Bluetooth: hci0 command 0x1003 tx timeout [ 1660.475622] Bluetooth: hci1 sending frame failed (-49) [ 1660.481016] Bluetooth: hci0 sending frame failed (-49) [ 1662.550121] Bluetooth: hci1 command 0x1001 tx timeout [ 1662.550261] Bluetooth: hci0 command 0x1001 tx timeout [ 1662.555458] Bluetooth: hci1 sending frame failed (-49) [ 1662.560658] Bluetooth: hci0 sending frame failed (-49) [ 1664.630235] Bluetooth: hci1 command 0x1009 tx timeout [ 1664.630337] Bluetooth: hci0 command 0x1009 tx timeout 13:38:37 executing program 5 (fault-call:4 fault-nth:90): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:38:37 executing program 3: r0 = memfd_create(&(0x7f00000000c0)='\xb9[[%\xc8', 0x4) fcntl$setstatus(r0, 0x4, 0x40400) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x45011, r0, 0x0) dup2(r0, r0) 13:38:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x200) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000200)={0x0, 0x0}) ptrace$setregs(0x12, r2, 0x400000000008, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000000)={0x5, 0xfffffffffffffff9, 0x100, 0xb, 0x7}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:37 executing program 1: mkdir(0x0, 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:38:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, 0x0, 0x0) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:38:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:38:37 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:37 executing program 3: r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000980)=""/113, 0x71}], 0x6, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1668.986559] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24347 comm=syz-executor.1 [ 1669.013991] Bluetooth: Unknown HCI packet type 5e 13:38:37 executing program 3: 13:38:37 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffff9c, 0x84, 0x72, &(0x7f0000000000)={0x0, 0xfff, 0x10}, &(0x7f0000000200)=0xc) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x8000, 0x0) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000340)) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000500)={r1, @in6={{0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0x29}, 0x100}}, [0x9, 0xffffffffffffff78, 0x7, 0x4, 0x0, 0x8, 0x4, 0x2, 0x4, 0x906b, 0x7, 0x0, 0xfffffffffffffffe, 0x0, 0x6f]}, &(0x7f0000000240)=0x100) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r3, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000280)={0x0, 0x0}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1669.106368] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24361 comm=syz-executor.1 13:38:37 executing program 3: [ 1669.206372] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24373 comm=syz-executor.1 [ 1671.030180] Bluetooth: hci0 command 0x1003 tx timeout [ 1671.035627] Bluetooth: hci0 sending frame failed (-49) [ 1671.110135] Bluetooth: hci1 command 0x1003 tx timeout [ 1671.115470] Bluetooth: hci1 sending frame failed (-49) [ 1673.110233] Bluetooth: hci0 command 0x1001 tx timeout [ 1673.115824] Bluetooth: hci0 sending frame failed (-49) [ 1673.190244] Bluetooth: hci1 command 0x1001 tx timeout [ 1673.195579] Bluetooth: hci1 sending frame failed (-49) [ 1675.190220] Bluetooth: hci0 command 0x1009 tx timeout [ 1675.270167] Bluetooth: hci1 command 0x1009 tx timeout 13:38:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="11dc01000100e1d93884af0297f23c3ca5055e0bcfec7be0708e1640eb1e4b78f9eddead977eea0c2f686e00005e539104a59649bdd7286c2c649b6ef428f80b29bd27a072ab19cdcdafc059081670e6d4bdf4704a625fa2a9d032d59b1dd5329adb0ad02e") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xc) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:38:47 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:38:47 executing program 3: 13:38:47 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$RTC_EPOCH_SET(r4, 0x4008700e, 0x3) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:38:47 executing program 0: r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) setsockopt$inet6_dccp_int(r0, 0x21, 0x5, &(0x7f0000000000)=0x5, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:38:47 executing program 3: 13:38:47 executing program 3: 13:38:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x0, 0x2) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000140)={0x4, 0xff, 0x4, 0x1, 0x2, 0x4, 0xffffffff80000001, 0x8, 0x1ac7, 0x7, 0x0, 0x5}) write$P9_ROPEN(r1, &(0x7f0000000100)={0x18, 0x71, 0x1, {{0x68, 0x0, 0x3}, 0xe86}}, 0x18) ioctl$LOOP_CLR_FD(r1, 0x4c01) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0xa000) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000180)=0xffffffffffffea1b) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x4) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 13:38:47 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1679.246214] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24393 comm=syz-executor.1 [ 1679.269023] Bluetooth: Unknown HCI packet type 5e [ 1679.274934] Bluetooth: Unknown HCI packet type 43 13:38:47 executing program 2: r0 = getpgrp(0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200)=0x0) setpgid(r0, r1) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000580)='/dev/net/tun\x00') openat$tun(0xffffffffffffff9c, 0x0, 0x8000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) r4 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x401, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8c028008}, 0xc, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="de26f82af2d4fecaf0c5ae6125091d5a34ffcd7b5ef884a8c95d8b224f0c6b8444485b0c1c187441779b267c309de472aaa14729b1c297ec3f32669ee02e42248a46344ab3ed0319d9af44de2d542fcc0f40a89af525bd28999a95cbccf4922e6ed006b2784f22a0e2fc2236352a7be760", @ANYRES16=r5, @ANYBLOB="00032dbd7000fedbdf25010000000000000002410000001000137564703a73797a3100000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) r6 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r3, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r6, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r7, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r9, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r8, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:47 executing program 3: [ 1679.349736] Bluetooth: Unknown HCI packet type 5e [ 1679.358617] Bluetooth: Unknown HCI packet type 43 [ 1679.366145] Bluetooth: Unknown HCI packet type 5e [ 1679.374358] Bluetooth: Unknown HCI packet type 50 [ 1679.379267] Bluetooth: Unknown HCI packet type 5e [ 1679.382080] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24417 comm=syz-executor.1 13:38:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:38:47 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1679.384620] Bluetooth: Unknown HCI packet type 40 13:38:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:38:47 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x8002, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1679.462408] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24427 comm=syz-executor.1 13:38:48 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1680.043568] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24439 comm=syz-executor.1 [ 1681.270213] Bluetooth: hci0 command 0x1003 tx timeout [ 1681.275843] Bluetooth: hci0 sending frame failed (-49) [ 1681.350102] Bluetooth: hci1 command 0x1003 tx timeout [ 1681.355654] Bluetooth: hci1 sending frame failed (-49) [ 1683.350390] Bluetooth: hci0 command 0x1001 tx timeout [ 1683.355895] Bluetooth: hci0 sending frame failed (-49) [ 1683.430194] Bluetooth: hci1 command 0x1001 tx timeout [ 1683.435540] Bluetooth: hci1 sending frame failed (-49) [ 1685.430226] Bluetooth: hci0 command 0x1009 tx timeout [ 1685.510178] Bluetooth: hci1 command 0x1009 tx timeout 13:38:57 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') seccomp(0x0, 0x1, &(0x7f00000005c0)={0x4, &(0x7f0000000580)=[{0x9, 0x5c72, 0x7ff, 0x4}, {0xcf90, 0x248, 0x7, 0x5}, {0xfff, 0x8, 0x5, 0xffffffff}, {0x8, 0x8, 0x2, 0x7}]}) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000200)={0x0, 0xc8, "57a7e51b344ef379fb9671dfe78c9c06f0517fd34a3b68cc8554e95f14efe46336520b2b7eda08e6e488aebeb96e488b3a18d9e5224cbb62f37d68116ccb2936e4cf1a35a27aac36a3b600d3419da0ebfb43e5417b375b1aecf8766f3cce94037c36e163990bff290cc88466d3e38f90f97f45e1e16f2f4eb96b8e783553cbea6f8afb4fda393e75567b23a2309bd4acc35304cc33c093231a072fd34151f18d4dc29ffb167cd2ddc5f8380243d7bb99be30a5134f6e4105f0b482b4608f87514b441fad40e039e2"}, &(0x7f0000000340)=0xd0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000500)={r8, 0x7, 0x20, 0x4, 0x20, 0x2f3}, &(0x7f0000000540)=0x14) prctl$PR_SET_PDEATHSIG(0x1, 0x6) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x200000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:38:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:38:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:38:57 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:38:57 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f00000001c0)=0x8001) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x1, 0x2) ioctl$KVM_GET_CLOCK(r2, 0x8030ae7c, &(0x7f0000000180)) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r3 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x4, 0x430000) write$USERIO_CMD_REGISTER(r3, &(0x7f0000000240)={0x0, 0x4}, 0x2) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:38:57 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:38:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:38:57 executing program 5: mknod(&(0x7f0000000340)='./file0\x00', 0x8040, 0x200) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) r2 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x4, 0x100) ioctl$VIDIOC_G_FBUF(r2, 0x8030560a, &(0x7f0000000300)={0xd8, 0x20, &(0x7f0000000280)="582fe12dde4be5a4e420863ed6da3631e00927d66d2a55181b303ab829b4ff0b9f52ba34fb7342b89524aabe031cb91c3664048a5f7a1f3e3f86ca9f2977b966f9292775cc9e6b1f37c9eda62196cae54e2ea77f465915404fe313b35fa0cd1fdaa6a816c44f2a5e7c7d6e362e960c763d91182a86cdc13935eb99345465", {0x10000, 0x6, 0x79434772, 0x6, 0x1f, 0x9, 0x0, 0x3}}) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r3 = accept(r0, &(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, &(0x7f0000000180)=0x80) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r4 = open(&(0x7f0000000000)='./file0\x00', 0x400000, 0x1) ioctl$UI_END_FF_ERASE(r4, 0x400c55cb, &(0x7f0000000080)={0xe, 0x6, 0xfffffffffffffff7}) [ 1689.480762] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24446 comm=syz-executor.1 [ 1689.518680] Bluetooth: Unknown HCI packet type 5e 13:38:58 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f0000000240)={0x2, 0x0, [{}, {}]}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r0, &(0x7f0000000200)={0x8}) ioctl$TIOCLINUX3(r5, 0x541c, &(0x7f00000002c0)) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:38:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:38:58 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1689.606730] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24467 comm=syz-executor.1 [ 1689.624985] Bluetooth: Unknown HCI packet type 5e [ 1689.629907] Bluetooth: Unknown HCI packet type 43 [ 1689.641947] Bluetooth: Unknown HCI packet type 5e 13:38:58 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1689.652557] Bluetooth: Unknown HCI packet type 50 [ 1689.657525] Bluetooth: Unknown HCI packet type 5e [ 1689.665795] Bluetooth: Unknown HCI packet type 40 [ 1689.686396] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24476 comm=syz-executor.1 [ 1689.739636] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24482 comm=syz-executor.1 [ 1691.590118] Bluetooth: hci0 command 0x1003 tx timeout [ 1691.595575] Bluetooth: hci0 sending frame failed (-49) [ 1691.670130] Bluetooth: hci1 command 0x1003 tx timeout [ 1691.675501] Bluetooth: hci1 sending frame failed (-49) [ 1693.670196] Bluetooth: hci0 command 0x1001 tx timeout [ 1693.675582] Bluetooth: hci0 sending frame failed (-49) [ 1693.750380] Bluetooth: hci1 command 0x1001 tx timeout [ 1693.756040] Bluetooth: hci1 sending frame failed (-49) [ 1695.750297] Bluetooth: hci0 command 0x1009 tx timeout [ 1695.830213] Bluetooth: hci1 command 0x1009 tx timeout 13:39:08 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x6, 0x20000) ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f00000001c0)={0xf, {0x1000, 0xd4, 0x0, 0x80}}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000000)) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) ioctl$GIO_FONT(r2, 0x4b60, &(0x7f0000000140)=""/70) 13:39:08 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:39:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x18000, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x103001, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) [ 1699.708215] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24492 comm=syz-executor.1 [ 1699.734009] Bluetooth: Unknown HCI packet type 5e 13:39:08 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1699.754629] Bluetooth: Unknown HCI packet type 5e 13:39:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000540)='/selinux/status\x00', 0x0, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000580)=@rose={'rose', 0x0}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x2, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80000, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$KVM_DIRTY_TLB(r6, 0x4010aeaa, &(0x7f0000000240)={0x3f, 0x9}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000280)={0x0, 0x2d, "b1b42044b95e4b895cb6b5704c7db34109d223d51b7716448b7647754e23239bf37500df1141d4aff5c92fa136"}, &(0x7f00000002c0)=0x35) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r6, 0x84, 0x6d, &(0x7f0000000340)={r8, 0x6, "527e196b11f3"}, &(0x7f0000000500)=0xe) 13:39:08 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1699.788957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24505 comm=syz-executor.1 13:39:08 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/status\x00', 0x0, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r3, 0x4008ae48, &(0x7f0000000240)=0x100004) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1699.844607] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24510 comm=syz-executor.1 13:39:08 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1699.926368] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24519 comm=syz-executor.1 [ 1700.004002] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24526 comm=syz-executor.1 [ 1701.750140] Bluetooth: hci0 command 0x1003 tx timeout [ 1701.755651] Bluetooth: hci0 sending frame failed (-49) [ 1701.830398] Bluetooth: hci1 command 0x1003 tx timeout [ 1701.835942] Bluetooth: hci1 sending frame failed (-49) [ 1703.830111] Bluetooth: hci0 command 0x1001 tx timeout [ 1703.835730] Bluetooth: hci0 sending frame failed (-49) [ 1703.910210] Bluetooth: hci1 command 0x1001 tx timeout [ 1703.915661] Bluetooth: hci1 sending frame failed (-49) [ 1705.910381] Bluetooth: hci0 command 0x1009 tx timeout [ 1705.990345] Bluetooth: hci1 command 0x1009 tx timeout 13:39:18 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 13:39:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:39:18 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:18 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001fc0)=ANY=[@ANYBLOB="500000001000010600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000800200000000000280012000100010076657483c01a0f8a83b3a500000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x50}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000200)={0x52, 0x7, 0x0, {0x1ff, 0x9}, {0x8184, 0x6}, @ramp={0xde, 0x1, {0x200, 0x80, 0x6, 0x10000}}}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1709.971096] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1709.990601] Bluetooth: Unknown HCI packet type 5e [ 1709.995764] Bluetooth: Unknown HCI packet type 43 13:39:18 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1710.009264] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24539 comm=syz-executor.1 [ 1710.028008] Bluetooth: Unknown HCI packet type 5e [ 1710.035366] Bluetooth: Unknown HCI packet type 43 [ 1710.050405] Bluetooth: Unknown HCI packet type 5e [ 1710.055401] Bluetooth: Unknown HCI packet type 50 [ 1710.064982] Bluetooth: Unknown HCI packet type 5e [ 1710.069968] Bluetooth: Unknown HCI packet type 40 13:39:18 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:18 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000200), 0x80800) bind$netrom(r0, &(0x7f0000000240)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(r4, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1710.094195] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1710.106088] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24544 comm=syz-executor.1 13:39:18 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1710.172720] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24551 comm=syz-executor.1 13:39:18 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$SG_GET_REQUEST_TABLE(r3, 0x2286, &(0x7f0000000500)) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:18 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1710.246165] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24560 comm=syz-executor.1 [ 1710.319271] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24566 comm=syz-executor.1 [ 1711.990176] Bluetooth: hci0 command 0x1003 tx timeout [ 1711.995547] Bluetooth: hci0 sending frame failed (-49) [ 1712.070161] Bluetooth: hci1 command 0x1003 tx timeout [ 1712.075700] Bluetooth: hci1 sending frame failed (-49) [ 1714.070197] Bluetooth: hci0 command 0x1001 tx timeout [ 1714.075657] Bluetooth: hci0 sending frame failed (-49) [ 1714.150196] Bluetooth: hci1 command 0x1001 tx timeout [ 1714.155574] Bluetooth: hci1 sending frame failed (-49) [ 1716.150162] Bluetooth: hci0 command 0x1009 tx timeout [ 1716.230223] Bluetooth: hci1 command 0x1009 tx timeout 13:39:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") sendmsg(r0, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="0c3da215b4cbd3c2e52c86e2b514150fd62e0327cf8fe45bdc68c95cdb742f2dcf6a105bb72b212802a4336d91c6e5aaa23a17c7e527e9ade39f9eb394e3b0a8a6f4a0b77a67ba3be8898fb6bb4b8b4337df777def90c4137ca58b4c03449c2372fe018d39d98e3aca3330b03b469ef4d5", 0x71}, {&(0x7f0000000180)="930175a9c0095a947cd8ea3271c41565db02e97cf3452ea5a028ff5a45a59ebbcd68bd4a9501d9323aa779e99581ab7a6a2ae14bc47bfe858be31032e915f80c14dfa28c88a997c1e0e078108ed90b4dde8f9cbfcb36564b57fb9c10e0ed6c8648a9ee87ac9ca3ea0bdff318", 0x6c}, {}, {&(0x7f0000000080)="acfab97a7cf5", 0x6}, {&(0x7f0000000200)="a1", 0x1}], 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="58000000000000000e010000ff03000057601a17247a9bc45182494f32439a7a555f0781896e16f69843a13130c11884baf8c76aa92bc17d2985ba42104e6080d0bc8c3f71100d3583500930837e5235ab0531e10000000010100000000000003e01000000080000e1e25f1e55b686060df61c8403f973e0b0edf5e294360bc628180605066b418322ee11277946a0d2b7623fffcf1b5a7e68e27bc53136784fa4513f50b3aabc27ce462424b532fbdc8f25090a7dcffea57dc87bd334c744a54f63bf87a7f374dc6583c9d5114a288c0b7f3dca06b184dd28af22f0935c1a899e839d48b41f1d06a076f13e5fef4f2c64f588113749fea5d940e288c0a5c0cb7e88373096eec90c3ceb23844323636fa7370a2191b27fb9b3fbb616bb4c46cc40f011d3ac6bcf850c02e4cf8f4811b25a8f14ea8fd3dc111285cda3a3d242aee9b35ea84e97c2b7efd8f71f51053c0e9c5f9d56ba6a576368bfb78a397dd47971d6c7b629cbe0b8e05afbdc1bd44e9f8ef6af1e5847d61e0b1f8574d3208a48ec3a7cff3a170e82b6def01cb2231b67a390e163e07b9b6e538cff6ddea468c8d55c95ad9196000421a3f942aa5920263344eff2e4975a64cec3e6db9e1ded36c419b5c0c5c95b41dc5c40f8c2c48c5821f5ef0c8beb90974e6384560eebd863573fb0ee054d5079b2cc4a8f8395d2c349a8de32c48d094f77658b571a62d8cc1fa9232eb1604858ea7ede9d5629630a607f62696b3d68b3a1be979eee6d05af34233590ad75c2b1a3c9f3c32a9aefd354ea87d2b48ce4e013e50e31ae1fe4d07d91e660418a70edf1fff153ec4dc1ca5a865749b32d8bda9515708c3057b136c717db9213066cf8cf131be71a106a52a919492b316d2240d2f87e7577e026d0e8de28f3b9d39d36268ca8f48bc9b9cee91e6a3e18bed2074a21881cde304da121e6a02fc3614b57fb93fe0f7a1328b9d106df1400c741063502b4eb40c16213fbed51b8fa92963c472ee13b922424fb2de19db8b939a90b2fd23fd42fce8bb47028faf578cc6fb286608bfd9dafbd90c5963e7f095fccb85c2d917bc6fce5771488f891dd80b4d8969c8a418a163e68f129b4a1feb005c621665212659aceb26e2006095ddf1acd366b93a8e817fa102e71ee3c413252eb60c5ba871f45248e57f1323cf1d193855605246d20fd4c49c606a21da94030492dd388b2f9ac183f5291b6ed377d3ac8c5b899b3af93c7596ed2396d4593bf1ff3862ad63461dcab42baecf69600f22f43b6c80ebe8992815ffdc8b7c696e4b0bcf3304bc6cd77a38148c6b8d6da75c2e04241da221a3eea00bf3c5b991ac4b417b21d388d4f8d998f98bc09dfe07f226031decfc08e60f109ab0ca900d1b0a15bcca2b45b1c6c1035aae0d7cfc8bc60ea1feff2f84a352f45518bda70133bc23f85ce69a2067793ed5a44d0160a64ee5b56703cd5e72219bb047bdd2937e5839b7c77285f774d0381a6e9796b59f1e223615e15d7f1f3f0a75d2c92f4ed776931bbc1a293c17a514fde5ff38a92ac04b8ab553d1df1086d363524f6c9fb210aebe25c3fcff8ca6cf2ea35547ef2991bc80c71dedb5cb779beb4fb222a9f30dc865c578820b442fb7da362e7e2084562e9e749547024343195ca8ca0837be0051551e8762ea35a1012455d0a423783d6b0ae471c998798d229d8917ae661b40ad750ce7132d4510601db515061051393c7329a3749f7a136b2d9c3ed760221511adfa756b0e65f48cf319ec57c9e08d72e04c02d7e15eb552f9fe8f896a2cf0782733ccd2245ec5615e6804f3bbc6b37553e95497dcbc04999cd6f449757109af01042b1fe37fa1e060cbd766fbf742cb17cb7094c83737ae51f5ea3b3156520b463358de363a66319a152a45e63a0fdc9bcb95e5251513fe88e5e6953564a09324a261c3a02681df62fc701777ed3b7a67524e6550e61bb96a78c330483b8bb811b1fd779aa0e2599c5bd5902456d67471a053fa01bc5716c6bdfa41935f4a628a36f689994b28b23c8077e721600370a39bf08747bec2017b563074b7281b1aa386040c9b1c6ea64e0c6c8f7202979c371037e04f92ebfd83a4997e320250619f108ce9926a2e4f09fd05aee68316508e3ee65df4268be4598e8655b614ec4ca5f5087fbf6b86c9ef558bed20b64af49c34d5ee8602fec1552411a6a007083e9727622980a6450e256d64f24167971cbcfe0023f5f2803c913b6bd482061d0f854311326b994a824c5f72e6b6f764f40a3552dd81993ebb5a57cc3b89a26e08398255c65c9e53f9a2c5e7473b744a65fa386fb035c1b2422710cf0395c026e331e9d835ea212e2628021f78df665dc1ce030f7c96c9ab683c657b2477aae9e2309bd99001a6c1550cc5f6936c63aac517ee18c5aa202e9c147bfd1799320eb1967798e013ee7df0b4c09e1f9e48e49be1c173c9c812b859f5f02f16828fcafd61afa243347f4ab633b222ba028830eee624679f2cd5738af7d4053d6cf6e47b7f0591d0839537a04a3a22a9cdf37fe72117be90e94c8e1452f703e1f86163cff17347f32396631c867a2a3207d9338b583aabf1a3a411729a6444c5146689450722690e99fa7f83468d9335b50f790d4b982b028110fc3480cbe8dd03a76f8c27d707773c470a9d235f4b88023d27b1e18e1a32725127e0c0a70f6cc845235b7a1548533fd7b2231dfe87cafae88b3ebeb28ea06d11cf701c023d40df2171a3f526d145a6fd0b357d56bb615e877775adc680feb525a55a3ae36b2c081cf6df6789a1b8ec3c0f818884936504d4ac7603e4ece9c62fa7d86977f0e65b2a00f64ddf390e6aaa7c54a5db90536d59044cadc5a9a3ff8b9611743df3b6094ceacb25dcbe00ea5597a01b6fcb269d607798176f9ce98f55a6a3068aaee9d1d91e237d352459bd57f2dc10cf7685f4800d9ad0395397961f93f6c11ff86c44684ad2abe5243e5bd1e31b7fa0132b583ac70783fd805d3515eed901dcd3495aa14c2ef25407da6e07eadb9a1cb909835eabfbb10dc59d8a3b085fb13505eb8f0a6bbee943b79ad8c75f5d5e359950c46f61e0597a394e45b014435e79c309d117e81081dfe4ea49a7a41bcf9ef8e43834258bd9480462dee5b8558d49923513bc8fb108038cdd8d091f5810223aa6a05282e107d739d78aae8e26a2578829352bc7ee5fec1ac70ae455cfea78f0c04cb8ebcef95d4bdfc80602a8ba20f007fe474b34d87755bb4ac0d092e76ad16019b40202a93ea2682118e1bc1c08775458ac121e1fa05fa0d80d465b6394aa3d32b674ffe4e10eec6c65b1e8dc4fd60915cf8d7f4a728c8806e0c5d7a8e3c9fae4855730f703845113cf5cdaff74dd70224ca6361d25ce13f26cc629033486a14cda987d46b0e4f126fc2c4dc2ae0ea17af71ead7f0900f933fd579ed9db771dc4c295c3f985455b4eea49f9b192fabdc75db47902b278d348c5336ac0f1bf88095a2533b8acd2760b35ec34e7a86c0c9ba7b04d52e0cf30b9d972dbb4c8d1a4723b7e713f1235ff2eb4f9efff2f8ef2ebc3bdfd06502a79bf3cc19c152a228301c06a7690de9c77e8da6471d217b9cff1be5cd0e5da92f2dcc34b800f65825e8f75cce8fb59661ae0f02b1b864296d97d0083698c4ae79ea4209a6a30bf6d8c39052225f2fc8a15d07fe5bfd3648af56733bcc2df2def6996e8ba57c46ca343521a0c2b34f4168c139d024a05aca9d347df407d0db5047ea6bb7f684aba9b7ad099d4bda5aa0f5d69990fccb3a21e588a6afe05a26b0aa25919c84d1d4923f3318881eed6c2909708c7e418aed237cb760f9531b91dc3a12d2205b999c4ce52e88e653866931fbde9279e3537a43b0a3955791787c087308df611864190b1ff5b4793715b187e497bc2392410bab460aeedfa57c4e6bd1ec67e024815988053525da407774fae6029c3802005e833f3aaf9d0ec4685c8d62f8ce63400cb0bf204173a3628fa3d61d88528c8d9a1aaa60b1f26c4fc8826f313f0484b4db0e9373c0ff18b40c622723d22474cc1c8d8a2a7f0e372020db3950a263fc038d434c7be42f2a6101afdb77fa9817488b464918aad5ed4929aaf615cf42fe9b4d70cc38749e1e9abb01d358798678b70c21ef426f2b7f46df55ad75abff463615def411f0f5ae2f6b15777080b02949ce34239b2cef7dc61635a9777de9f9d0c78dd2c40cd309c453d7ed7608a0d053e6734e09f9ec4725e34a7021abf50a179ce5587d4c1d2be3caa43e42440423ce669e5027a5c01a246c35112ff97c8892334b1e3ed0a41fc090077b3db104647b106c6b6c9f012e7356d2e5111c5604d4dc02d999928fbd41c1bb1cdec6cd7a799b4649d16f83af74b4b60dd91ab461cd1898065d7228755b81de0476adcb3d50aea0cf7eb6b3fd1af0ebe5c76e44bea6312778450ae85ac6f6e9801d7f2a426860b23e880b31dca8abb3990ea0b02f40747865a3e08a58061780fb63c4bb089c40ab36e34934eb1561202984aee4e47f94928aae0e81b2b57407fd7d7ec534674cbc23a00e61aee5fc262c6f13026a453ceea3cc087ef7e347a18a539a64c150b814a4e4159bc2582dff247bfd9e2158a745c6a2c6d8200ab1a8c04538826dfe2c2d7852ac30f1ac804f7512d484373b56858cbd50af30a7a2aebffe537534e98c8766b01b0ab6f2e1eba018899633ed6164f2d49d9ae0c0ec3a256055ccf9992c6d7a55a205979ca2d92035e9e5c22ef3d25bfa59541a6b9746f8198561bf50acbd1454c94414dd3ba55f5efeb301632bef1743799db59953f3ec444aad7f6e4440ece0a1974a52945a298dce3e4a83dc0415cd2ce24e65fa384033284a11e032e1c82d2650bc980a9b35d672582ec89c595f42457058be3ad6ec4612380e648eccb3ab8a48d25518700a8ac0cb401997771e2550e9d9a97e146eb7b65c1b141a2a38cc76ff94c626463cd7c3669d36eed6ae60e6e8f33bdfa6b6309dece19083268ba6f7734ecc0af8dfd5242c935df4db5ce36823a1715ca9984447f720632bd44ca2f3f926ad919b7e868b263940bd954bba870981be92b13f878bd8a02cd9a989d61f0ebb8bb6f751c245ae4a46b6586a0121bce96241e11b643a0cb329cd44f900bb747887a0a976f2950df4f29bcbfce5f9e804a4e4b7e31062632e12cf975bb745a7100c6b3805089b4e825b701dd97e6f5ed80c0eb138f05a48b8e5ca25d68451db56031c07115be78a182979383f3a569bab3d760f12e2a2b0a9dd696bd816f5428b48a9209d5a8bd0de408c0611bd93e40ec93e998e89b40334a1ccd6ff29562c92855c17220f68e59d908d7fcd1857cf05ab4721a90192cb03dee124baf894d2fe555c092a6414816c75220ed59a27aa28c2d307755e9b5994df1a177b6b4416099e988819ab47b23c5c52cea05521eadd6e4f1bef18eb4d76f254617a60554a61afbeb72d3c25ac314772a04c4fae40186d34763c8944b2ad76732eaa1732126969b1b6f3efe972480aaf590249afec1b1b355fa7c967c9f68079027b18f0afdbe59084cf6ca795509076c26cf9512568fd4691985bd595e8aec9eb737b8407fb7be52ee721d51d77acb825202fd96b46ee49152097bca7dac4e78d8d087e6a79e7e3d66d1196a313d4cd80af51b3abdcdf3c9564e7080a3f228078e6b254de36a32368265cc8fe8711a5e2a32c0ba5918cbe9c4b4a5a79c6cf7155acf469146710477cf81c59c1949f384167ff69ec90382b484f3c9d23e6fb41d5b95fe2f9ff4132de913629db732c57383dcb541ec087b20640d00862c756878a9b1654b5b003b58bf3b27f898365c803c260494886405674e8ca29073db56efd4644c3fc0c2365134c61b6d710a152d012133bd484c5124afb3be709d573dffbfcf543d69aadb7b4e633efa10ab316c5bc1010000000000000bb00000001010000988b070cb11ff49753de091fdb9f0634ed94386d693c5c0093212e894644f0b226dca451f3e797c007b6a4b099768fe47386f0830f5d9fc6e7d074c5b5e26c2837f4f9c4b74717419eff368a66b0405af756112dea45545b5881a580e451377b67f50862a8ae94cff833d572a33f08b09002901452dd1f595f9acc039ffe0b11585d42f4353959c8a3da0d7b63720153924c43f1c23edbc16745395e7d3f02576293f8e7a41c9fd416a9b6a5f255d655a3f3e55961f7245f8d867e8267658a83fc5633489de24a80d9fd4c957c5fc343986eefecbee02adb71e7ba4bb72bb9cd3b572a44721c4e2cf642ed246628427f511edf2045e9c9a6cdd18066935f159026124d83212c25c30c3208768f34ca874f46cb207ae59531209790b6964eceb14b1fa6a1d61af350f07d937694f59ef2fcd6c8c06d29473f8a6f809b3113780bfc6336cb68a0e26f338e65c4552ba5d822891962c2fdd9b09c73941e39309cb3d67b5d0ca9cf743b7d2e9e1c2d9c7657ab40604e50f2c3b566b4dab0368acd96b80f6d09fc35b38d6af53de0d86c7fba620b081ed371cfbdafabe54d9ee4eae806e72b7a94e6a7021d2f44c06f2321a6836d398a7362b8ea1f70227c7564ab83490d074d6aa8741c7be6471322a0a7f1826543c381c82b99bd76213291be357da27b68ee2df1bebb119bc32d770e64f7999075eacc24238efdfea5b47beeb3dd96a5d49023fa75bc584c5a03cb5c63d7f1705ad4c477a00e8e3539452cfe3211cb1243d743dff9e293d76fa158e81fe0c486f42b67e965ee8cd88769ea73f19be83fad636d24dd2d7279108b4e47d9340e1dd5a439ff70efca79d628ef902b3d632a96cb81b7952d8ea5926fbd406489470ee9c74905d0085dabb8e4611e4e9c344f925436e8b2ca6c0b657326c66e401da9937d679bfb9a5ddebaf3c24495b7af5cd0c066ebb26ebce6364bfddf3ee23f171415bfe941ff83c3b02811a69f889b8bcfe1380831b01df4e2c6bc7e143b85d921592a8901d3b747e9e6112db1ff4ec55978fdda91ce73cbf185a49311c8c9e56c2b2d08b226014bfa416c7966c68a917719066bf83937b3a4980a514357d07bff3588485a0242d7cfc26955df5f2e24b8f8b70ef8790bdacbb5a5ef41ca80bafe02b86ebb6ac94d2226cd12b65a37efca6647b5165b3079fcee912cf343b9c860f24c36caabfff3e0a4ea64d7ff465ca1f7d15fc37d21d3ef655cba177a842e4a10b017e8b6c41f5c28be8cf2afa9eeb0bfe13c56c085f0224ddaff114a73fd0fff7d7d273d39eca696879ed16ba45375fc1d4a0a2f29c3a3101f681cb740c9be92bd409c4fe151046f7b9992145d9d24bde53425be2e21e0dec488fe4ac9fbda20d4fbbe9865f7a419508a14cd4bf3e31d8fde176cc9f527c15290e8130b57e32de9cd97417a581890698f7b18aff5600111d40ad056450b69648e1fe934c41beb7bbe5518a95a3019fcb5d48d64d8c969defc65d5e98aeaf162104762c471e839c1e2a7b6f02c0c5c74db6ce445e8a92cf47629cd068d7a993531094feaacd9968a6b431359d62e78dc450989e88e5984edc2f323f759f6ab004e3bc86fa130656e716d51b35a181b648fcce38dc8068ef0a9f97c8d34c1b511dd6cb6359d1a17a9472ae2980c590dc0cc9bf98a20607d235baa9ab74a78f5dd61d3e0897af8affb8e39d5a8ffeb93a14aa680e1d6944049536d2bf474c1c2afdf22da2347646dc3b53c826ae60641fc1325329a5b50100887c52aa4ca6bcbdfbfca3177df704bb98a79744b84e8ea06e8479770db174a199c3b5427b0a4156fa771bb2fc40a1fea52d48e94066d1d0f0317ba7504a653f3ad6f720d8b20ed9711f05a668632f3f3e0d01c1dd371fc1e140f95271ee9e51352b11b81e1b1b1ef86a336cab214d635a69c2a1800cee7129bf894e161c6df0183a57bc7fd6e38c91f9cda05e8c4e1cc47c436fac71c6001e0ad69ec279ae77367eb792c7e10be0ba6594c9e8ccabffcab14c3c9b05a8fc7c738a3a5000461cdbfa25b5c95faea39b40f54c2ea13acb4ee06a98d97ef6259b5601a3d2a71c90fbf0b5ba89865484db9c52aaf2ce644573209324a519d804ea18fccc9d30646a91975c2728d34e1410d5d982faa5acd8d30c4ff174a61f369b12a6f85ecdb8e95c4baa338ee940753229f87602e6ed58ab5eb1ca62c1f1faf02bccf585481ef540f1102b074e531a50e4ee0b650247a4fb146d56ab2a57177acdf3c4e4aa4c1d20b4c99114595c48c07281aec0b4cd3b3ab942b7499721a416b9e522b2ab325ab4077f270246a327632852c58fd4c419e579c4ed5f8176aee9eac00b3ce52a2de321daec0e5b87f70484372dbd5615cca1b1ddba539db8599788a9f3547b8bf3526781b5044498fc0d01622507f978fcd11d3fb318b0dd730433df8e31b6f006fa711fd038443f0b1957dd0bb6d8fe03b7c11bfb5c1b4cad7199c52f3b5bbd7ee50ae96660c06ae5ebb58c56ae3ebb08dd4fc0ecfcb9af5aedc06e8b88f277e2838cb7b4a8f403f543c91b4ea7e9cd71dcf9962a223813652f9a2815ef46fb828f7e1e09167eecfffd2dddf16bcc144a591927be9b7b6e144cb40e93b06612d0114dceaa0d57d843042de561bbf955d4c4c7f971dfa309bacd49e98f504556570eeffbbdc18afe2c2b326ce16364a9d777fce0bf9dd4279368decfa30fe5140ef0dc9a9daf6e5af7cdef91386e5c14682ae4e3a8132e1d7937fde6a90c5ba74af7b369ebd57eaca0b3cae5551491eed66d251911b1e2c5c2bb965f884175e9912728c9bf9a0c4d6f6cc1e42e1a7fc3c4833de0bc51fe445d05eff6af85655034727f53d3dc680bf7031663bdebe74b78203137846c09bce75965ffec66e45b86f2f3058a3cab6d4a9be31c9d3cc3cdb6c2ee2581239f299f4b556cede5c47ab96292a42fa086bcfef182451ad4539c6eb31292b322ee73d708f9ea7b31d026b5e1b5305091d99f7eea263709396d3ee5ec614f33501c8e6365bb26343f74d2b2106efb786b20283be4c5cffc764d9df1b5c0ba6e7fc385ee57e827f2298259ead89817e80de0fe788856ea34b5578a0f235e2345b7f675d5b5b1b475e2aa69451cf48607f16f66ddebb99cb75dc996e1f43a7aa3830722b36a98fda7f046ec92eddc5c1b58551a28eb0e5bdf5d159fcf0afc16293110bb275a3ccd110334adb6e65e19ff07d9e548d13d0da3f59b2201e64039b76194b1937fad09b82977daadefa1e63bc90505c9f8cb9b07d5dfd13ca432b62e4b0a1e618e6b714e442cdab837d2ce5dd5629a32e7185123c6e3c8327a8e8e004afd243e88c6b1707691c28169ac78f3839dc45f9c954088b9ecd8f405b2923d1a41247d3f58a1c00bb14fc2729415e8375401d23c80f9ce1dfce6bfbbb6992db08e9557c61cdbaf4361c01d7fc3c9c0dd6cb3830c35d993be4ddca2f40046b3636c054b3c96ea9a9ac837ab5ce208309d804989f39b13707f488f2e0d167665aafb2a2427d538fcfca42095d1ffe84c3e81235de5d77a610caa2e649fce9bf9ef7ff88307bab16bb46124809ba589b5879c087916fb653b7d27acc89bda063d1d25532d46c7e619fface619c5403c1f361e45756e65022e5a185e37d2f8b3a82e8ec7b1504843dc7dbf7108556de2502a88798b3372898bbe17e15df6189f105c29bf9022edc7e69927184aa1de626a6846e42744fc74ad57c209f2c2a120e50d30751dc58c71b77d1573dbf70b4cded8878bb0504bf5ee83d97802a09825497750f34d27997eef8298a659425fe639a47d7d86da0b37b002dfc073300286fcaf5143cc7cf6a10b73e4f3ce583450e88cf2daff6163901407d9be141c9c25584d2bf3af3519df52e541faaf9cf89ed195d3371ee9e7c1af3a9aa5e6668c5e680fc46f8b361dc9a3f35694f6fca7b6a9eaddf880d9e1ef66b34e7047eeceeb41bbfd61be2adb6157e5d66cb9cd11d1f7ac73f34ed6d38f33e3968eea444ff3bf1658d1a01e6c0d026546bb3c142f041c0d48b7b2cfac27a0f20d7e8bf47b871360d5bfd3b800838cc05bced7bc1017a6fa417290dd3081bd71bb38fe9aeb95d3ff29ea63d45ea4ae15327fe9a4a8ecf9ea030a6dd9508457974e42180ead2987e8f6f91a2bd19a3a0b5e91afe57ef60abc0193da6578cd45c35acb20d7c0503126d8ac065d8b8bbe41c5613a1fa9060a8a73b0d061cd8f6af85ce90970fa616b29b1601a581333abd5479c20b832745cbc5f0e20203ee7ed4fcc01a66626264f602b2afd2bc58705010aa815aa205d3bd4c3477bb11fb187e1c00988f7436b1a05e0192517b48c8a2eeaf9cd39e6ff88d1f57765494e4bd090750479d033878cf2c6a82b140fd08be8042c50ea3c8c224049a6c77788dd09ac93bb4b0aa018e39c05cbcf7d7117ec02169e1a217e210ebf694ec6cf2d3bf0a46d246aa1b25d24cc5d6eb968b34a816a67d4fe4ec6fadbe2349f48c8e67d0eb6737a42e268511b78b1c45ab62d3cf2070846a785e0fd441052722c8ca55d5851fcbc87c8749f42246ba1b6b82d5f566ceba57d0f4a3ac8781b0ff0f2c228e3705bc823db409e034aff81766cd384fc707c28d004bdc949e2b571c0564df1c7754d5a4cc8ed8bfbbdafac25c99f2e7a85f62544064c6fdaccedb1f508537599e4d18dd828312d0c9d189fc472622b356ce58e61cd582bf81ce0df8a98a7d88453dd0f16595f4f4cb4c5a4bc8f289131228b1491726f151d5029e59202d5bf1b169dfa82ed48a48be6bfd4ece5413cc060318ab7f2c149f3c18486a5b15cd7cb2a726e7ce91ccfed0c11277992307521d71126f18c73b9f998cf9c358ce7f72e17f942293e32861134c3d4ada4d5e8e25571af8e61e6745e5430748406ddce2f0f85844b130cf46e29c0363a2d10321db410c468a7d02b898396fc8ee749ead111a5ea3058a51e29f2528ee44fa7604e25e0456cdcc83a8806556d6ad6e13b1c4ab294277d3e35a230dbcf9d91f0780d1606ed3fbbbee837fd418a01ae96e4e1c55116fd14667d96a368e40f809411c76f460bad812e3ba7704df8f19201cd138255eeff6c2eb345b97cfb27adcc43addbe00db748ddbc0babb2f5d4fb6715e0fd24317ac798ae75388b27015799dac015cea394b34a74795f3e2b85fc96d91e8069ca81fb5deb5fe3eab99e5a4dd706b6244f9863e8a591d2838670c7ee111596eb8af7250400bcc040eaa0456d63ef32445a3c65ca64d66aeb8b5c3671df857600ccba3e8ada0064200fe2051eb9d0459dafb5c9441ba3d76896f5676910e68ae88b662af504e7d6f240653231db5548e69429075371005e91ab47caccb626b1903327c53dd3b339daa0239813e34214915a1a187a724604b2f85c42ff48c9f9d29eb5b44b011c93af08423f0dfd51dd6ace26474f2ef5a1b369e6c1a98782132779e6ee2f2186a701c455c5170e4d8fbb25e3ad256895fb2b4d5165af83c8eb263cc694c4d969ab47e8cf6419e19bd7127837c727637b52ea703f64dd23cf91a396dbc5e0471191eef2adf817dc45f41edb87da2755f830b365424632c23ad3b53aa8f7b3355a5787400599691f3390bb8cfd663a1160e6a5d2ed7604787a7d2cd737750a565b863fc860ad63423fc700b8bf7b888e9b94eac5b14eece9e452a40a98c2892127c4fee23935dc9ae7f7b1da07e9d4feada76337dd4d396fe34e8b1fd26b9d64a5c4333f502db3bf0ba8511ea51e399c37e3ae6eb7015642e2c7a8dc6d271cd8ac164aed256c851cf1800000000000000110100003f000000def9000000000000c800000000000000060000000100000057911582097b98e31e7ad72588456bf18a737dc147cab47002348f023e2a311e2d79971cac8ef41edaca9dfd855e8858cfcc6bb35598756590ba6ecfe1f9c9e34be06d446ea00d376948305ad4127fa0187c75f8ad094afc53b5e9bd31e37a69d7d0f752beb131e99e0ae2ae17c8376a3bed11d5d5c3b7caf4a1c67d226448614bf49ec1db73a7750c48e3920c19a81f973a589b1c5c5077681d2a98192b41d56d862864e892fff25e3a018924c7e71681b03bb4b6000000a0000000000000003a00000005000000f0bea91beee92137d3aa128923798c7759cc063cf815f8f75d1fd49351c651b4d2fe849f067f39063d5cb368870775e95b132c0a004ad40449e7d6b97d56624664b9ac7bb86f3f56011677f17f58bd0a27a4c65c7a2f37862764468993db580498492dbd1128c4804bf2a4247ea5a3dfb1d9438ec4c7a171bde8ab7968c6e9e1a3386999075b377988553aad911bb100b8000000000000000c010000ff030000b08a7ba8f942f472b983ed923e0a5abae02cb19b1c6cb6d1f23782ab27d50b29252dbc457a81148401d6a18f61cc0555e4b213ee019ed7be98012346c4d1c07ab106621dffc977ad90b05848c5fbdecd3bc75e185197ceb635f0925fb90cf52c150c755533b3421b6c2728afb510913268a82ed50701f391d4b7864b18f8981a32b95cf0ed03c7fe32bea0f59b03ce9143d0045c51486c5ae83deeb2da4df40bfaf893c8b0000000b8000000000000001f010000e40f000087f2ebed142a9714acda3156e3c4feee239fae2439616354000fa4c5a9e8310cacf8f7143496af20d19e0b6c75517f6304f37399f7390eb879254c7b523ea081b4d30939303b264529280ccd1efbc54ee829051f7bbfd91f88b003ed64347ee53744345cf27a5def6f2eefc54e8ae44b8a532f3a1cf3e5f4c22b42a402d9e4516c8af727d73195105281f5e7cb82229f064592e6d10829c3e26037307e6a902906a906000000000000000000"], 0x2368}, 0x4801) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCCONS(r1, 0x541d) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:39:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x8f) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:39:28 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:28 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x0, 0x0, 0x100000000}, 0x0, 0x6, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:39:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:28 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) inotify_init() r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1720.188865] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24577 comm=syz-executor.1 13:39:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:28 executing program 2: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000002c0)={'nr0\x00', {0x2, 0x4e23, @local}}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) bind$tipc(r5, 0x0, 0x0) ioctl$TIOCMBIC(r5, 0x5417, &(0x7f0000000200)=0x7) mq_unlink(&(0x7f0000000340)='./cgroup.net//yz0\x00') ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) r7 = syz_open_dev$video4linux(&(0x7f0000000240)='/dev/v4l-subdev#\x00', 0x6, 0x80400) ioctl$VIDIOC_S_PARM(r7, 0xc0cc5616, &(0x7f0000000500)={0xf, @raw_data="3ec6a60dc8671235253504a7178400f6c6375d97fec684e9474909a223134328ed15146947ab64df535ed9d84a77f55d6c95cce0c9c78e74bf70373a0e3dcb81e5262d53c3cb303a46f6c4db34eb8538754517dda4ec4bcd2cce1ce52287c79fef942147c47fd7fb4c2e729297dbf0fe2cea03cfde52848d8b6fcaf88eea581d1235fb41b2d1b1ba8a1a5bcdd33073b0aec314ffec2c4c0abeeb86b9b2dce1e5f286cca4ea3064ce5ddcbfed3bc67640d2416c49ff7176de1c8faf3fd150d31372c8af0444daa4a2"}) 13:39:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) r2 = dup2(r0, r1) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x700, 0x70bd28, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$netlink(0x10, 0x3, 0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000000)=0x3) r4 = socket(0x15, 0x80000, 0x7) setsockopt$inet6_MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000100)={0x1, 0x1, 0x1, 0xfffffffffffff000, 0x80000000}, 0xc) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000080)={0x9, 0x1f, 0x8, 0x3, 0xe, 0x80, 0x81, 0x474814, 0x7, 0x20, 0x3, 0x6}) [ 1720.236266] Bluetooth: Unknown HCI packet type 5e [ 1720.241504] Bluetooth: Unknown HCI packet type 43 [ 1720.249699] Bluetooth: Unknown HCI packet type 5e [ 1720.259411] Bluetooth: Unknown HCI packet type 50 [ 1720.264798] Bluetooth: Unknown HCI packet type 5e [ 1720.270001] Bluetooth: Unknown HCI packet type 40 13:39:28 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) inotify_init() r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) [ 1720.276349] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24589 comm=syz-executor.1 13:39:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x80000000000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x8) [ 1720.352371] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24602 comm=syz-executor.1 [ 1720.387033] Bluetooth: Unknown HCI packet type 5e [ 1720.393354] Bluetooth: Unknown HCI packet type 43 [ 1720.398667] Bluetooth: Unknown HCI packet type 5e [ 1720.400376] Bluetooth: Unknown HCI packet type 08 [ 1720.407676] Bluetooth: Unknown HCI packet type 50 [ 1720.416857] Bluetooth: Unknown HCI packet type 5e [ 1720.423335] Bluetooth: Unknown HCI packet type 40 [ 1722.310182] Bluetooth: hci0 command 0x1003 tx timeout [ 1722.315493] Bluetooth: hci0 sending frame failed (-49) [ 1722.390132] Bluetooth: hci1 command 0x1003 tx timeout [ 1722.395448] Bluetooth: hci1 sending frame failed (-49) [ 1724.390174] Bluetooth: hci0 command 0x1001 tx timeout [ 1724.395529] Bluetooth: hci0 sending frame failed (-49) [ 1724.470120] Bluetooth: hci1 command 0x1001 tx timeout [ 1724.475507] Bluetooth: hci1 sending frame failed (-49) [ 1726.470217] Bluetooth: hci0 command 0x1009 tx timeout [ 1726.550213] Bluetooth: hci1 command 0x1009 tx timeout 13:39:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:39:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r4, 0x4040ae75, &(0x7f0000000500)={0x9, 0x7, 0x9e, 0x603}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) r6 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000340)="27cd357bed496b9e", 0x8, 0xfffffffffffffffc) keyctl$assume_authority(0x10, r6) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) getsockname$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, &(0x7f0000000240)=0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:39:38 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) inotify_init() r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2000000) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r1, r2, 0x0, 0x1000000000e6) 13:39:38 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40000, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000080), 0x4) setsockopt$inet_opts(r2, 0x0, 0x9, &(0x7f0000000140)="8dde9c2aa570a30f1b0e32a756352792610b1175f5526afe329746f075fbdc3a8e9c0245d4f81234bf89a62c8a4d46385c76e6445d23a253a3a6b57817ff4b6a4230a7a79fe86f743184407e1161cfa1dca80fd66a9830d3fe86ba35a9ddbecba8c1615a96b2821a52cbf245db528e174e0d6c23bee8c13b0f20d51afaa2047ceea3d03c842aacfb4e8879a3a1f642c55e54e4ae46280963b521bf1d0212fb63c7a887ebecb7d119d558e235f92c84531d2bafd633b2187238b0d68ff47bc8bdfd7e2326ffda643de103f56da7f3c845da3aae23ce4c9395f95b26f5d2ad992c9680ce066bd9c3affa44ee64f6d1d1a6", 0xf0) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:39:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:38 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, 0x0, 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1730.442967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24620 comm=syz-executor.1 13:39:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xe) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000240)={0x0, 0xe6, "16f5c3c221c917618c47e00563b263080886ad613cf65f08b4a8e41e826d15d2cf7728ce731051f5a1f7049f5f5c891423473a437e59c8c270b02c6b42a26e333b568855c99baa286da176b9b43e8a597924f123131698e710accbd75e34c0a2fcb29df3dc09d86b261b141bc1f23d350f32f02055a90d5ec978c2be38e71d28ef100ffa3fa9b83d337f3a1fabc6334b338142b31091d31eb730b9b6fe0d86bab5564954ca726f5be23a05555fbb52b56bd2b385bbc61013217c42447a638896611d79734555dd880bbbdcf1f57e28146a70aee288dbdcd49b74139c06fb0218a9c5f290aabf"}, &(0x7f0000000340)=0xee) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000380)={r3, 0x7}, 0x8) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x802000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="106507c3a400ffdbdf2504000000080006000100afb0ca3be73998a600000c000200"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x4) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000200)=0x20, 0x4) 13:39:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1730.486608] Bluetooth: Unknown HCI packet type 5e 13:39:38 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, 0x0, 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1730.528798] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24629 comm=syz-executor.1 [ 1730.566736] Bluetooth: Unknown HCI packet type 5e [ 1730.573125] Bluetooth: Unknown HCI packet type 43 13:39:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000200)={0x0, 0x482}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000280)={r1, 0x31, 0x30, 0x100000000, 0x2}, &(0x7f00000002c0)=0x18) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = socket$kcm(0x2, 0x3, 0x2) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000500)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000000340)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000600)={0x0, 0x0, 0x0}, &(0x7f0000000640)=0xc) fchown(r2, r4, r5) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r6, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r8, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:39 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:39 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, 0x0, 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1730.591048] Bluetooth: Unknown HCI packet type 5e [ 1730.598230] Bluetooth: Unknown HCI packet type 50 [ 1730.604816] Bluetooth: Unknown HCI packet type 5e [ 1730.616579] Bluetooth: Unknown HCI packet type 40 [ 1730.626029] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24646 comm=syz-executor.1 13:39:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000002c0)={0x0, 0x10001, 0x4, &(0x7f0000000280)}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) openat$tun(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000580)='\xe1\xe7u\rO\x1e\x87F\xac\x87\xcd\xd5\xbe\x8a\xd5_FS\xb4\xd1\xf0^D\xbc\x97<\xfc\x97\xca\f\xc9p\xe3\xd8h\x19)\xf3\xb8\br\xb7\xb9,\x83\n\x9d\xb3G\xf9TNg\xfb\x96\xbc\n\xc1}\xc2\x14\f\x1b\x03b\xb4\a\xe8\xf9\xae\xf1\xb5\xd5\xb7|c\x13\x9c\x82\xd0E\r\xa3p>\xa5\x838\x13\xda \xe4Qg]\xb4\x04\xdf\x9e\x0f\xa5r\xfeO\x9d\x9f\xb0_\xd3\x8c\xec\xad\x19p\xf2~\xf0\x05C)0\xa7b>\xa2') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f0000000200)=0x7f, 0x4) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) perf_event_open(&(0x7f0000000340)={0x7, 0x70, 0x1, 0x49ff, 0x9, 0x1f, 0x0, 0x1f, 0x20028, 0x1, 0x73f4, 0x1, 0x25, 0x2, 0x4, 0xca, 0x2, 0x40, 0xf04, 0x8, 0x0, 0x0, 0x0, 0x1f, 0xe4, 0xef2, 0xa20, 0x10000, 0x1ff, 0x80000000, 0x42d, 0x5b1, 0xb39, 0x7fffffff, 0x37, 0x2, 0x6, 0x800, 0x0, 0x8, 0x0, @perf_config_ext={0x8, 0xb13}, 0x21, 0xffffffffffffa8b3, 0x8, 0x7, 0x5, 0x35f, 0x59a}, r2, 0x2, r0, 0x2) [ 1730.707722] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24657 comm=syz-executor.1 13:39:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1732.550133] Bluetooth: hci0 command 0x1003 tx timeout [ 1732.555593] Bluetooth: hci0 sending frame failed (-49) [ 1732.630109] Bluetooth: hci1 command 0x1003 tx timeout [ 1732.635542] Bluetooth: hci1 sending frame failed (-49) [ 1734.630108] Bluetooth: hci0 command 0x1001 tx timeout [ 1734.635563] Bluetooth: hci0 sending frame failed (-49) [ 1734.710117] Bluetooth: hci1 command 0x1001 tx timeout [ 1734.715818] Bluetooth: hci1 sending frame failed (-49) [ 1736.710199] Bluetooth: hci0 command 0x1009 tx timeout [ 1736.790205] Bluetooth: hci1 command 0x1009 tx timeout 13:39:49 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioprio_set$pid(0x2, 0x0, 0x0) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000000)={0x2b99, 0xef0b, 0x2}) 13:39:49 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x42040, 0x0) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000200)=""/189) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, &(0x7f0000000140)={0x5, 0x0, 'client0\x00', 0x2, "f97e31e1e61785d0", "4a83337a01f8b100b08a02a596662bbc2778fcf5c2118d031a007e7b997afdab", 0x8, 0x5}) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:39:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) [ 1740.667173] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24672 comm=syz-executor.1 [ 1740.698020] Bluetooth: Unknown HCI packet type 5e [ 1740.704551] Bluetooth: Unknown HCI packet type 43 13:39:49 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adca5055e0bcfec7bf070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:39:49 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1740.722593] Bluetooth: Unknown HCI packet type 5e [ 1740.727833] Bluetooth: Unknown HCI packet type 5e [ 1740.737148] Bluetooth: Unknown HCI packet type 43 [ 1740.745165] Bluetooth: Unknown HCI packet type 5e [ 1740.756181] Bluetooth: Unknown HCI packet type 50 [ 1740.769562] Bluetooth: Unknown HCI packet type 50 [ 1740.778856] Bluetooth: Unknown HCI packet type 5e [ 1740.794727] Bluetooth: Unknown HCI packet type 5e [ 1740.802223] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24694 comm=syz-executor.1 [ 1740.803735] Bluetooth: Unknown HCI packet type 40 13:39:49 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./\x05\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00j\x9e\xf3\xdbE\xc8\x94\x81\x03\x00\x00\x00', 0x1ff) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@multicast1}}, &(0x7f0000000340)=0xe8) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x70, 0x0, 0x0, 0x0, 0x307, 0x0, 0x0, 0x0, [], r0, 0x1f, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000500)={'nr0\x01\x00', 0x100}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) getpgrp(r3) 13:39:49 executing program 3: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1740.829812] Bluetooth: hci3 sending frame failed (-49) [ 1740.836715] Bluetooth: Unknown HCI packet type 40 13:39:49 executing program 3: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1740.879294] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12297 sclass=netlink_route_socket pig=24705 comm=syz-executor.1 [ 1742.710140] Bluetooth: hci0 command 0x1003 tx timeout [ 1742.715744] Bluetooth: Unknown HCI packet type 5e [ 1742.720716] Bluetooth: Unknown HCI packet type 41 [ 1742.725749] Bluetooth: Unknown HCI packet type 5e [ 1742.730755] Bluetooth: Unknown HCI packet type 41 [ 1742.735687] Bluetooth: Unknown HCI packet type 5e [ 1742.740732] Bluetooth: Unknown HCI packet type 50 [ 1742.745668] Bluetooth: Unknown HCI packet type 5e [ 1742.750694] Bluetooth: Unknown HCI packet type 40 [ 1742.790120] Bluetooth: hci1 command 0x1003 tx timeout [ 1742.790147] Bluetooth: hci2 command 0x1003 tx timeout [ 1742.795422] Bluetooth: hci1 sending frame failed (-49) [ 1742.806644] Bluetooth: Unknown HCI packet type 5e [ 1742.812041] Bluetooth: Unknown HCI packet type 41 [ 1742.817036] Bluetooth: Unknown HCI packet type 5e [ 1742.822060] Bluetooth: Unknown HCI packet type 41 [ 1742.827009] Bluetooth: Unknown HCI packet type 5e [ 1742.832049] Bluetooth: Unknown HCI packet type 50 [ 1742.837098] Bluetooth: Unknown HCI packet type 5e [ 1742.842268] Bluetooth: Unknown HCI packet type 40 [ 1742.870121] Bluetooth: hci3 command 0x1003 tx timeout [ 1742.875508] Bluetooth: hci3 sending frame failed (-49) [ 1744.790151] Bluetooth: hci0 command 0x1001 tx timeout [ 1744.795621] Bluetooth: Unknown HCI packet type 5e [ 1744.800934] Bluetooth: Unknown HCI packet type 41 [ 1744.805837] Bluetooth: Unknown HCI packet type 09 [ 1744.810879] Bluetooth: Unknown HCI packet type 5e [ 1744.815974] Bluetooth: Unknown HCI packet type 50 [ 1744.820875] Bluetooth: Unknown HCI packet type 5e [ 1744.825717] Bluetooth: Unknown HCI packet type 40 [ 1744.870180] Bluetooth: hci2 command 0x1001 tx timeout [ 1744.875539] Bluetooth: hci1 command 0x1001 tx timeout [ 1744.880839] Bluetooth: hci1 sending frame failed (-49) [ 1744.886251] Bluetooth: Unknown HCI packet type 5e [ 1744.892016] Bluetooth: Unknown HCI packet type 41 [ 1744.896967] Bluetooth: Unknown HCI packet type 09 [ 1744.902016] Bluetooth: Unknown HCI packet type 5e [ 1744.906870] Bluetooth: Unknown HCI packet type 50 [ 1744.911777] Bluetooth: Unknown HCI packet type 5e [ 1744.916625] Bluetooth: Unknown HCI packet type 40 [ 1744.950123] Bluetooth: hci3 command 0x1001 tx timeout [ 1744.955452] Bluetooth: hci3 sending frame failed (-49) [ 1746.870173] Bluetooth: hci0 command 0x1009 tx timeout [ 1746.950235] Bluetooth: hci1 command 0x1009 tx timeout [ 1746.955743] Bluetooth: hci2 command 0x1009 tx timeout [ 1747.030201] Bluetooth: hci3 command 0x1009 tx timeout 13:39:59 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0xfffffffffffffffc, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:39:59 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x0, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:59 executing program 3: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:59 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x41) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) ioctl$KVM_SET_TSC_KHZ(r4, 0xaea2, 0x9) sendmsg$nl_generic(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x14, 0x3e, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r6, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x1, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:39:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") fcntl$getflags(r0, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x16) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000100)=""/186) ioctl$KDADDIO(r1, 0x400455c8, 0x4) socket(0x9, 0x3, 0x5) fcntl$getflags(r0, 0xb) 13:39:59 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:59 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f0000000080), 0x800) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x11) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000100)=0x3) 13:39:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = request_key(&(0x7f0000000000)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000100)='/dev/ptmx\x00', 0xfffffffffffffffd) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000140)={r1, 0x62, 0xfa}, &(0x7f0000000180)={'enc=', 'oaep', ' hash=', {'wp384\x00'}}, &(0x7f0000000200)="3ddb839d8286b6fbd0800ec38045d8cf3b4d1a496f208a51bc04b8c48380fb021673a0b3c1e6c35bffe6bdb79c487a603f0742e832aa8dcfe76de2972ec016abc20b6f198babc79fd3a04c960adfc045a388c36401222f9c521084f53fcc0aab2a29", &(0x7f0000000280)=""/250) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x18) ioctl$KDADDIO(r2, 0x400455c8, 0x4) 13:39:59 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x0, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:39:59 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000740)=@filter={'filter\x00', 0xe, 0x4, 0x3a0, 0x168, 0x308, 0x0, 0x168, 0x248, 0x308, 0x308, 0x308, 0x308, 0x308, 0x4, &(0x7f0000000240), {[{{@uncond, 0x0, 0x108, 0x168, 0x0, {}, [@common=@unspec=@limit={0x48, 'limit\x00', 0x0, {0x2901000000000000, 0x2, 0x80, 0xb3, 0x1, 0xffffffff, 0x2}}, @common=@inet=@set1={0x28, 'set\x00', 0x1, {{0x4, 0x200, 0x49d9}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @broadcast, 0xdacd, 0x8, [0xc, 0x38, 0x22, 0x12, 0x20, 0x3f, 0x1f, 0x27, 0x28, 0x10, 0x9, 0x13, 0xa, 0x3, 0x27, 0x3d], 0x2, 0xffff, 0x2}}}, {{@uncond, 0x0, 0xb8, 0xe0, 0x0, {}, [@common=@socket0={0x20, 'socket\x00'}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ip={@multicast1, @multicast2, 0x2368e72a98cf4221, 0xffffffff, 'yam0\x00', 'erspan0\x00', {0xff}, {0xff}, 0x2f, 0x0, 0xe}, 0x0, 0x98, 0xc0}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:39:59 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:59 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x60041, 0x0) ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000140)='/dev/ptmx\x00') r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x1, 0x2) setsockopt$RXRPC_SECURITY_KEY(r3, 0x110, 0x1, &(0x7f0000000080)='/dev/ptmx\x00', 0xa) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) 13:39:59 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r0 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:39:59 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000000)=0x2) 13:39:59 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x0, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1751.282084] Bluetooth: Unknown HCI packet type 5e [ 1751.293557] Bluetooth: Unknown HCI packet type 43 [ 1751.326922] Bluetooth: Unknown HCI packet type 5e [ 1751.358816] Bluetooth: Unknown HCI packet type 50 [ 1751.392168] Bluetooth: Unknown HCI packet type 5e [ 1751.416934] Bluetooth: Unknown HCI packet type 40 13:40:00 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x2) close(r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000540)=r1, 0x4) r4 = accept4(0xffffffffffffff9c, &(0x7f0000000240)=@x25, &(0x7f00000002c0)=0x80, 0x80000) accept4$llc(r4, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000500)=0x10, 0x80000) r5 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r2, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) write$binfmt_script(r4, &(0x7f0000000880)={'#! ', './file0', [{0x20, 'vboxnet1'}, {0x20, 'em0[#'}, {0x20, 'user\x00'}], 0xa, "916ba9d06f62f4ea1d3c9b26a86c05809989c6795923d3666883baba2da48929fdc428baa88fe0e3e5cb44c4896a7ededc9fcc49b19ac9677661d0c3f7a5720e608cb4"}, 0x63) ptrace$setregs(0xf, r6, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = add_key$user(&(0x7f0000000680)='user\x00', &(0x7f00000006c0)={'syz', 0x0}, &(0x7f0000000740)="2c0641c714f27c45b5e7f49304986cfb10e869263a70e0802a15f669e8f4cd80f0038310a3c379a498760a557ecc24e88e56cf3a6af5c6d856a5faba7cda327026420b17e9a63ff715a19ad69d9350ba23e111d150f5af1aed770944d4cbf098085c2ce3f3ab5f40a96d313dffc6f879bc03a1289911b124b5fdf0aa3c9aa4205bc75a66ea68d721abfd6e9d993537efd0aab323db5601a036b8765e", 0x9c, 0xfffffffffffffffe) keyctl$set_timeout(0xf, r9, 0x3) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000200)=0xfd7) symlink(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00') ioctl$RTC_WKALM_RD(r8, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000580)={0x0, 0x8000}, &(0x7f00000005c0)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000600)={0xea7d, 0x4, 0xffff, 0xea3, r10}, &(0x7f0000000640)=0x10) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:40:00 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) 13:40:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:00 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1751.723881] audit: type=1400 audit(1561038000.119:221): avc: denied { setopt } for pid=24805 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 13:40:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000140)="c0dca5055e0bcfec7be070") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:00 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 1753.350159] Bluetooth: hci3 command 0x1003 tx timeout [ 1753.355467] Bluetooth: hci3 sending frame failed (-49) [ 1753.360842] Bluetooth: hci1 command 0x1003 tx timeout [ 1753.366228] Bluetooth: hci1 sending frame failed (-49) [ 1755.440213] Bluetooth: hci1 command 0x1001 tx timeout [ 1755.445531] Bluetooth: hci3 command 0x1001 tx timeout [ 1755.445630] Bluetooth: hci1 sending frame failed (-49) [ 1755.450974] Bluetooth: hci3 sending frame failed (-49) [ 1757.510232] Bluetooth: hci1 command 0x1009 tx timeout [ 1757.510237] Bluetooth: hci3 command 0x1009 tx timeout 13:40:10 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") socket$inet6(0xa, 0x5, 0x8000) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x1, 0x3955, 0x9, 0x662, 0xc, 0xb5, 0x799c, 0x401, 0x4, 0x0, 0x7a, 0x1}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0xf) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x6f, &(0x7f0000000100)="a110aaa66612178dfb43ba3bfe91c8a3d2f6be9ba99efaea1c82990b063a8e1bb3ec41df7941014f5f7acca9d0912acfe1f51c6a4610a77945e415a55eda78d0d4d6b55719209716bb0e4f258db18abe17287a4ab81f6b2d", 0x58) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 13:40:10 executing program 0: memfd_create(&(0x7f00000001c0)='\x00', 0x4) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r0, 0x800443d2, &(0x7f0000000080)={0x4, &(0x7f0000000140)=[{}, {}, {}, {}]}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PPPIOCGUNIT(r0, 0x80047456, &(0x7f0000000200)) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDSKBLED(r2, 0x4b65, 0x81) socket$inet(0x2, 0x2, 0xfffffffffffffffc) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:40:10 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(r2, r3, 0x0, 0x1000000000e6) 13:40:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) signalfd(r0, &(0x7f0000000040)={0x3}, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000200)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9af80ad007ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) getsockopt$sock_int(r2, 0x1, 0x28, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:40:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1761.859738] Bluetooth: Unknown HCI packet type 5e [ 1761.866374] Bluetooth: Unknown HCI packet type 43 [ 1761.878695] Bluetooth: Unknown HCI packet type 5e 13:40:10 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(r2, r3, 0x0, 0x1000000000e6) 13:40:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0xc46) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1761.906100] Bluetooth: Unknown HCI packet type 5e [ 1761.925504] Bluetooth: Unknown HCI packet type 50 [ 1761.935881] Bluetooth: Unknown HCI packet type 5e [ 1761.943597] Bluetooth: Unknown HCI packet type 40 13:40:10 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, 0x0) sendfile(r2, r3, 0x0, 0x1000000000e6) 13:40:10 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000000e6) [ 1763.910165] Bluetooth: hci3 command 0x1003 tx timeout [ 1763.910242] Bluetooth: hci1 command 0x1003 tx timeout [ 1763.915600] Bluetooth: hci3 sending frame failed (-49) [ 1763.925359] Bluetooth: hci1 sending frame failed (-49) [ 1765.990185] Bluetooth: hci3 command 0x1001 tx timeout [ 1765.990191] Bluetooth: hci1 command 0x1001 tx timeout [ 1765.990271] Bluetooth: hci1 sending frame failed (-49) [ 1765.995693] Bluetooth: hci3 sending frame failed (-49) [ 1768.070216] Bluetooth: hci3 command 0x1009 tx timeout [ 1768.070404] Bluetooth: hci1 command 0x1009 tx timeout 13:40:20 executing program 5: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg(r0, &(0x7f0000005640)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, 0x0}}], 0x1, 0x24000050) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r3, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8220000}, 0xc, &(0x7f0000000300)={&(0x7f0000000140)={0x1a0, r4, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_LINK={0x4c, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MEDIA={0x108, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb8ab}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x100000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x270c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0xc000}, 0x5) ioctl$KDADDIO(r2, 0x400455c8, 0x4) 13:40:20 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000000)=0x3) 13:40:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)) r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:20 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff7c}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) mount$overlay(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='overlay\x00', 0x0, &(0x7f0000000500)={[{@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@nfs_export_on='nfs_export=on'}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@metacopy_on='metacopy=on'}, {@index_on='index=on'}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@pcr={'pcr', 0x3d, 0xa}}, {@fsmagic={'fsmagic', 0x3d, 0x1}}]}) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) signalfd4(r4, &(0x7f0000000200)={0x2}, 0x8, 0x0) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000240)) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:20 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000000e6) 13:40:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f0000000080), 0x4) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:40:20 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(0xffffffffffffffff, r2, 0x0, 0x1000000000e6) 13:40:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)) r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:20 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x200000, 0x63) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f00000002c0)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x2e4) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) r4 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r3, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r4, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r5, 0x8, &(0x7f0000000200)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d528c8decd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f374166113deb7e6bf1c960b39f40e0000ebfcfc60672ed4ebc5801287320f6b189f0810a8e88f4cbc45b1bdf2af83cd7a0f89949cc033378ec99c20107c3a") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr(r7, &(0x7f0000000500)=ANY=[@ANYBLOB="6f73782e6e7230010060a19ef9d2c673d9a1571cb9e1369bcd61efa145d553a231e210bbd35b170c10751d39aeb660d863e49b8c4f3b3cad48902b5b2d6cfd0abcf5d70df3fd352e8d443c88c60fd7140fbc0e5637dd82fc8592f84e2b72bf16149f8f869f173435bed4de5d693c9a781c863e05d8a6f8689a5be29216061f3ff53f8b6b396678e7ba155ef9152d7e43b1eccb2331eb8eb1ed5586dcf8b3b0b999361a44ff2c22c2abbef42dd24eabe6723346a6e46c0499a21442d8d00dcb57f013ff7595edd0ff076930de36"], &(0x7f0000000080)='nr0\x01\x00', 0x5, 0x3) ioctl$RTC_WKALM_RD(r7, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000040)="5fc48b888089f5033ea015060ca98fbe2a0d5bd459879a3115c58063a3fcd10ce45a2491e4761c6556cc8b19bec16e21fdf8be84393c0494ea5abbd2dd2efd", 0x3f) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000600)='/dev/net/tun\x00', 0x802, 0x0) kcmp$KCMP_EPOLL_TFD(r5, r5, 0x7, r0, &(0x7f0000000340)={r6, r2, 0x1}) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r6, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)) r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:20 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, 0xffffffffffffffff, 0x0, 0x1000000000e6) 13:40:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0b") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1774.150122] Bluetooth: hci3 command 0x1003 tx timeout [ 1774.150129] Bluetooth: hci1 command 0x1003 tx timeout [ 1774.161373] Bluetooth: hci1 sending frame failed (-49) [ 1774.174379] Bluetooth: hci3 sending frame failed (-49) [ 1776.230222] Bluetooth: hci3 command 0x1001 tx timeout [ 1776.235497] Bluetooth: hci1 command 0x1001 tx timeout [ 1776.236656] Bluetooth: hci3 sending frame failed (-49) [ 1776.242134] Bluetooth: hci1 sending frame failed (-49) [ 1778.310235] Bluetooth: hci3 command 0x1009 tx timeout [ 1778.310374] Bluetooth: hci1 command 0x1009 tx timeout 13:40:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0b") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:30 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r4, 0xc0385720, &(0x7f0000000340)={0x0, {0x0, 0x1c9c380}, 0x54a6, 0x8}) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) getsockopt$inet6_int(r4, 0x29, 0xff, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x101000, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r2, 0x808c563d, &(0x7f0000001180)) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) recvfrom$llc(r3, &(0x7f0000000140)=""/4096, 0x1000, 0x1, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000001140)=0x18) 13:40:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$DRM_IOCTL_IRQ_BUSID(r1, 0xc0106403, &(0x7f0000000180)={0x1, 0x9, 0x3}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x3) r3 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x8000) setsockopt$ALG_SET_AEAD_AUTHSIZE(r3, 0x117, 0x5, 0x0, 0x1) ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f0000000080)={0x5, 0x100, 0x1b8c90d, 0x2, 0x7fffffff, 0x100}) 13:40:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, 0x0, 0x0) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:40:30 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, 0xffffffffffffffff, 0x0, 0x1000000000e6) 13:40:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0b") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:30 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, 0xffffffffffffffff, 0x0, 0x1000000000e6) 13:40:30 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x4, 0x505000) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000280)={0x100, 0x819}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000080)={0xfd, 0x1}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x12, &(0x7f0000000100)=""/231, &(0x7f0000000200)=0xfffffffffffffcba) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f00000002c0), &(0x7f0000000300)=0xc) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000000)) [ 1782.301997] Bluetooth: Unknown HCI packet type 5e [ 1782.319346] Bluetooth: Unknown HCI packet type 43 [ 1782.339463] Bluetooth: Unknown HCI packet type 5e 13:40:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7b") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1782.365605] Bluetooth: Unknown HCI packet type 50 [ 1782.389164] Bluetooth: Unknown HCI packet type 5e [ 1782.402259] Bluetooth: Unknown HCI packet type 43 [ 1782.409249] Bluetooth: Unknown HCI packet type 5e 13:40:30 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x0) 13:40:30 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0x7fff, 0x0) ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000240)={0x5, 0x7f}) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r4, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') fstat(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setfsuid(r6) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) r8 = semget(0x0, 0x3, 0x0) semctl$IPC_RMID(r8, 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7b") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1782.425729] Bluetooth: Unknown HCI packet type 5e [ 1782.433100] Bluetooth: Unknown HCI packet type 40 [ 1782.448756] Bluetooth: Unknown HCI packet type 50 [ 1782.457105] Bluetooth: Unknown HCI packet type 5e [ 1782.465397] Bluetooth: Unknown HCI packet type 40 13:40:30 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x0) [ 1784.310123] Bluetooth: hci1 command 0x1003 tx timeout [ 1784.315541] Bluetooth: hci1 sending frame failed (-49) [ 1784.390294] Bluetooth: hci3 command 0x1003 tx timeout [ 1784.395932] Bluetooth: hci3 sending frame failed (-49) [ 1786.390191] Bluetooth: hci1 command 0x1001 tx timeout [ 1786.395570] Bluetooth: hci1 sending frame failed (-49) [ 1786.470207] Bluetooth: hci3 command 0x1001 tx timeout [ 1786.475559] Bluetooth: hci3 sending frame failed (-49) [ 1788.470166] Bluetooth: hci1 command 0x1009 tx timeout [ 1788.550194] Bluetooth: hci3 command 0x1009 tx timeout 13:40:40 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x10000, 0x400) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000100)=0x3) 13:40:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000280)='/dev/radio#\x00', 0x3, 0x2) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r1, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r3, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$X25_QBITINCL(r4, 0x106, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$RTC_WKALM_RD(r5, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) 13:40:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7b") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) 13:40:40 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x2000000) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x0) 13:40:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = accept(r2, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, 0x0, 0x0) r4 = dup(r3) write$P9_RXATTRWALK(r4, &(0x7f0000000000)={0xf}, 0xfffffe79) recvfrom$unix(r1, 0x0, 0x0, 0xc08e, 0x0, 0x0) 13:40:40 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) 13:40:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7be0") r1 = socket(0x8000000000010, 0x10000000002, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f0000000180)=""/172, 0xac}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/86, 0x56}, {&(0x7f0000000780)=""/218, 0xda}, {&(0x7f0000000000)=""/24, 0x18}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f0000000980)=""/113, 0x71}], 0x7, 0x0, 0x0, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x3d}, {&(0x7f00000000c0)=""/85, 0x60c}, {&(0x7f00000024c0)=""/4096, 0x467}, {&(0x7f0000000400)=""/120, 0x244}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xc1, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000001de, 0x6, &(0x7f0000003700)={0x77359400}) [ 1792.531314] kasan: CONFIG_KASAN_INLINE enabled [ 1792.536704] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1792.550882] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1792.557159] Modules linked in: [ 1792.560535] CPU: 1 PID: 19831 Comm: kworker/u4:4 Not tainted 4.14.128 #22 [ 1792.567476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1792.576936] Workqueue: events_unbound flush_to_ldisc [ 1792.582027] task: ffff8880672542c0 task.stack: ffff888063ab0000 [ 1792.588094] RIP: 0010:skb_put+0x31/0x1c0 [ 1792.592135] RSP: 0018:ffff888063ab7b48 EFLAGS: 00010202 [ 1792.597570] RAX: dffffc0000000000 RBX: ffff88808a54a0c0 RCX: ffff88806555e2c0 [ 1792.604919] RDX: 0000000000000019 RSI: 0000000000000003 RDI: 0000000000000000 [ 1792.612167] RBP: ffff888063ab7b70 R08: 0000000000000193 R09: ffffffff88c790d8 [ 1792.619464] R10: 0000000000000006 R11: ffff8880672542c0 R12: 0000000000000000 [ 1792.626716] R13: 0000000000000003 R14: ffff88808d2e0de0 R15: 00000000000000c8 [ 1792.634266] FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 1792.642469] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1792.648326] CR2: 0000001b30d23000 CR3: 0000000099e49000 CR4: 00000000001406e0 [ 1792.655687] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1792.663088] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1792.670433] Call Trace: [ 1792.673011] ll_recv+0x501/0x1010 [ 1792.676454] hci_uart_tty_receive+0x1f4/0x4d0 [ 1792.680938] ? hci_uart_write_work+0x6b0/0x6b0 [ 1792.685505] tty_ldisc_receive_buf+0x14d/0x1a0 [ 1792.690087] tty_port_default_receive_buf+0x73/0xa0 [ 1792.695287] flush_to_ldisc+0x1ec/0x400 [ 1792.699262] process_one_work+0x863/0x1600 [ 1792.703599] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 1792.708257] worker_thread+0x5d9/0x1050 [ 1792.712216] kthread+0x319/0x430 [ 1792.715666] ? process_one_work+0x1600/0x1600 [ 1792.720152] ? kthread_create_on_node+0xd0/0xd0 [ 1792.724896] ret_from_fork+0x24/0x30 13:40:41 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) [ 1792.728720] Code: 41 56 41 55 41 89 f5 41 54 49 89 fc 4d 8d bc 24 c8 00 00 00 53 e8 b0 0c 8f fc 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 [ 1792.748543] RIP: skb_put+0x31/0x1c0 RSP: ffff888063ab7b48 [ 1792.760061] ---[ end trace 55debf46d906fc71 ]--- [ 1792.768390] kobject: 'loop3' (ffff8880a49e91a0): kobject_uevent_env 13:40:41 executing program 2: syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x4, 0x400000) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.net//yz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x5, 0xffffffffffffff9c, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = socket$kcm(0x2, 0x3, 0x2) setsockopt$sock_timeval(r0, 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$setregs(0xf, r2, 0x8, &(0x7f0000000040)="c62f93cbf390ebb57ec1f767c6eb5584245cf2e3ad6e31818d5272428181bf9a07ecd07d1f45bfa841bcde6d715b7234cf5e5e317d1eb4aef2e16c03b4394d3883256097f2fbe15777b409d84d59f1f7b6822d0626253d5e9a831d9cc9f3741661cd6e3db4ebfcfc60672ed4ebc5801287320f6b189f0810a8e86f4cbe45b1bdebaf83cd7a0f89949cc033378ec99c20107c3a0d4ec50d") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r4, 0x80287010, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0) [ 1792.777805] kobject: 'loop3' (ffff8880a49e91a0): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1792.788780] Kernel panic - not syncing: Fatal exception [ 1792.795429] Kernel Offset: disabled [ 1792.799175] Rebooting in 86400 seconds..